The Research And Implementation Of Level Protection Auxiliary Assessment System Based On AHP

Information security level protection is a kind of work that protects information and information carriers according to their level of importance and it belongs to the field of information security and it is valued by many countries such as China and the United States.It mainly includes five stages:rating,filing,security construction and rectification,information security level assessment and security check.In China,it has become a basic system.For each completed information system,its operating or use unit must select a rating agency that meets the specified conditions,and periodically perform rating assessment on the information system.Because of our country's level protection work is still in its infancy,there are still some problems in level assessment work.For example,the process of determining the security level is affected by human factors resulting in a bias in the rating results,the lack of an existing rating protection report generation system,the variety of filing materials has brought inconvenience to the tested units,lack of experienced assessment personnel and so on.Therefore,this paper designed a rating scheme based on the Analytic Hierarchy Process(AHP)that contains seven evaluation factors and applies it to the level protection assessment work.Finally,an AHP-based hierarchical level protection assessment system is developed to better solve the current issues in the assessment process.The main tasks include:(1)Security level determination and record material management.In order to reduce the influence of the subjective factors of the assessors on the security level,this paper uses the improved AHP to quantify seven factors that affect the security level of the information system from the aspects of system service security and business information security.By establishing the analytic hierarchy process model,constructing pairwise comparison matrix,calculating weight vectors,and checking the consistency of the matrix,the object's degree of infringement D(o)is quantified.After analyzing a large number of grading examples,defining the scope and corresponding degree of damage to D(o),finally using the grading matrix given in the rating guide,the information system's security level is initially determined and a rating report is generated.Then,according to the determined security level,the corresponding filing materials are selected and delivered to the tested unit download.(2)On-site assessment implementation and results analysis.First,complete the information system asset management,work plan,determine the evaluation program and so on;secondly,according to the determined security level,evaluation personnel collect the corresponding information of the system and record it;then the evaluation personnel will judge the compliance degree of each record according to the evaluation item and give a score;Finally,the system calculates the degree to which the assessment object satisfies the determined grade.In order to make the measured unit have a more in-depth and intuitive understanding of the security status of the information system,this part uses pie charts and histograms to dynamically visualize the evaluation results;then evaluation personnel maintains the basic information of evaluation object,and use the FreeMarker template to dynamically generate gap analysis reports and sent to the client for users to download.(3)Knowledge base management.This part implements the management of the basic knowledge of peer assessment,related documents and cases.The evaluation personnel can obtain relevant information by searching the knowledge base which provides a reference for solving the problems encountered in the process of rating evaluation.