| With the development of information technology, human lives have a change, but also face many threats. Information security question has become the most important question with the incidence of a variety of security. This problem will be solved not only from technologies and products field but also from risk assessment side. Through the information security risk assessment, we can identify the risks of assets, the size of risk level, and develop appropriate control methods, so that avoid and transfer risk or reduce the risk to an acceptable range.The choice of Information security risk assessment method is the key to information security risk assessment. These methods can be divided into three types, qualitative methods, quantitative methods, methods combine qualitative and quantitative which is the most used and effective method, fault tree analysis to belong to this method. Intuitive, clear and logical is the advantages of fault tree analysis. It is applicable for identifying the relationship between the failure events, and finds the possible ways of system failure.The innovation of this paper is establishing a unique fault tree based on the standard of BS7799, which is applied to the Central Library's information security risk assessment. The article first studies the main theory of BS7799 standards, and compare with the popular standards of information security risk assessment. Then described the contents of the fault tree analysis exhaustively, and in accordance with the requirements of BS7799 standard, direct the threats to the system and potential risk of vulnerability as the cause for the fault tree structure, analysis system comprehensively. The method is applied to the campus library's risk assessment, detect the risk of campus library, thereby strengthen risk management, and create a safe reading environment for the majority of teachers and students. |
PDF Full Text Request