Information security risk assessment method based on CORAS frame

This paper first carry out the summary to the information security risk assessment's present situation and the correlation criterion, then introduced in detail to the risk which possibly exists carry out the quantification based on the CORAS frame's information security risk assessment method and using the analytic hierarchy process, finally uses on-line Electronic bank system's example, proved this method to be possible very well suitable in the information security risk assessment. © 2008 IEEE.