| With the ceaselessly deepening of China's informationization, information security is increasingly prominent. Not only the informatization construction projects are threatened, our politics, economy, culture and military, and other aspects are still affected. Information security has risen to component part of national security. E-government information system,as the carrier of the state administrative organs and the public service window, its reliability and safety is closely linked with national welfare and people's livelihood. Information security risk assessment is an important measure of safeguarding e-government information and directly affects the normal operation of local organs of state administration at different levels. At present, information safety risk assessment work in China is still in beginning stage, standards and specifications are slightly macroscopic and abstract, depth of literature research is limited, most of them are theory and technology models. Summarizing of technology implementation system and implementation experiences is very meager. According to the needs and deployment of the national e-government information assurance construction, e-government information safety risk assessment technical and application developing subject research, constructing the pertinence, executable e-government information security risk assessment technical framework and implementing system is urgently needed.By a lot of domestic and international standards, policies and regulations and technical literature study, this thesis, deeply understands the technical theory and the developing situation, compares and analyses the characteristics and advantages and disadvantages of the domestic and international standards and technical methods, clears the relations and differences of three information security measures: the safety evaluation, risk assessment and grade protection, and clarifies positioning and function of the risk assessment, establishes the risk assessment technical route. Through nearly 200 e-government evaluation, evaluation project material and extensive literature's comprehensive analysis, prominent risk of our E-government development situation and existing is concluded. Based on fully absorbing advanced foreign information safety risk assessment system, foreign and domestic risk assessment system are interinfiltrated. As the three kinds of measures, the combination of safety appraisal, risk assessment and grade protection are fully considered. Follow our E-government policies and regulations, by comparison, simplify, refining and extraction, referable information system of the whole life cycle'E-government information security risk assessment technique'framework is constructed..With comprehensive understanding and thorough seizing of Standards of home and abroad as well as the faithful implementation of policies and regulations by The Ministries of the State Council, the 'E-Government Information Assurance Risk Assessment Implement System' is structured based upon the Technology Frame Structuring together with the Three-year project practice and experience. This system provides an effective guidance to the specific Risk assessment project, summarizes the content, methods and achievements in all phases, counteracts the flaws in risk-assessment-tech understanding and seizing of ordinary assessing-personnel, unifies the procedures and methods of Risk Assessment, promotes efficiency and then assures the Stringency of assessments. The Implementation System is applied in projects and its applicability and operability is reflected by typical cases in this way. More than a year the implementation system is not only widely accepted due to its good effects and standard procedures, but continuously complemented as well by going through dozens of projects... |
PDF Full Text Request