Research On Information Security Risk Assessment Based On The Petroleum Industry Office Private Network

At present,with the advent of the information age,information systems are widely used in all aspects of life.Large amounts of data and information are transformed from paper forms into electronic forms,and are generated,transferred and stored in information systems.While bringing work convenience to people,information security risk incidents occur from time to time.The use of risk assessment methods to identify risks in advance and resolve risks has been widely recognized and applied.This article is based on the petroleum industry's private office network,with the help of quantitative analysis technology,to carry out information security risk assessment research.The main results are as follows:(1)Complete the research on the quantification of risk assessment.First,based on the actual situation of the oil industry office private network,we give an improved risk assessment element relationship diagram;secondly,we combine the previous investigation and understanding of the risk assessment work,according to the impact of each element in the risk assessment element relationship diagram Relations,choose Analytic Hierarchy Process,Fault Tree Analysis and Min-Max standardized processing methods as the main means for subsequent quantitative analysis of risks;Finally,we use Analytic Hierarchy Process to model assets and vulnerabilities,and use Fault Tree Analysis Modeling threats,using Min-Max standardized processing methods to process the numerical calculation of assets,vulnerabilities and threats,completing the research on the quantitative work of risk assessment,and providing a theoretical basis for subsequent risk assessment work in the actual system.(2)Complete the risk assessment of the actual application system.According to the actual situation of the system,and through the statistical analysis of the security incidents that have occurred in the system over the years,the identification of assets,vulnerabilities and threats is carried out.Subsequently,based on the theoretical basis of the preliminary risk assessment and quantification work,the calculation models of assets,vulnerabilities and threats were established and assigned values,and the risk values were accurately calculated based on the assignment results.For high-risk items,combined with the existing security measures and actual work experience of the system,corresponding solutions were proposed,and the information security risk assessment of the entire system was completed.The evaluation result is in line with the real situation of the office private network,and provides a certain reference for the follow-up security and confidentiality work.