The Design And Implement Of Information Assets Risk Management Information System Based On J2EE

As entering the new century,and the advent of the Internet,the information revolution work has brought profound influence to people's life.In addition to traditional form of enterprise assets which have an important business value to enterprises,there emerges a new form of enterprise assets-information assets.Information assets refers to the enterprise-owned or enterprise-controlled information resources that can bring future economic benefits for the enterprises.There may be defects on their hardware,software,protocols,or system security strategy,so that the attackers can access or damage them in an unauthorized condition,thus cause a threat to the systems utilizing them.Considering that information assets may produce the risks stated above,in order to do a good job of information security in a new situation,telecommunication operator A proposed the demand of developing an information asset management system.The theoretical basis of this system and the evaluation standard derive mainly from the concept of information assets security,'information assets security' is a concept deriving from the traditional concept of information security.During the evaluation of the degree of the risk of information assets,this system reasonably cuts and follows the information security risk assessment standard of OCTAVE(Operationally Critical Treat,Asset,and Vulnerability Evaluation),it alse gives attention to staff,the threats to assets and the weaknesses of the assets,and many other factors,it alse flexibly utilizes the Analytic Hierarchy Process(AHP)to evaluate quantitatively the risk of information assets,and emphasizes some important qualitative attributes of information assets to meet the demands of specific requirements.The system utilizes the widely-used J2EE technology,is based on B/S architecture,combines open source frameworks such as Struts2,Spring and Hibernate,and utilizes design patterns such as MVC,factories,agents.The system architecture is designed layeredly;this reduces the coupling between components,and increases reusability and expansibility of the system.This system obeys the principles of software engineering development;the work starts from demand analysis,to profile design,detailed design,finally to running and test.After all these,the gains and losses of the work are summerized and the next step work is put forward.