| With the development of Internet, the issue of Website security becomes more and more serious and comes to social attention. The Website security risk assessment is important in the course of Website security construction.Firstly, this thesis presents the definition and object of Website security and research progress of risk assessment at home and abroad. Secondly, the basic conception and theory of information security risk assessment is presented. The development of foreign risk assessment criteria is briefly introduced. And common criteria CC is particularly presented. On the basis of comparing CC with other risk assessment criteria, we find CC may be tailored according to the concrete system and it fits Website risk assessment. Thirdly, this thesis analyze the security requirement of Website according to Web server protection profile based on CC. Fourthly, through consulting related risk assessment standard and model and Web Server Protection Profile of CC, this thesis brings forward Website risk assessment model, confirms the recognition method and assessment method of the property, threat and vulnerability of Website information issue system, and establishes relevant evaluation guideline and half-quantitative risk computational method and formulates the risk rank determination criterion. Finally, an instance is quoted to validate the practicability of this method. Through the example confirms that the Website risk assessment method proposed by this article can reflect the Website actual risk, it has the certain reference value regarding the Website security construction. |
PDF Full Text Request