The Design And Application Of System For The Information Security Assessments And Evaluations

Today, the networks and information systems are playing an important and global role as the essential foundation of our society, and national economic and social networks dependent more and more on important basic information systems, and are related to the national economy and livelihood of the people of finance, electricity, national infrastructure such as telecommunications systems, their operation is dependent on the information network system. These systems in case of questions, ranging from economic losses and cause inconvenience to social life, heavy is the whole country's political, economic or military is facing new challenges.At present, the safety of the system status information is in a single security threat to the security threat changes in a mixed trend, the main problems are in such a complex network environment information necessary to first know what the risks, assess risks, predict its occurrence the possibility of information systems as well as the impact of construction units, and then quantify the risks as far as possible, according to the order of priority, to take appropriate preventive measures.Based on this background and the status quo, this paper focuses on information security risk assessment information system in the course of the importance and necessity of the network, operating system, applications such as security, vulnerability and threats were determined based on the methods and . Systematic analysis of network and information systems threats and vulnerabilities, assess the security incidents happen as soon as possible the extent of the harm, there is targeted to the protection against the threat of countermeasures and rectification measures. Information security risk assessment process design and application programs are based on a national and international advanced technology and management of information security standards, principles, reflecting the advanced nature of the risk assessment. In this paper, the formation of a specific information security risk assessment of the program design, and used as a template to program Shandong Expressway Group's risk assessment information system implementation, the future for all kinds of information systems used by construction units.To sum up, information security risk assessment program design and application of information systems can assist managers of information security management framework set up to understand the current security risks and threats, prevent and resolve information security risks, risk control will be at an acceptable level, and then set up security policies, IT security system, to maximize the protection of networks and information systems. In addition, efforts at the national level the implementation of information system security protection at the same time, the paper design and application of the Level protection and risk assessment of the combination of science, for enterprises a better understanding of the meaning of the protection of Level and accurate information systems to determine the Level to provide a basis in order to guide the user units of the use of technology and management information systems by means of an effective risk assessment, to ensure that the information system in line with the appropriate level of security standards, amounting to less than the corresponding level of security of information systems may adopt a risk assessment report rectification.This article has two points in my opinion needs to be further improved and perfected. First, the operational flow of the carding system, divided in the security domain, the business system separated into a number of subsystems, the subsystem is not in accordance with the combination of business process re-contact, in information security risk assessment when many repetitive work; are two the use of IT project management method that is adopted IT service management, flow control and flow of risk assessment, standardization, standardization, more effective control of risk assessment to achieve the desired goal. Project management processes should be further refined through the application of information security risk assessment of the workload of the implementation process, the division has a better understanding of the future at some aspect of the job can be streamlined in order to achieve a more reasonable project schedule and implementation of management.