Algorithm for quickly improving quantitative analysis of risk assessment of large-scale enterprise information systems

Abstract

Information system security is a systematic project with integrity, complexity, and uncertainty. Relying solely on technical means cannot fundamentally eliminate information system security issues. It is necessary to consider the establishment of comprehensive safeguards, comprehensive management and monitoring. The information security risk assessment can solve the problem that is difficult to quantify in the security of the information system. Through the quantitative analysis of the asset risk, the original difficult-to-qualify risk value becomes easy to confirm and assign. After extensive research on large-scale enterprise information systems and multiple risk assessment projects, the in-depth study of the general computing model and quantitative computing model of information security risk assessment, a quantitative information security risk assessment model with a risk correction value is proposed. The algorithm of this model makes the risk analysis and risk value calculation in the information security risk assessment process faster, more accurate, and more practical. At the same time, it can be quickly applied to the information system risk assessment of large enterprises.