| With the rapid development of information technology, information spread through network and its security is threatened. So how to provide the secure environment is discussed extensively. So security risk assessment of the information system is investigated abroad. With the study of risk assessment, the point that the technology cannot bring the information system security totally is accepted. The problem relates to many parts such as rules, policy, standards, technology and so on. Its solution must take account of the view of the engineering, namely the information system safety engineering. Risk analysis and assessment get a big footing in this information system safety engineering. They are the base and precondition of information system security.Risk analysis helps the administrator to know the security of the whole system, base on the research of system architecture, policy, staffs and equipments, such as workstation, server, switch, database application. Risk assessment is a main technology of web security protection and a part of information security engineering. According to the security policy and rules, risk assessment checks vulnerability of the system by simulating the attack and tells the risk level and the way of control threat.The paper makes an introduction firstly to information system security and risk assessment, and then it studies on the research of relative standard and the analyzing way of system's asset, threat and vulnerability. It also studies on the sort method and trend of the information security risk assessment system. After that, it describes the design and implementation of a true risk assessment system, based on the research of famous domestic and foreign assessment methods and tools. It also tells the analyzing way and sort method of this system by describing the system's modules step by step. At the end of paper, it gives an instance of how to use this system and shows the report of assessment result. |
PDF Full Text Request