Network & information system security risk assessment technology

There is an increasing demand for security risk assessment of network & information system where assessment usually is comprised of all kinds of Internal or external threat. Now there is also another problem to be solved, that is, when the information system increased another many risk parts, if the system is still under a security state. In order to answer this question, the paper adopted an incremental factor analysis method to assess information system risk. This method used influence of assets on system risk and risk coefficient to compute the risk increment coefficient, so as to judge information system risk levels. Experiment results indicated that this method is available as well as effective.