Research On Security Risk Assessment Model And Application To Marine Information System

Marine plays an extremely important role in national economy and social development, since our country is a marine power. In recent years, national marine industry maintains steady growth. According to preliminary accounting, national marine GDP totaled RMB 64,669 trillion, 7% growth from last year. Shanghai Oceanic Administration and Shanghai Reform and Development Commission organized Research on Shanghai Marine Development Strategy last year. With the advance of marine power strategy and One Belt One Road, how to strengthen information construction, and enhance forecast and disaster mitigation, environmental protection, rights protection law enforcement and other marine information support capability of public service have become the major concern to interested parties.From the overall, marine information has gained several progress in our country. First, national marine information planning has been settled and improved. Second, marine information acquisition, processing capacity and techniques have developed. Third, multistage marine information service system has been formed. Fourth, national comprehensive marine management system has been established. Fifth, marine information security has been constantly strengthened. As most of the marine date belongs to national secrets, the loopholes in marine information security technically and managerially may bring serious consequences to our country. Therefore, in the construction of marine information system, the information security problem shouldn’t be ignored. It is understood that the national, municipal and county administrations and other marine related units have different security levels for different marine business requirements. As a result, the security risk assessment for marine information system is considered the foundation of marine information security management construction. Effective security risk assessment model can whether the security construction of the evaluated system meets the requirement to protect information assets. At the same time, reasonable application of security assessment model can also monitor the security situation, so that technical staff can adjust measures to ensure information security, to control the risk to acceptable range, and to guarantee the safety of the whole system with lower cost from the largest extent.Firstly, this paper carries on the thorough analysis for the existing risk assessment criterion, assessment model and method. Considering GB/T 20984-20984 and information security risk assessment standards at home and abroad as a guide, and combining with the characteristics of marine data attribute and Marine information system to analysis and study of marine information system security factors, this paper puts forward a set of relatively comprehensive and objective marine information system security assessment index system, based on the Analytic Hierarchy Process(AHP),which is carried out the combination of quantitative and qualitative analysis on the index system, to screen for marine information system security index of a smaller effect. The validity coefficient and correlation coefficient in statistics for validity and reliability test proves effectiveness and reliability of the index system.Secondly, this paper combines with fault tree and AHP in the qualitative and quantitative analysis on the advantages, to establish the marine information security assessment method, based on the improved AHP. By the introduction of the structure importance in the establishment of the AHP judgment matrix, each factor is calculated and analyzed, establishing the judgment matrix by comparing the structure importance of each factor’s relationship.Finally, marine information system security evaluation model is proposed, based on improved AHP. The first step is to analyze the model evaluation system for security risk factors. The second step is to build the judgment matrix of accident tree and AHP respectively and calculate their weights, and then calculate their respective scale factors and consistency factors to get weights assignment combination. The third step is to use fuzzy comprehensive analysis method combined with the weights of system to work out the security grade, and give security improvement scheme.By means of the application instance, the index system and security assessment model are applied to the actual marine information system, and the practice proves that the index system and the security assessment model are practical, feasible and effective. Practical example analysis shows the research achievements conform to the actual assessing results.