Protection Risk Assessment Based On The Main Business Of The Information Security Level Applied Research

As China continues to speed up its process of informationization from every aspect, the national economy and social development become increasingly more reliant on the fundamental information networks and critical information systems. The issue of information security begins to draw more and more attention from IT professionals. In order to meet the needs of the development of information security class protection is a major national security work and it is related to national security, social stability. Thus, the information security class protection is the objective and urgent needs of information security in nowadays. However, the information security class protection has just started in China, and the lack of complete and sophisticated operational techniques cannot meet the different needs of enterprise level of security protection. based on this consideration, the Paper introduces an information security class protection risk assessment model based on the main business, which can make class protection start from the enterprise business and focus on important information systems.The focus and innovation of this essay is shown on the follows:1.This essay presents a new approach which identifies the major enterprise information systems by main business. In any organization, the aim of information security is to guarantee the normal operation of business organizations. According to different hazard levels on Countries, organizations and individuals, we divide information systems into different security levels. In this essay, we set up information security risk assessment model based on the main business, in which we transform business security into asset security which can be qualitative and quantitative measurement. When Organization's businesses change, we should change information asset security levels. There is no "one right way"to implement information security management.2.Using a new classification to make asset identification. From inside to outside, we divide information assets into great classes:common information assets, common carrier assets and private information assets. This method fully considers the fact that different levels of information assets have different effects to information security.3.The method of classification and identification of information assets based on the analytic hierarchy process (AHP). The classification of systems is made scientifically by using the analytic hierarchy process which is logical. After classifying the systems, we can identify which level protection should be made. And at the same time we can further sort the assets of the system to distinguish between the core assets. The essay fully embodies the essence of class protection by implement asset identification from core business to core system to core assets.