The Research Of Information Security Evaluation And Information Security Index

With the social and technological development, people are living in the era of information and technology. And we are increasingly dependent on information technology which provides us with convenience. Informatisation has had a significant impact on every aspect of human social life. It brings human civilization and social progress, meanwhile it brings Information Security new challenges. In the context of the global information, security problem is more important than ever. For enterprise, Informatisation has been involved in every aspect of its daily operation. Now, human transfer turns into Information transfer, which has improved the efficiency of employees greatly. But, it also caught enterprise in the swamp of information security. Internationally, there is a wide variety of methods and standards of information security evaluation, which forming a large system of information security evaluation. Those methods and standards apply to different aspects and fields of information security evaluation. But, using those methods and standards has many inconveniences, such as, long cycle of evaluation, complicated process of evaluation and a lot resources consuming.Information security evaluation is to find the potential risks in the process of Informatisation, to measure the degree of risk and to provide early warning to enterprises, then to determine whether need to take some appropriate measures. After studying domestic and foreign methods and standards of information security evaluation, and according to the current actual situation of enterprise information security, this paper identified and analyzed the factors of information security. It has established a scientific and reasonable evaluation method, so that enterprise can quantify the level of information security evaluation and then recognize and improve it fundamentally. By using the Delphi Method, AHP, Fuzzy Comprehensive Evaluation Method and so on, the paper has established an evaluation method of enterprise information security in the combination of qualitative and quantitative. First, through research and analysis on the elements of enterprise information security, we got initial information security index set. Second, by questionnaire survey we obtained experts’advice so that the information security index system can be defined and the weight of each key indicators can be determined. Third, based on AHP and Fuzzy Comprehensive Evaluation Method, the paper gives the comprehensive evaluation model of information security and the calculation method of information security index. At last, the paper selected automobile manufacturers as the practical application of this information security evaluation system. Based on the results of information security index, we analyzed and evaluated the situation of enterprise information security. Meanwhile, the paper specifically made some recommendations on the improvement of enterprise, so that the enterprise can do better in information security management.