| In recent years,with the vigorous development of the Internet,we have come into the information period.Informatization is a double-edged sword,which not only brings many conveniences for people,but also causes many information security risks.Therefore,security is a lifeline for information system that must be guarded.At present,the information security risk assessments on enterprises could scientifically and comprehensively analyzes the vulnerabilities existing in the information system,various threats,and prodicts the degree of danger and occurrence possibility of security events.According to the evaluation results,enterprises deploy protective measures,which can effectively improve the information security level and ensure its security.This paper mainly researches the application of information security risk assessment,and proposes an information security risk assessment model based on fuzzy G1-comprehensive assessment method.On the basis of information security risk assessment process and the proposed assessment method,we design an information security risk assessment system for small and medium enterprises,and develop an information security risk assessment platform.Our specific works in this paper are listed as follows:(1)We proposes an information security risk assessment model based on the fuzzy G1-comprehensive assessment method,which could conduct a comprehensive risk assessment for enterprise to obtain the current security situation.In this model,we use the order relationship analysis method(G1-method)to calculate subjective weights and use the fuzzy synthetical evaluation method to obtain the evaluation matrix.Then,we will get the risk evaluation result with combining the aforementioned two results.This model integrates the advantages of quantitative analysis and qualitative analysis to obtain information security risk assessment results,which are more accurate.From the conclusions of simulation experiments,we could conclude that the evaluation results obtained by the information security risk assessment model based on the fuzzy G1-comprehensive assessment method are close to those given by risk assessment experts.It is suitable for small and medium enterprises to conduct self-service information security risk assessment.(2)Combined with the information security risk assessment model based on the fuzzy G1-comprehensive evaluation method proposed in this paper,we devise an information security risk assessment platform for small and medium enterprises,which could be implemented by small and medium enterprises for the rapid and self-help information security risk assessment.The platform uses questionnaire surveys,which contain many detailed questions extracted from the information security risk assessment specifications.The G1-comprehensive assessment method could present the quickly present the status of enterprise information security with degree of security membership,which is influenced by the result of questionnaire surveys.The main function of the platform comprises of three core modules:information collection and data storage module,data processing module and evaluation result presentation module.The information collection and data storage module is responsible for the collection and storage of the uploaded questionnaire information.The data processing module uses the fuzzy G1-comprehensive evaluation method to obtain the information security risk assessment results.The evaluation result presentation module is responsible for describing the status of enterprise information security in the form of a risk map,which can also display the information security risk assessment results of the enterprise in recent years.It facilitates users to compare the information security risk situation.At last,we could conclude that the devised platform is available from the results of function and performance experiments. |
PDF Full Text Request