| Along with information technology's swift development, the information industries already seeped to national economy each department, is playing more and more vital role, already became weighs a national comprehensive national strength the important target. The human society enters the information age, the informationization advancement speeds up comprehensively, the information became an item of capital stock, the social development has been getting bigger and bigger to the information dependence, the information safety control also more and more received people's attention, but the risk assessment took the information security management an important link, to safeguarded the information system to have the very vital role. The information and the service and so on secrecy, integrity, usability, and traceability have the flaw in aspects will give the organizations and agencies to bring the negative influence.This article first briefly introduced informationization supervision, the risk management as well as the risk assessment theory's related knowledge, then systematically analyzed the threat that the properties of information and information system faced, as well as the harm degree when possibly createsd by threat event happening. After having compared the existing risk assessment model and the risk assessment method, proposed the risk value computation model. As a result of the system risk's complexity and the uncertainty, the paper uses the AHP of unifying the qualitative method and the quantitative method to process construction risk factor hierarchical structure to find the the weighting factor of various risk factor by determined that and uses the fuzzy synthetic judgment to compute information system's risk influence value, extracts the system risk value finally. Based on this, has designed the informationization engineering risk assessment system, this system has realized the risk value automated computation, reduced staff's work load, raised the efficiency, and has guaranteed the appraisal result objectivity and the accuracy.Moreover, this article also realizes using the fault tree analytic method and theprobability influence chart to information system's risk analysis. And will use the rough sets model to utilize in information system's risk assessment, the use ofβrules to reduce data, withdraws the effective risk rule from the massive indefinite complex data.By this rules, advantageous for the superintendent to pose the resistance threat target-oriented the protection countermeasure and reorganizes the measure, thus maximum limit reduces the economic loss and the negative influence, to information system's risk assessment work display instruction function. |
PDF Full Text Request