| In recent years, information security incidents showing a significant increase year by year trends. Through decades of research, people gradually come to realize: information technology system security issues alone is not to be addressed thoroughly, and no single level of safety measures can provide genuine all-round security, information systems security issues resolved more should stand in systems engineering perspective to consider. This systems engineering, information system security risk assessment occupy an important position, which is the basis of information systems security and premise.In large-scale information systems, operational systems quantity and the assessment involves a wide area, difficult, and different operational systems of the various elements of mutual security coverage, assess their own assessment of the contents of the work will lead to the redundancy and duplication of information systems such as the location of the environment the safety factor on all operational system to produce similar effects. Therefore, it is necessary under the operational characteristics of the corresponding type of business, in the assessment process to a representative of a certain category of business focus assessment.However, risk assessment needs a large amount of data collected to assess a complex process, the system needs to retain all the data collection for future inquiries, checking, testing, analysis, and needs assessment evaluation staff has rich experience. Therefore, the development of the design of effective assessment tools for shortening the evaluation cycle, saving manpower and resources to ensure that the scientific assessment of the effectiveness of the implementation of utmost importance.This thesis introduces the existing risk assessment related theory, has described the various assessment methods, including: asset assessment, threat assessment, vulnerability assessment and evaluation of existing security measures. According to a security assessment theory and the classical model in the light of experience in the safety assessment, a business-oriented risk assessment methods, its operational characteristics of the overall security system as a target for assessment of the basic unit is a complete business process ( or sub-process), instead of an independent IP address with the system components (such as servers, network equipment, etc.). And in the current customer demand for a risk assessment system based on the realization of the method for supporting automatic assessment tool system.Finally, population and human resources information systems for a complete business application processes, as measured by the object, from the perspective of information security agencies to examine the operation of the business process and, through improved security and in-depth assessment of the safety recommendations. |
PDF Full Text Request