Research On Information System Security Risk Analysis And Assessment Based On G-ANP Method

In today's "Internet plus" era, lots of traditional companies transition to the Internet. As the foundational role of network and information system is more important, it is especially important to ensure the information system security. The objective information system risk evaluation is the basis and precondition for safety management and the improvement of security performance. Therefore, it is of great practical significance to study the information system security risk assessment.Based on the principles, methods and processes of information system security risk analysis, this paper analyzes and summarizes the risk factors such as assets, threats and vulnerabilities. When analyzing the risk factors influencing the safe operation of the information system, it's found that with the development of information technology, lots of new threats are emerging,and the original risk index system can't meet the needs of risk assessment.Therefore, based on E-commerce information system, this paper constructs the information security risk assessment index system under the current information security situation, in order to reflect the actual situation more objectively.The index weights reflect the influence of each factor on the information system security risk, as well as the importance in the risk assessment process.The ANP network structure model is constructed, which truly reflects the network structure relationship among the interactive and interdependent risk factors. Super Decisions software is used to construct the relative importance judgment matrix and solve the limit matrix. The weights of each secondary index reflect the actual situation and validate the rationality of the constructed index system.In order to reduce the subjective impact in the risk index scoring process,this paper introduces the gray evaluation method. Five definite weighted functions are determined according to the risk evaluation level, and the gray evaluation matrix is obtained by processing the raw data with the definite weighted functions. This paper innovatively applies the G-ANP method to the constructed index system, combines the secondary index weight obtained by ANP with the gray evaluation matrix, and obtains the first-level risk evaluation value and the comprehensive risk level. Then this paper identifies the factors that have greater impact on the E-commerce information system security, and proposes some effective safety management suggestions and measures.