Research On Information System Security Assessment Model

With the popularity of the Internet and the continuous development of global information technology, the application of information systems and networks become an important strategic resource for organization. However, their own characteristics and limitations of information systems and networks determine that the application and development of information systems are often subjected to viruses, Trojan horses, failures, vandalism and other aspects of the threat, which has a tremendous impact on the organization’s business operations. Therefore, the protection of information systems security has become the focus of attention and research. By using the scientific and effective method to conduct a safety assessment of information system, it could determine reliable information security management system, and has an important significance for the long-term development of information technology.This thesis describes the specific content and processes of the information system security assessment, and use actual case of information system security assessment to verify. Firstly, identify the assets, threats and vulnerabilities of information systems, and analyze the association of the three to form security incidents. Then, use fuzzy comprehensive evaluation method to establish a complete information system security evaluation index relational model. Finally, use method combining of AHP and rough set to build an information system security evaluation model. It uses three aspects (risk probability, risk impact and uncontrollability) to assess each security incident to obtain a subjective judgment matrix. By using the definition of attribute dependence in rough set theory, I construct the relative dependence objective judgment matrix between attributes, and then calculate risk value of information system security assessment. It applies conclusion to the safety assessment of "key vehicle management information system". Through analyzing the evaluation results, it provides decision support for making the system security policy.Information system security assessment has drawn increasing concern and attention, and has become a very important area of research. However, due to the complexity of the field, it has not much effective achievement. This thesis is based on the actual needs of the project, and makes a preliminary exploration. Wish to have more research to emerge and can be applied in practice.