Research On The Method Of Information Security Risk Self-assessment And Design&Implement Of Its Tool

With the rapid development of network technology, the information spread throughout the networks and its security is threatened severely. So how to provide the secure environment is discussed extensively, and security risk assessment of the information system is investigated comprehensively. With the study of risk assessment, the point of that the technology cannot bring the information system security is widely accepted. The security problem relates to many aspects, such as rules, policies, standards, technology, and so on. The security solutions must take account of view of the system engineering, namely the information system safety engineering.The self-assessment is an evaluating activity that makes organization realize its security status. Self-assessment have important effect in the information security management. In order to make the risk assessment more scientific and reasonable, it is essential to confirm a method of assessment, design the process of assessment, collect a great deal of data, so that people can query, check, test, and analyze the data, and can acquire prolific assessment experience. In order to shorten assessment cycle, save resources, and ensure the process scientific and reasonable, it is important to design and develop an assistant tool.The paper makes an introduction firstly to information system security and risk assessment, based on the research of relative standard, a set of advanced self-assessment method, and some implementary procedure, all of those have directive effect to the risk assessment. And based on this evaluation process, the paper presents an effective design project of risk evaluation. In the project, as characteristic of risk assessment as many elements, complex process, difficult implement and so on, we designed a content information database, it include the information of class and grade of asset, threat sorts, and the system vulnerability, those can help user to identify and evaluate security elements effectively. The project can provide control measures for identified threats. Finally, according to the measure matrix, the risk value is computed, this can make user realize the security status of information system clearly, and adopt effective control measures as soon as possible. Key words:...