Research On Key Technologies Of Information System Security Risk Assessment

With the rapid development of the Internet and the continuous improvement of the degree of informatization,the network environment is becoming more and more complex,and the security of cyberspace is becoming more and more serious.A reasonable and effective security risk assessment of information systems can provide an important basis for security defense decision-making.Therefore,this paper deeply analyzes information system security risk assessment standards,theories and technologies,constructs security risk assessment methods under different information system environment conditions,and solves the problem that the existing information system security risk assessment methods are not accurate enough,and designs according to the proposed method.Implement automated information system security risk analysis and response system.The main research contents are as follows:1.Aiming at the traditional information security risk assessment method based on AHP,there is a problem that the weight of the evaluation process index is not accurate,and the evaluation information is ambiguous.This paper combines the AHP and the fuzzy comprehensive evaluation method,and calculates the weight of each layer based on AHP.Through the consistency test to verify the rationality and effectiveness of the weights,the fuzzy comprehensive evaluation method is used to comprehensively evaluate the overall security risk of the information system,and further determine the fuzzy relationship between the threat sources and the indicators.The security risk level is determined according to the risk classification,and the information system security risk assessment algorithm is designed.Experiments show that the proposed method improves the comprehensiveness,accuracy and practicability of security risk assessment,and can provide guidance for information system managers to develop risk prevention and control strategies.2.The traditional information security risk assessment method only analyzes from the defender,fails to consider the attacker's relevant strategies and confrontation results,and makes the model have insufficient accuracy.This paper introduces game theory and constructs a network attack and defense game model based on static Bayesian game theory of incomplete information.The Haisani conversion is used to convert the incomplete information static Bayesian offensive and defensive game model into a priori judgment on the type of player.And perform game equilibrium analysis on it.Aiming at the two situations of pure strategy equilibrium and hybrid strategy equilibrium,a network security risk assessment algorithm based on static Bayesian game model is designed and compared with the existing risk assessment methods to improve the accuracy of the model and method.Sex.The experimental results show that the proposed method can provide strong support for network information security risk assessment research and security defense decision-making.3.Based on the above research,the risk analysis response auxiliary system is designed and implemented.The system can conduct effective risk assessment and implement security decision for information system,which indicates that the information security risk assessment technology proposed in this paper has certain application ability.This paper mainly analyzes the system architecture design,system module design and the implementation of key modules.