Information System Security Metrics and Evaluation Model

Information technology security evaluation criteria GB 17859 represents the security metrics of information systems as different ratings and defines the security elements set for the security metrics evaluation.The concepts of composition independent security element,composition complementary security element and composition correlated security element are introduced to discriminate between the various characters of the security elements presented in the process of security metrics assessment.The formal evaluation model for information system security metrics and its implementation are also introduced based on the definitions of access path,regular path and the relationship between components.