Research On Information Security Risk Assessment Based On Ahp And Foem

Into the 21st century,information resources are the important strategic assets for a country,information security seriously affected the economic development,national security and social stability. The number of a variety of high-tech computer crimes and network attacks is increasing. With the increasing demands of the information security, network and information security has become an urgent problem to be settled. Considering the information security from the point of system engineering, the risk assessment is the basis and prerequisite for the information security system.Risk analysis is helps the administrator to know the security of the whole system, base on the research of system architecture, poliey, staffs and equipments, such as work station, server, switch, database application. Risk assessment is a main technology of web security protection and a part of information security engineering. According to the security policy and rules, risk assessment cheeks vulnerability of the system by simulating the attack and tells the risk level and the way of control threat.The paper makes an introduction firstly to information system security and risk, assessment, and then it studies on the research of relative standard and the analyzing way of system's asset, threat and vulnerability. Based on the actual needs of risk assessment of information security, the criterion GB/T 20984 of risk assessment are studied, reduced and compared the Analytic Hierarchy Process(AHP), Fuzzy overall evaluation method(FOEM), and Bayesian Network. Designed the information security risking assessment model based on Analytic Hierarchy Process and Fuzzy overall evaluation method. Then using experimental data verified the efficiency of the model. Through the risk assessment of information security, the risk existed in the system can be obtained to make sure the security level of the system. By giving the advice for selecting the information security protecting measures to counter the risk, the risk can be decreased to an acceptable extent.