The Research, Design And Realization Of Security Risk Assessment System Based On BS7799

As a type of resource and assets, information is so valuable that its security is being paid more and more attention. Furthermore, risk management provides powerful support and countermeasures to guarantee information security. In risk management, risk assessment is the basic and first indispensable step. This paper focus on the application of the information security management standard-BS7799 to information security risk assessment and a whole set of designing scheme is provided, which is finally implemented in software form. The achievements and new ideas in this paper are as follows: Significance of research and development of the assessment tools of information security risk is analyzed, the relation between information security and information security risk assessment is discussed, the familiar risk assessment standards and risk assessment tools are introduced. The relevant concepts in risk assessment, assessment process, assessmentmanners and countermeasures against risk mitigation are systemicallyintroduced. Moreover, the content and characteristics of the BS7799standard are briefly discussed. The familiar security risk management models, risk assessment modelsand its assessment methods are studied and summarized. A detailed analysis and design scheme of this assessment system by using Object-Oriented method is provided. A set of risk assessment model, method and assessment flow suit BS7799 (in the form of software) is designed for the first time in the field of security assessment. Detailed guidance in realization and achievements of this tool are presented, and this system's feasibility is well validated in practical use.