Research Of Information Security Assurance Based On Risk Management

A practical and we1l-designed information security assurancesystem is one of the critical infrasttuctllres for a countTy to maintain itsstate security and economic interests in infOrmation era. As China hasacceclarate its informatization process, we are facing more and morechanllenges and have to pay more attention to information securityissues. Information secdrity assurance has been taken into theconsideration of "the tenth Five-Year" develOPmtal plan as animportan. objective. Thus the research of infOrmation securityassurance has become an emergent task. This dissertation makes masssecurity of human being as' the senario of information secdrity research.UPon the comPrehensive analysis of its general and unique attributes,the consideration of infOndion security measurements effectivenesshas been introduced. This disseration explores the information securityassurance using the security paradigIn of risk management, andconcludes that the most aPpropriate information security assurance isthe optimal risk management mechansm in the real wor1d. A riskmanagement based infOrmation security assurance model has beenproposed and relevant theoretical research and implemental issueshave been discussed here in the dissedation.First, thehathor recalls historical aPproaches of informationsecurity briefly, and gives fOrmal descriPtion of the nature anddifferen models of information security assurance. Then a riskmanagement based analyZing model has been proposed, uPon which,Afer discussions of the model are given frOm imPlemention's pointof vieW including risk ana1yZing method of complexity theoryproactive security contro1 mechanisms, as well as the method andpractice of infOrmation security testing evaluation and certificationmethodology. The main innovative points of this dissertation includethe fo11owings:1. Theoretical analysis: this disseftation has run formal research onthe nature and different models of infOrmation securityproposed an information security assurance model based on riskmanagement in the rea1ity of China, it also gives description toinformation security risk analyzing method based on complexityand the proactive realtime security assurance frarnework.2. Eva1uation and certification' basically this dissertation usesevaluation and ceftification methodology to analyze and studyinfOrmation security assurance, and takes risk analysis,protection choices and effectiveness eva1uation as importantcomponents of information security assurance.3. The verification of security theory in practice: this dissertationstfesses that it is important to verify the security theory inpractice, and quotes practical cases to illustrate theimplementation of information security assurance technology.