The Research Of Information Security Risk Assessment Standard And Method

With rapid development of IT,the operation of the society has been more and more depended on information and information system.The security events increase quickly and security issues tend to be serious.We must take more attention on the information security situation.Information security is not only about security technology and products.Therefore evaluating risk effectively,selecting effective defense measures and defending information threats actively are the key points of resolving security problems of information system.At first,this dissertation introduces the theory in risk assessment of information security.Through the analysis of the international popular information security assessment standard BS7799,ISO13335,CC.Obtains the structure of the BS7799 standard is extremely clear.With the aid of it implements the risk assessment clear and influent.Based on analyzing the common risk assessment method,the paper adopts method combining with fuzzy comprehensive evaluation model and gray comprehensive evaluation model The feasible nature of this method has been confirmed through the simulation research.