Research On Information Security Threaten Assessment Model Based On AHP

With the global development of information technology, the information industry based on information technology has been rapidly applicated in all areas of society and becomes an important pillar industry, then, the security of information systems which is forming in the development process by protecting the country’s political, economic, cultural and other aspects has become an urgent problem to solve. Information security risk assessment is one of the basic work in the national information security system, with the information security threat assessment is an important part of the risk assessment, which plays an extremely important role in the grasp of the information system security state. A well threat assessment can predict the threat faced by information systems more accurately, and help to establish or improve security measures.Currently, many researchers do study works on information security assessment from different point of view、different aspects. Existing threat assessment methods didn’t combine threat in the history of the frequency with assets exposed factor, that impacts the calculation of threat likelihood; the relationship between the individual assets、a single threat、comprehensive threat is not clear enough. Therefore, there is important significance to the deeper study of information security threat assessment.The paper based on information security assessment of the relevant research results in domestic and international, proposed Information Security Threaten Assessment Model Based on AHP(AHPISTAM), mainly complete the work of the following aspects:Firstly, according to research achievement of existing information security threat assessment, build a group of threat assessment indicators, and be stratified.Secondly, combining with AHP and fuzzy comprehensive evaluation method, proposed an Information Security Threaten Assessment Model Based on AHP. The model according to the frequency of threat happens、asset value、asset exposed factor, assess the threat value of individual information assets and assessment objects value, combining fuzzy comprehensive evaluation method to get the assessment result.Thirdly, using the non-consistency proportion factor to correct the judgment matrix automatically, and give deployment recommendations for security measures aiming at the result of threat assessment.