Research on vulnerability of classification method of a complex information system

With the development of science and technology, the demand for automation and intelligence has nearly penetrated every corner of society. Single software and specific needs of information systems can no longer meet the growing needs of people. A complex information system composed of various systems, smart devices, and software emerged. The security of such complex information systems is becoming increasingly important. Attacks on complex information systems have become an important factor in harming national security, political stability, economic lifeline, and citizen security. Risk factors are weak links in the information system that may be threatened to cause damage, and the risk factors are transformed into damage to assets under certain conditions. Although the existing vulnerability management specification standards contain relevant content of risk assessment, the scope is not enough to support and cover the assessment of risk factors in information systems. In this paper, we comprehensively investigate and analyze the vulnerability standards of various vulnerability classification for information systems, and propose a classification standard for the analysis and grading of risk factors of complex information systems, which can provide a reference for the classification of information system risk factors in finance, public communications, and energy industries.