Abstract:it has attracted more attention to the researchers about how to build an appropriate model to assess the risk of information systems. Aimed at this issue, a measurement framework of combining qualitative analysis with quantitative computation is proposed. From the implementation of information security management measurement (ISMM), the model, factors, indices, means and implementation flow are also given in detail. At last, the implementation flow of ISMM is depicted.

An risk measurement model for assessing information systems