Skip to Main Content
Reducing the risk of IT governance often get a lot of attention. Journal and newspaper articles abound, and professional books have been written on the subject. this article presents a Conditional Random Fields (CRF) based risk assessment model .We first analyzed and evaluated the existing information security risk assessment methodology, and described control processes of information systems and risk levels summarily. After that, CRF model was introduced into information system security assessment, which can improve model-based information security risk assessment method (CORAS). this article taking web-based electronic banking system for an example, we quantify the risk indicators of a given task sequence, by formal description and modeling of system flow and risk levels. The experiments demonstrate the feasibility of CRF model, which laid the foundation for information system risk assessment and IT governance security.