| With the constant deepening of information technology, Information system is widely applied in the country's political, military and economic spheres, the entire society have more and more depended on the information systems, so information systems security has risen as a overall matter of national political stability, social stability and economic health operate orderly. Information security management is essentially a risk-based management. The current rapid development of information technology, information security management theory and methods undergoing a major transformation:from a single technical means to "Technology and Management" equal emphasis on the comprehensive management tools; from the local project management to the global system management; from the inadequate standard empirical management to safety-level clearly management; objects of risk assessment which from comprehensive assessment to human-reason assessment; from static assessment methods to dynamic assessment; assessment tools which from automatic evaluation assessment to the qualitative assessment, the qualitative and quantitative combined of the quantitative evaluation. Information systems with the actual situation of the relevant scientific theories and methods of improvement and innovation is to ensure information systems risk assessment and management,that is a necessary prerequisite for continuous improvement.This dissertation is proceeded with ideas of the qualitative-quantitative qualitative analysis, focusing on the technical level and management level, from the crucial problems of the information systems risk assessment and management process, combined with security management, systems engineering, information security, analytic hierarchy process France (AHP), gray theory, fuzzy theory, decision theory, multi-disciplinary theory and related approachesm,which is carried out targeted research. Main research work are:(1) First, This dissertation is studyed on application of AHP which base on improved fuzzy comprehensive evaluation method and base on sum of squared deviations of the fuzzy comprehensive evaluation method to conduct a comprehensive assessment of information systems. Through a comprehensive assessment of the information systems risks, master overall situation of the information system risk, the main risk factors, while risk management information systems provide the basis for strategy and control measures. The dissertation is studyed for the follow-up dissertation information systems human-error risk assessment, risk assessment and risk management models situation and provide countermeasures of the study and a theoretical basis and foundation methods.(2) This dissertation is studyed on Interactive group decision-making which base on the information system human-error risk assessment studies. the use of Reason model and the SHEL model for information system risk of human error analysis, and the establishment of information systems human-error risk assessment index system, the application group decision-making techniques to judge the weight of experts, can effectively improve reasonableness and accuracy of the information system risk assessment. And application of improved fuzzy AHP information systems into an integrated approach to human-error risk assessment, analysis of the human error and the role of risk factors and to identify information systems human error risk level, in order to explore the information systems risk management, human error and laid the foundation for response..(3) This dissertation is studyed on Gray Theory of information systems risk posture assessment. In fact, due to the uncertainty and dynamic of the threat information systems, risk factors and the relationship between factors, the ever-changing timing and scope factors,leading to the risks that facing with information systems presents dynamic and complex evolutionary trend, static risk assessment is difficult to predicted or assess the future risk status, and thus the system assess future risk trends which highlight its significance. This dissertation will be introduced into the theory of gray system, information system security risk situational awareness of the research area, it is presented a risk situational awareness assessment model, through simulation experiments, validate the methods and models of the feasibility and effectiveness. And this dissertation is studyed on how to make situation assessment base on information system risk early warning, prevention and control model.(4) This dissertation is studyed on Information systems risk management model and Countermeasures. Information system security building is not only a technical issue, but also a management issue, management is the lifeblood of the construction process through the information security system, risk management is a basic work of the information security. This dissertation is presented the development needs for the future of intelligent information systems for dynamic risk management models and information systems, human-error risk management and control model, and make concrete policy proposals.
|
PDF Full Text Request