Study On Information Security Risk Assessment Of Marine Network

As the rapid development of information technology, network and informationsystem applications gradually permeates to all aspects of people’s life. Information hasbecome the most important wealth to proprietors, and with the security incident hasbeen permeated to all walks of life, information privacy and integrity has become themost attention to the decision makers. However, due to the limitation of technology andour perception at present, network and all kinds of information system inevitably havesome vulnerabilities, that gives handles to viruses, Trojan and threats, enabled thenetwork and information system is facing threats. How to protect information systemsecurity has become the urgent problems at present. And the ultimate objective of safetyprotection is to prevent happening of security incident, make the organization safe fromloss. Risk assessment is to analyze risk based on the data of the existing securityprotection measures and the vulnerability, and all the threats the system facing,finally,get the security status of the system. It provides a good protection for security incidentprevention.In recent years, the increased ocean information construction has beingstrengthened, take the digital ocean and the dynamic monitoring surveillancemanagement system as target, all kinds of Marine information construction projectimplement in the State Oceanic Administration and local oceanic administration.Marine informatization is inevitable bring about information security problems.Marinedata is the nation’s confidential data, in which ocean long sequence data and the largescale data is even confidential level data, therefore, data security has become problemattached importance while informatization. In consideration of this, each oceanicadministration has different security requirements for different business.Information security risk assessment is to analyze vulnerabilities and threats thatthe system facing,and forcast the the probability of an security incident occurs andinfluence when the security incident happens,at last,obtains the security status of thesystem,and use safety precautions according to it to reduce vulnerability and lower therisks to acceptable level.At present,there are quite a few experts and scholars has studied network safetyrisk assessment and puts forward different research methods in domestic, and haveachieved considerable progress, such as AHP method, against the tree method, attackgraph method.But most of these methods is assessed risk which using the essentialfactor such as the assets evaluation, vulnerability, threat, existing security measures, there is no specific method to assess the network which featured security graderequirement.In this paper,firstly,introduces the concept and connotation of information securityevaluation and the steps, process, and so on, to have the understanding of the securityevaluation on the whole. Introduces function and meaning of the information securityevaluation, and the common approach to dispose risk. Introduced several safetyassessment standards At home and abroad,and some common risk analysis method, thispaper expounds several measures of risk management, and the significance and role ofrisk assessment.Secondly, this paper introduces fuzzy comprehensive evaluation theory, this theoryhas good effect in evaluating fuzzy and uncertainty factors, meanwhile, the process ofinformation system safety risk assessment is full of uncertainty and fuzziness, so thefuzzy theory can be used in the process. In addition, this paper also introduces the graysystem theory, the theory research objects is gray system, part of that is known and partis unknown, because information system fully complies with gray system characteristic,therefore, gray theory can be used in the information system risk evaluation.Finally, based on the characteristics of the fuzzy theory and the gray systemtheory,this paper puts forward a risk assessment model based on the gray theory.Thefirst step is to establish the evaluation index system, and determining the weights, andhere adopted the improved Delphi method, namely after scoring, calculating thecorrelation coefficient, eliminated the value deviate too much, and ensure consistency ofthe evaluation data. Then, divides the security risk grade of the system, establishesfuzzy evaluation sets, determines the whitenization weight function and grey evaluationcoefficient, then finally determine evaluation matrix, and have comprehensiveevaluation.In the example parts, using fuzzy grey model to assess risk of Shanghai oceanicadministration network. Based on the third level requirements of the information systemsecurity level protection, selects the safety evaluation index and establishes theevaluation index system, And then get the assessment sample, using the theory of fuzzygrey evaluation steps, establishes evaluation index collection, and whitenization weightfunction, calculates the grey evaluation coefficient, and ultimately receives the greyevaluation matrix and comprehensive evaluation result.In order to ensure the accuracyof the evaluation, quantize the evaluation set, and multiply the comprehensiveevaluation results with the quantization result, and obtain the final evaluation value.Compare the final evaluation value with the security hierarchies table of the system,obtained the system security level. At the end of the paper, designs a security risk assessment system based on the fuzzy grey model, the system can effectively improvethe efficiency of the safety assessment, and can avoids errors that resulted by humannegligence.In this paper,combines with grey system theory and fuzzy theory, put forwards arisk assessment method which based on the fuzzy grey theory; Considering theparticularity of the Marine network, establishes the evaluation index based on the thirdgrade protection requirements of the information security level protectionrequirements,at last,evaluate the Marine network security risk,and designs a riskassessment system combining with the fuzzy evaluation model.