Information system service security evaluation method

Abstract

The invention discloses an information system service security evaluation method, which belongs to the field of information system service security evaluation, and comprises the following steps of: acquiring security data of an information system service in an execution process by adopting data acquisition equipment; acquiring the preference of the user to the information system service security data; extracting security data to establish a decision matrix, and calculating the weight of each security assessment attribute according to an information entropy method; and calculating a security value L of the corresponding information service according to the weight of the security evaluation attribute. The method can accurately reflect the actual security state of the information system service in the operation process.

Description

technical field

[0001] The invention relates to an information system service safety evaluation method, which belongs to the field of information system service safety evaluation. Background technique

[0002] With the rapid development of services, the security threats they face are increasing day by day. Unknown vulnerabilities caused by application features are also increasing. It is urgent to give a clearer definition of its security degree. Information system security covers a lot of content, mainly including user authentication, authorization, transaction audit, service availability, confidentiality and integrity of exchanged messages, non-repudiation of requests or messages, etc. At present, most of the foreign researches on information system service security issues focus on formulating information system service security norms and the realization of corresponding norms. Most of the domestic research on system security focuses on the use of various security protoc...

Images