AHP Implemented Security Assessment and Security Weight Verification

摘要

The media often reports shocking stories regarding attacks to the networks of well-known companies and organisations with headlines announcing either millions of pounds worth of financial loss or exposing public security issues. The most common attacking methods take advantage of the weakness of operating systems, the bugs found in certain applications such as Internet Explorer or Adobe Reader, or incomplete security deployment. As such end users and network administrators have to cope with increasingly complicated network environments in order to ensure that they are under reasonably safe protection. However, the very nature of a network itself means making information accessible. As a matter of fact, networks are themselves designed to be "open". From a security point of view, the inherent nature of the network is insecure. Due to the complexity of the network nowadays, end users including home and business users have been aware of the importance of having a safer network environment and have taken action to protect themselves by applying the defences provided by computer security software & hardware vendors. Most of this just simply involves deploying off-the-shelf security applications and solutions such as firewalls, IDS, IPS, antivirus, anti-spam and so forth. Here users actually remain oblivious to their specific safety requirements, or they do not possess enough knowledge or sufficient resources to undertake appropriate requirement analysis. Such analysis also involves significant and untenable investment in terms of time, money and labour. Consequently the end result is often a much less safe network environment than required. It is important for end users to comprehend their specific safety requirement, and particularly to have access to an effective assessment of their current network security status so that they are able to proportionally apply the right security solutions needed to improve and enhance their network security. This paper introduces a-- straightforward assessment method which can provide quick, reliable, cost effective, accurate and quantified assessment result suitable for the live application environment by using AHP and risk weight system.