Study On Information Security Risk Analysis Method Based On Cloud Model

With the popularity of the internet and the advancement of economic globalization, information system gradually began to play an increasingly important role in the study and work as well as in people’s life, people reliance on information system is becoming more and more strong. Many inform ation systems in unprotected or unsafe condition, often leads to attack or dam age to the inform ation system, and the inform ation system security risk assessment is the basic safeguard of reducing information system to suffer risk intrusion. In recent years risk assessment theory has been applied and developed in the field of infor mation system security, most evaluation m ethods used in the risk assessment at pres ent is the in tegrated use of qualitative analysis and quantitative analysis, although combining the advantag e of qualitativ e analysis and quantitative analysis, in the process of quantifying the description of risk factors, these m ethods rarely consider the uncertain ty description m ethods or th eories themselves contain, fuzziness and randomness, this leads to the ri sk assessment result deviating from the system’s current actual situation, hav ing assessors can not accurately m ake reasonable security decisions, which will bring unnecessary losses to the system.Based on the study and review of information system security risk assessm ent theories and m ethods, in order to overcom e the uncertainty m entioned in the above, focus on cloud m odel can carry out the un certainty transformation between the qualitative analysis and quantitative expression, this paper puts forward the inform ation security risk analysis m ethod based on cl oud model, it can preferably solve some uncertainty problems existing in the comprehensive evaluation method, it can avoid the error accumulation of subjective factors in the process of qualifying traditional system indexes, and give the cloud definitions of in formation system risk assessment indexes, as well as the information system risk assessment process based on cloud m odel, at the end to simulate the feasibility and the effect by example of the model.