| With the development of the Information Technology, it has been the main technology to support the business of the enterprise. How to identify and control the risk of information has earned great importance. We wish to combine risk assessment and information security management, with analyzing, assessing and controlling the risk effectively, in order to lower the system risk to a receivable level.According to the above requirement, the article starts from the information assets, submit a security management guide and risk assessment methodology which is proper for the container transportation enterprise to manipulate, clear steps and standardization. We can use the article to instruct and control the risk of the organization, in order to create information security management system which can be improved continuously.The article begins with concept of the historical development of the project management, information security and risk assessment. It also states the important meaning to set up an easy and effective risk assessment methodology which comes from the concept of the project risk management.After analyzing the character of the container transportation enterprise and the difficulty of the information system risk, we suggest applying the theory of the project risk management into the information security risk management, and the detail steps of every job and procedure.We design an information security management guide which is easy to work for the internal enterprise, and based on the guide, we redesign a model of asset assessment and threat influence analyze. We also design a standardization which is easy to measure, judge and manipulate.At last, we demonstrate the risk assessment standardization and the application of the procedure thoroughly. We also use different statistics to depict the reasonability, validity and maneuverability. |
PDF Full Text Request