Research On Information System Security Risk Assessment Based On BS7799 Standard

Along with the computer of development and popularization,computer virus,computer brigandage,the server's illegal intrusion have already become increasingly widespread. Any business enterprises and their information systems may face many fargoing security threatens, such as computer humbug, detection, sabotage, fire, flood and so on. It is necessary to evaluate the security of information system.The results of then system security's risk assessment have important instructional function on the organization agencies in the choice of the information security measure and the reasonable decision-making during the construction of the information security safeguard.But our country's risk assessment is just being started. There are a lot of problems deserving to study .several aspects about security risk assessment of information systems have been discussed in this paper.1. Through the research of risk assessment essential factors' relational model,discoved the general model existed the shortcoming in static state consideration. The shorting had been overcome by extended evalutation factors , especially gave prominence to people and evaluation rank, obtains the new risk assessment factors' relational model.2. Through the analysis of the international popular information security assessment standard CC,BS7799,SSE-CMM.Obtains the structure of the BS7799 standard is extremely clear. With the aid of it implements the risk assessment is clear and influent. The person who implements it can carry on the choice and operation according to the catalog, It is also convenient for investigation, education and training affer the risk assessment.3. Through the research of BS7799 and quota and qualitative method's analysis, which aiming to explore an improving, combining associative observation with quantity risk assessment method to conquer the disadvantage of single risk assessment method.As designs a risk assessment method, the paper adopts method combining with fault tree analysis and risk model contribution analysis to put into effect and applies BS7799.4. The scientific and feasible nature of this method has been confirmed through the simulation research of the concrete case.