An Effective Management And Control Large Heterogeneous Information Systems And Analytical Methods To Identify Risk Points

With the development of society informatization, all kinds of information acquisition and control systems have been extensively used in every walk of social life and in numerous fields of national economy. Labor management, the traditional business running mode, has been replaced by large-scaled automatic information management and control system. The accompanying information security issues become the prominent problem. Information security issue has no longer been the data confidentiality or data integrity problems. The consequences caused by information safety tend to give rise to significant losses of life and property. The723extra serious accident happened in2011warns us that we must study the large heterogeneous information management and control system seriously, which is consisting of on-the-spot collection and control system, computer information management system, and manual scheduling system. Thus we could support the safety and effective operation of the system, and at the same time protect national and people’s lives and properties.Risk assessment and risk control are two important research areas in information security field. Risk assessment and analysis method has been applied in many traditional professional field, but as for being applied into the large heterogeneous information management and control system, we’ll be faced with great challenge. For this kind of system has a complexity and scale characteristics in the aspects of data scale, business process and interactive speed generally. This will lead to inevitable omissions frequently, and impact the veracity of assessment result, and then impact the effectiveness of risk control measures, and finally produce potential safety hazard. Therefore, it’s very necessary to study the suitable risk assessment method for large heterogeneous information management and control system.This paper summarized the research results at home and abroad, and abstracted the consistency of large heterogeneous information management and control system. On this basis, the paper analyzed the weakness of traditional risk assessment model, which takes the property, threaten and vulnerability as starting point, from4aspects:short of threaten exhaustion, difficulty of vulnerability exhaustion, the significant work amount of correlation analysis between threaten and vulnerability, and lack of evaluation result veracity. And then the paper put forward the risk point identification and analytical method, which is based on FTFD, and to solve the risk enumeration difficulty of traditional method. Firstly, the paper came up with FTFD, then the paper modeling its system controlling process and business management process. Secondly, the paper studied risk point recognition model based on user, data and process. Afterwards, the paper analyzed risks and put forward the safety goal and requirements. Finally, the paper conducted an experiment in typical system example to test and verify the scientificalness of this method.In the modeling section, based on traditional business flow chart, the paper came up with some normative principles to identify and describe the system. This made the same business identify for multi-user has consistency.In the risk point identification section, based on the recognization of business process, the paper identified the mainly risk points in large heterogeneous information management and control system from user, process and data.In the risk analysis section, the paper started from the view of subclasses of user, process and data. First, the paper analyzed hazard from aspects of hazard object, hazard scale and hazard degree of all kinds of risks. Then, the paper assessed probability of different kinds of risks according to experience-based judgment or statistical data. At last, the paper calculated value-at-risk according to the losses of risks and risk probability, and laid a foundation for safety evaluation.In the safety goal and requirement decomposition section, this paper identified the safety goal and requirement of various businesses from the view of subclasses of user role, business process and business data.