| With the improvement of the each kind of organization's information degree and the creation of massive data in the process of the business operation, the information system became more and more complex. The development of the organization depends on the information more and more, which made the information security the most important part of the risk management. How to make the information security is the common problem faced to the every modern organization, and the information security risk assessment came to be introduced into the management system of organization. Risk assessment is the basic foundation of the risk management, the first-hand data analyzing with the existing information security system and also is the one of the most important researching content in the field of information security. Before the enterprises choose the security equipment, analyze the security requirement, build the net, test the running of application system, link the inner net with the outer net, transfer the business data or the electronic government affair on the Internet with the third partner, operating the information security risk assessment will help the organization to made the activity under the security framework. Through the information security risk assessment, it can identify the size of risk. Through establishing the policy of information security and adopting the proper controlling object and the controlling manner to control the risk, this made the risk became an acceptable level by avoiding, transferring or dropping.The paper mainly discussed the calculating model of information security risk assessment. On the bases of the qualitative model, the paper presented a new model based on the quantitative, and apply it... |
PDF Full Text Request