| With the rapid development of power automation applications, power enterprises are increasingly dependent on information technology and services. Information confidentiality, integrity and availability are of the most importance for enterprise information security. Enterprise information security management is a dynamic process, and it involves many aspects throughout the entire life cycle of the information systems. The essence of the information security management is the management of risk because security and risk can never be separated. There is neither absolute security nor absolute risk. The so-called security information system is to reduce the risk to a certain degree gradually through adopting the best policy of management of risk. Risk assessment is the first step in approaching risk management, and it is an important means for ensuring information secure too. Its function has been recognized widely.What information security risk assessment does is, according to relational evaluating standards, the procedure of evaluating the vulnerability and the threat of information asset, along with the negative impact and the likelihood of harmful things. For the risk of information security, the vulnerability and the threat would be the reason, while the impact and the possibility would be the result.Based on international standards about information security, a model of information security risk assessment is presented. Its kernel is risk management. Founded on this model, the risk assessing methods have been discussed in details. Based on the risk level evaluated by power information system, the power information network is divided into several districts. The key district is supplied with key guards, so that it can be in high security with little money. These methods were put into practice and verified in a real risk assessment project in 2006. And the canonical information security system is gradually founded by the project of information security... |
PDF Full Text Request