Information System Security Situation Assessment And Risk Control Method Based On Operation-flow

With the Internet and information technology rapidly developing, information security becomes more and more important in national security. Effectively assess and control the potential safety hazard and risks in the information systems of important trade has become an urgent research subject. Therefore, it researches the related theory and method from the two perspectives of information system security situation assessment and risk control based on operation-flow.In the security situation assessment, it firstly establishes an information system security situation assessment index system consisted of the first grade assessment indexes and second grade assessment indexes. It also calculates the assessment indexs weights using AHP(Analytic hierarchy process, AHP). Secondly, it provides a security situation assessment method based on index system mainly researches the assessment process, calculation method of security situation index value and security situation analysis. At last, it assesses the information security situation of an information system from an Airline to verify the practicality and universality.In the risk control, it provides an operation-flow based risk control method(ORCM) which consisted of risk quantification method and the risk control method. In the risk quantification method, it provides a quantification parameters system and parameters initialization method. In the risk control method, through the control effect maximization operation, the minimum residual risk damage is used as an object function to obtain the risk damage minimization deployment scheme based on the linear programming method; through the control cost minimization operation, the minimum control cost was used as an object function to obtain the control cost minimization deployment scheme on the premise of not more than the minimum residual risk damage. The RAS experiment and the risk scenarios changing experiment results show that the ORCM not only has better security risk control effect and lower control cost but also has a high adaptability.