Information System Risk Analysis And Security Management

It is a new and very important issue to conduct the Information System Risk Analysis and Security Management in informationization construction, which has drawn the great attention of the government. The Information System Security Management does not involve only the management system or only the relevant techniques, but includes the relevant strategies, management and techniques. It will greatly assure the national information system security to construct and normalize the national information on the basis of constructing the Information System Security frame. So this thesis has important theoretical and practical value.The paper firstly analyzes the actuality of the Information System Security, secondly sets out the characters which the Information System Security hazard harms the information system and based on the characters introduces the RBAC risk analysis model, lastly proposes the methods of achieving purview management on the basis of the RBAC model. So the article mainly consists of two parts: the Information System Risk Analysis and Security Management and the design of the security model based on the RBAC.The paper is composed of five chapters. Chapter 1 focus on the background and the significance of the issue. Chapter 2 introduces the asset evaluation, the safety threaten to the information system and some effective way analyzing the risk of the information system. After analyzing the security models and security demand in the organization chapter 3 introduces the role-based access control model and its basic idea, characteristics and advantages; Chapter 4 introduces the model designing blue print based the RBAC theory, and discuss the implement of the purview management and access control; Chapter 5 comes to the conclusion of the paper and presents the following research aspect.