| With the rapid development of information technology and increasing maturity of information management theory, the awareness to concept of information security is undergoing a development process which is from confidentiality to protect, and then to guarantee the availability. Information security is not only caused by technical reasons, but also involves the human and social factors. Therefore, technology is not an effective solution to the issues of information security. Only by relying on scientific and effective management of information security, having good skills, and the implementation of standardized safeguards good results can be achieved.Traditional risk assessment of information system security goes from the environment of system operating and preservation, analyzing its loopholes and threats. However, it is not enough to analyze a security risk only from its loopholes, a sound risk management system must be established, and the risk assessment must be led to the entire life cycle of information system. This article is right aimed at this point, studying the first phase of information systems life cycle—systems planning stage, paying attention to and controlling the various possible factors in the first time which impact the security and operation of information system, and lay a solid foundation for the success applications of information systems in the enterprise.Based on the theoretical guidance of SSE-CMM and the idea of process improvement, this article described the characteristics of risk in the information systems planning stage, gave the implementation elements of risk assessment, then raised the indices risk level of information systems planning stage in the context of the current risk assessment theory. The risk system of planning phase is divided into three levels, and specific risk indicators like risk sources, the impact scope and preventive measures is described in detail, which provides a theoretical basis for risk assessment and controlling. On this basis, using the master method of Fuzzy Comprehension evaluation and Analytical Hierarchy Pross(AHP), this article described the calculation process of the risk assessment for planning stage. According to the results of risk value, the key factors in... |
PDF Full Text Request