| At this stage, researchers regard the information security risk assessment model as the theory and methods for evaluating the performance of information systems security. Academics and related researchers has developed a wide range of information security risk assessment methods. For example, AHP, Event tree, Probability method, Fuzzy theory, Failure Modes and Effects Hazard analysis, Reason-Results of analysis, Risk modeling effects and Criticality analysis, and so on. Although the information security risk assessment methodology varies, but they all have one disadvantage in common-over-reliance on experts’ experience.Based on the analysis and study of the theory of information security and information security risk assessment, we propose a model for information security risk assessment based on the dynamic threat and fault tree and some innovation ideas shown as follows:(1) Creating the fault tree on information system and limitinghuman factors in the logical level;(2)Statistics and trackthe external security environment in inland China, through post-processing calculation,we get the value of dynamic threats;(3)Using a variety of typical data processing methods for statistical on the risk decision matrix;(4) Using the BP neural network and GRNN neural network for eight control experiments to verify the correctness of the model, while the experimental data reflects the structural characteristics of the risk assessment model and finds the optimal prediction of this model;This model solves the questions that the anthropogenic factors of existing model theory is too large and the risk value is not objective. Combined with neural networks and data processing method for doing information security risk matrix experiment. Experimental results show that this model can objectively demonstrate the real information security risks of information systems and information security is a proven assessment methods. |
PDF Full Text Request