Nowadays, with the rapid development of information technology and the internet, the problem of evaluating the effectiveness of information systems security management has increasingly become the focus of attention. In this paper, some analysis and research have done focusing on this problem, and a comprehensive evaluation has been made in the objective and subjective aspects. The following work has been done:Firstly, we discuss the lack of the existing information systems security management assessment methods, and establish an assessment system of the effectiveness of information system security management in the aspects of "the human factor risk" and the "assessment of classified protection of information systems security (ACPISS)".Secondly, we provide the definition of human factors risk and its classification criteria, establish a risk index evaluation system, build a human factors risk evaluation model based on AHP, and give a formula for calculating the degree of human factor risk.Thirdly, we construct an efficiency evaluation method of it on the basis of "ACPISS", further establish the model framework, the index system, and the evaluation model of the efficiency of "ACPISS" in combination with DEA method, and thus give the specific evaluation process. And we introduce a super-efficiency model, realize not only the response of user subjective wishes, but also the sorting of "ACPISS" objects.Fourthly, we provide an analysis of the efficiency for information system security management proposed in this paper by way of examples, give the human factor risk classification of testing objectives, obtain "ACPISS" for multiple decision-making units, and give the suggestions on the further optimization of resource allocation and the improvement of the information system security in view of the input and output. |