Information System Security Level Evaluation Model Based On Risk Weights

The information level of security protection system is a basic system of national information technology,it played a huge role in the process of development of China’s information technology,it also plays a significant role in promoting the development of national economy.Information security level protection system in the international arena has been a very long course of development,hot pursuit of the pace of the developed countries in the world after China’s opening up,developed to a certain scale in the degree of protection,basically have the various conditions of the degree of protection.This is reflected in two aspects,this includes the related policies and relevant standards of the degree of protection.In practical applications there are many of the international evaluation model,china also has its own evaluation model,china and the international evaluation model met,the evaluation and risk assessment are closely linked.Mature development process of information security risk assessment, now has a variety of methods and applications.The risk assessment has a sound evaluation framework and evaluation process.It is not only the analysis of information systems at all levels of risk,also to various risks conferred by a certain method of calculating the value after quantization,this can give the security of information systems evaluation provides an accurate basis. The core idea of this article based on risk assessment,start from the existing risk assessment and rating evaluation model,introduced the framework、the process of the risk Assessment,also analyzed of the basic the process of evaluation of the existing grade and grade evaluation model.On this basis,established a new level evaluation model based on risk weighting.The model on the basis of the existing model,value at risk through the calculation of the various aspects of information systems,weights of all aspects of information systems.Statistics and analysis of the evaluation results of the entire information system,risk weighting to influence the results of the statistical and analytical.This makes the statistical analysis of results closer to the actual security status of information systems,to solve the statistical and analytical results were affected by the size of the impact of information systems.Finally,in this paper the model is applied to the actual process of evaluation of information systems,practical application to obtain evaluation data to verify its feasibility...