Study On The Framework Of Information System Risk Assessment Based On Data Mining Technology

Being more and more important resource, information also suffers from more and more risks. Within the current social production activities using information technology as the basic tool, the fund and human resource input also become larger and larger in order to guarantee the information system asset away from damage.The risk of information system is a kind of safety issue caused by vulnerability of system from artificial or natural threat, and it has influenced on the organizations due to the importance of the damaged information asset. The information system risk assessment not only the need for enterprise management development, but also the need for information technology development.From 90’s year of the twenties century, a series of information system risk assessment standards are proposed by countries as England and America and organizations as the International Standardization Organization, some implementation methods and large amount of practice experience are also worked out. Currently speaking, one important issue of the information system risk assessment is the analysis and handling of any kind of safety-relating data. On the basis of data mining technology, a theoretical framework for the information system risk assessment is proposed by this article. Under the guide of this framework, the quantitative and qualitative investigation method is adopted to give investigation and examples for the information system risk assessment theory. The whole dissertation is divided into six sections; the concrete content is as follows:The first section mainly discusses the concept, main theory, method, model and application of information system risk assessment.The second section mainly discusses theory framework for the information system risk assessment based on data mining technology.Generally speaking, the information system risk assessment is a kind of estimation and analysis for some uncertain issues which mainly includes the information system asset, the system vulnerability, and the threat. The information system asset includes the system information (inside) and the internet information (outside), which could also be considered that the asset attribute is distributed in a larger, more complicated, and distributed data base. For the data mining technology which is applied to the risk assessment, firstly, the application subject of the risk assessment will be defined, and the suitable model for the mining object will be established; secondly, the data source should be collected around the information system risk assessment subject. The data resource of the information system risk assessment in this article is divided into asset attribute data, threat data, and Web resource data, which will be delivered to the preprocess module for processing and output the lists of asset value and threat value.The information system risk elements could be divided into the system safety risk, the data information risk, the execution risk, the artificial element risk, the physical element risk and the management element risk.; thirdly, the risk elements will be extracted, decomposed, combined and converted into the data format which is suitable for data mining to do the analysis and evaluation; lastly, the risk decision making will be made according to related principles, and submitted to decision maker by decision making supporting tool for relating technology handling of information system risk assessment. For this article, during analysis and evaluation for the risk elements, the threat factors of each threat will be pulled out, the frequency and of the threat will be calculated according to Poisson distribution method, the value will be given for the vulnerability of the system asset; then the threat (including frequency) value table, the asset (including vulnerability) value table will be extracted, decomposed, combined and converted into the data format which is suitable for data mining; finally the risk assessment class will be got from the risk lost measurement according to the VaR method of the financial risk management.During decision making on the information system risk prevention, the information survivability index will be calculated by the infinite state machine model to be the basis of the selection on information risk prevention input and adoption; then the validity, sensitivity of the risk prevention measures will be evaluated to make orders for the risk prevention measures; finally the effect prediction model of the combined risk prevention measures will be established according to the rough set theory, after the prediction value is calculated from the model, the result will be submitted to decision maker by decision making supporting tool for the measures decision making and relating technology handling of the information system risk assessment.In section 3 the author mainly constructs a space stress calculation method about the information asset safety attribute dynamic correlation.As the safety between the information assets has a correlation, so through a space conversion on the information asset attributes (such as integrity, confidentiality, availability, class and location), and based on B-Spline function, the information asset safety attribute space and the dynamic space stress calculation model will be established. The correlation of the asset safety attributes is shown from the curvature of the asset-relating surface, and the asset safety attribute value could be adjusted and calculated dynamically. The modification of the risk prevention measures could be finished dynamically with the help of this dynamic space stress calculation method about the information asset safety attribute.The author proposed an optimization method for strengthening the risk decision making on common case in the fourth section.The importance of each risk control measure has a variance; also the influence on the overall safety of the information system has a variance. Normally according to self condition, the enterprise will focus on the optimization for the restraint on technology condition feasibility and fund input. But for the selection on the type of technology input which should be strengthened, the experience will be the major consideration. Concerning the risk faced by the information system, the unacceptable risk and the acceptable risk under finite prevention measures are two kinds, also five classes are divided from the influence importance of the information system asset on the system. On the basis of the analysis of the risk prevention measures optimization method (which is based on the investment restraint and the risk prevention requirement restraint), the unacceptable risk, the important asset and the user-defined important risk prevention measures are considered as common case, and based on which the quantized module for optimizing the decision making is proposed according to the Amdahl theory. By this module, the influence of one certain risk prevention measure on the overall system safety could be worked out; the contribute value for the overall system safety could be strengthened; and the scientific calculation method could be provided for the establishment of the decision making optimization automatic system of the information system risk assessment.In section 5 is studied by a case for the information system risk assessment based on data mining technology for an enterprise.Section 6 gave a conclusion of the dissertation and some prospect that have interesting future.The main investigation content are proposed a theoretical framework for the information system risk assessment based on data mining technology; proposed a space stress calculation method about the information asset safety attribute correlation; and proposed an optimization method for strengthening the risk decision making on common cases.This article is one of the achievements of the AOE important philosophy and social science project named Research on the Plan, Management and Application of the Digital Information Source (No:05JZD00024) on 2005, and it is also one of the achievements of the NSFC project named Research on the Visualized Module of Digital Information Source Management (No:70473068).