The Study On Information System Security Risk Assessment Based On Gray System Theory

As the development of informational technology, the Internet has become more common in our life. The security issue of enterprise informational system has become more prominent. Some issues about Informational security are often appeared in practice. These issues that will bring huge economic losses and even influent national information security. Today, information system security has become a key factor in the success of the vast majority of enterprises. We must work in informational security without delay.Follow the qualitative and quantitative analysis research ideas, starting from the key issues in the process of risk assessment and management of information systems, information system security risks take full account of human error, focusing on both technical and human factors analysis of information system security risk, with the help of the gray statistical evaluation method in the gray system theory, the establishment of gray theory-based information system security risk assessment model, and verify that the model has the value of a communications operator information system instance for information system security risk assessment studies new perspectives and new methods. The main researches of this paper are:(1) The establishment of systems security risk assessment index system basing on human by mistake theory of information. Established risk index system from both technical and human factors, solve effectively risk management requirements for information systems security risk assessment, Risk analysis from the technical risks rise to the risk assessment of the personnel risk for the organization to provide more comprehensive more effective risk management program.(2) Establishing the gray statistical evaluation of information systems security risk assessment model combined with the analytic hierarchy process. Firstly, Major risk factors involved in the information system is their association affiliation hierarchical structure, followed by division of the level of risk, expert ratings, identifying and assessing gray type to calculate the index weight, gray statistical evaluation of the underlying index, and finally a layer-by-layer plus weight comprehensive evaluation methods to assess the risk level of the entire information system. (3) The application of risk ash statistics integrated assessment model of a communications operator information system risk assessment. Risk characteristics and risk factors combined with its information systems, information flow management and technical point of view to build the communications operator information systems risk assessment system. And then apply the risk statistics integrated assessment model of the communications operators information systems for risk assessment to determine the operators of the communication system risk factors and the overall level of risk and risk control recommendations are given. The results show that the information security risk assessment model based on gray theory can take fully advantage of the information contained in the assessment indicators, with good operability, the actual work has a certain reference value.