Risk Assessment Of Information Security Management Based On ISO 17799

Information system is the kernel of one organization. The security management of information system is a dynamic circulatory evolutive process. As one important portion of it, risk assessment provides the goal and require for the continual improvement of dynamic information system security management model. By the shortage of incompact integration between security management and security technology, many organizations attach importance to security technology and less notice for security management. Based on the current theory results, this paper builds the Management-in-Depth System of Information Security that adaptive to information security technology. This work enhances the connection between security management and security technology, and heightens the status of risk management.Under the guidance of this theory, this paper build the improved risk assessment model based on PADIMEE model and ISO/IEC 17799, and finishes the database design and software design of information security system risk assessment kit. The result increases the efficiency of risk assessment work, enhances the reliability and comparability of risk assessment result, and develops the information security management of our country.