| Risk assessment is an integral part of the process of risk management. It provides the measurement of the system security, through assessing the threats to the existing system, system frangibility, possible capital loss and etc. This paper has mainly researched the problems associated with the use of computer aided system in the risk assessment.This paper has deeply studied two international standards of risk assessment, ISO17799 and ISO 13355, analyzed the definition and relationship models of risk assessment. On the basis of that, it has brought forward the concept of business transaction and designed a computer aided system for risk assessment. The designed system effectively evaluates the assets with business transaction and assesses the risks and deficits with the analysis of possibility. In reference to the process of risk assessment BS7799-2 and SP 800-30 and actual system requirement, it has proposed a realizable and operable process of risk assessment with the aid of computer. The proposed process resolves many problems happened in the traditional process of risk management, which related to high dependency to skilled professionals and other subjective factors. It also enhances the level of automation regarding to risk assessment, lessens the workload of risk analysts, and ensures the objectivity and accuracy of the final result. |
PDF Full Text Request