| Information security risk assessment is one important part of the security engineering in information system. It has been the focus of the research in the worldwide information security fields. Up to now, a series of information security risk assessment standards have been made at home and abroad. Although there are some research results, thera are still immature. Foreign risk assessment tools available can't be directly used in China, for they're based on different standards and serve for different objects. And problems like recognition of unknown threats still exist.This paper analyzes and compares several typical risk assessment standards and methods, designs and realizes a new software model of information security risk assessment based on information security risk assessment specification approved recently. Through the Establishment of the Risk Assessment Assistant Decision Database, the software classifies the complicated information into refinement categories, and assists the users in conducting the risk assessment with the help of professional experience and classical assessment rules. The software offers the quantitative calculation methods based on the risk assessment matrixes. After that, an application example of the software shows the realization and the procedure of the risk assessment for information system. The results of the experiment indicate the sofrware can quantitate the security situation and risk categoryof the information system whether it is now and future.A model of information security risk assessment system based on immune network discussed in a quantitative evaluation theory is presented in this paper. This Model can reflect the relationship of the evaluation factors, has the features of self-learning, self-updating and real-time detecting. The experiment at the end shows the model of risk assessment is an effective approach to assess the risk of information systems. |
PDF Full Text Request