Integrated Risk Assessment Model Of E-government Informationsecurity Based On Menacean Alysis

Information security has become a key factor restricting the development ofe-government. The primary task of e-government information security is to establish aninformation security management system.Information security risk assessment is an essential part in the work of establishing aninformation security management system, and it is also the most fundamental basis ofestablishing information security management system.For large information systems, the information security risk assessment can’t beaccomplished by using single analysis method. How to make comprehensive useofmultiple methods to establish an effective and accurate e-government informationsecurity assessment model,is becoming a hot research issues in e-government informationsecurity. According to assets, vulnerabilities, threats, etc risk assessment basic elements,this article proposed a comprehensive e-government information security risk assessmentmodel which takes threat analysis as the core, quantitative analysis as the main analysismethod and qualitative analysis as the supplemented method.Taking threat as the core, the main steps of risk calculation include threatidentification, threat occurrence probability calculation, threat consequences’attributesrecognition,threat consequences’attributes weight calculation and final threat risk valuescalculation. The risk assessmentmodel established by this article adopts very mature andwidely used methods in the different steps of the risk calculation. In this model, the threatprobability calculation uses Markov method, the threat consequences’ attributes valuescalculation uses normalization processing method achieving dimensionless and the threatconsequences’attributes weight calculation uses Analytic Hierarchy Process.Through using the risk assessment model established by this article to do riskcalculation, it can get the relative threat index of various threats which existed ine-government system, then through making use of the relative threat index to sort risk, itcan provide a scientific basis for drawing up targeted e-government information securityrisk management control strategy.