Research On Information System Security Risk Assessment Modeling And Application

With the rapid development of science and technology, the security problem of infonnation system has increasingly aroused people’s concern and become an urgent problem. The phenomena such as computer virus, password fabrication and network attack, emerge in endlessly and pose a serious threat to information security of peoples and even nations. Thus, the security risk assessment of information system has aroused more and more concern of the governments and enterprises. The security risk assessment of information system is a process to make a scientific assessment and provide advice about security measures to information systems to be accessed, according to relevant national technical standards of information security.In the information system security risk assessment, calculating risk values is the main objective. The existing risk calculation models can quantify the risk elements, give the risk values’description and calculate the risk values. But the elements involved in risk assessment are not adequately taken into account, and the quantitative methods of risk factors in the different conditions are not considered.On the bases of studying domestic and foreign various evaluation standards, algorithms and models, an improved comprehensive risk computational model is put forward. In this model, various factors involved in the risk evaluation were taken into full consideration and refined. It makes the computational model more comprehensive and the calculation results more objective. Then, according to the improved comprehensive risk computational model and the risk assessment process, a risk assessment computation system based on Analytic Hierarchy Process and Fuzzy Comprehensive Evaluation method is designed and implemented. In order to verify the practical value of the assessment system, a case study on a certain project in our lab is done. This paper describes the risk calculation process and the case study in detail. The result shows that the assessment model and system are of practical significance.