摘 要

随着市场经济的繁荣发展，我国有形建筑市场也进入了高速增长的黄金时期。越来越多的传统行业也开始意识到了时代改革和发展的信号，并且加快了信息化建设的脚步。而信息化过程中所涌现出的信息安全问题也已经成为了关乎全球经济发展的重大问题。随着科学技术的发展，在信息系统防护技术稳步前进的同时，信息系统自身存在的弱点和漏洞时常被反信息安全人员利用的情况同样愈演愈烈，全球经济损失中信息安全损失所占比例也越来越大。作为有形建筑市场的交易场所和管理机构，建设工程交易中心在信息化的过程中虽然极大地提高了交易和管理效率，但是其本身所具有的交易金额巨大、包含信息丰富、参与人员层次复杂等特点也使得它不得不面临十分严峻的信息安全问题。

本文首先介绍了建设工程交易中心的基本情况、主要问题和信息安全评估的重要性，并且对信息安全评估的定义与概念、国内外信息安全评估的标准及方法工具、建设工程交易中心信息系统的业务与组成、信息安全评估过程等方面内容进行了归纳和总结。在结合国内外相关标准规范、信息系统安全相关理论、建设工程交易中心实地考察结果以及相关专家意见的基础上，本文结合MMEM系统理论、瑞士奶酪模型和SHEL模型从安全技术和安全管理两个方面分别建立了针对建设工程交易中心的信息系统的静态安全评估和动态安全评估指标体系，并通过所建立的信息系统安全评估指标体系和包括层次分析法、多级模糊综合评价法在内的相关系统工程手段构造了建设工程交易中心信息系统安全评估模型。最后本文将研究理论与成果应用于H市建设工程交易中心信息系统进行实证，对其安全现状和风险问题进行了说明和总结，并依托所构建指标体系和模型对其安全风险值进行计算，并针对其安全状态提出了相应的信息安全策略，为建设工程交易中心信息系统的安全研究提供了参考和实际案例。

关键词：建设工程交易中心信息系统安全评估指标体系评估模型安全策略

Abstract

With the prosperous development of the market economy，the visible architectural market has entered the golden period of rapid growth.More and more traditional industries began to be aware of the change of the times and accelerate the informatization construction. The information security problems which appeared in the process of informatization has become major issues in the development of global economy. With the development of science and technology, the situation that the weakness and vulnerability of information system is utilized by hackers is strictly intensified.As a trading and management institution ofthe visible architectural market, construction project trading center has greatly improved the efficiency of transaction and management in the process of informatization construction. But its characteristic of huge trading value,large amounts of information and complex participants has made it faced with serious information security problems.

This research introduced the basic situation, main problems and the necessity of information security evaluation of construction project trading center and summarized the basic concept of information security evaluation, information security evaluation standards and methods, the business and elements of construction project trading center and information security evaluation process. On the basis of combining domestic and foreign relevant standards, related theories of information system security(MMEM System Theory, Swiss Cheese Model and SHEL Model), investigation results of construction project trading center and the opinions of relative experts, this research established static and dynamic security assessment index system of construction project trading center information system from the aspects of information system security technology and management. On the basis of the static and dynamic index system, this research established the information system security assessment model through related system engineering methods including analytic hierarchy process (AHP), multistage fuzzy comprehensive evaluation method and expert system. The research results were applied to the information system of H City Construction Project Trading Center and its security status and risk problems were summarized. Through the information system security assessment index system and model, the security risk value of H City Construction Project Trading Center has been calculated and information system security strategies were formulated, which provided reference and actual cases for the research of information system security of Construction Project Trading Center.

Key words:Construction Project Trading Center; Information System; Security Assessment; Index System; Assessment Model; Security Strategy