Study Of Computer Information System Security Risk Assessment Standards And Methods

With the development of computer information systems, it is necessary to assess the security of computer information systems. Computer information systems risk assessment which is an assessment of the vulnerability and the negative impact that was generated by it, the threat to information systems and the possibility of occurrence, are the basis of the computer information system security assessment. The results of information system security risk assessment play an important role in guiding the problem of information security.The computer information systems security assessment of our country has just been started. In order to meet the needs of the development of Computer information systems risk assessment, my main purposes of the study are shown as follows:1. Research on standards, work out a reasonable standard criteria. Under this standard, all the computer information systems have the same traceability of testing and evaluation. And they have the certain comparability.2. Against this standard, I try to sum up an assessment method. The method can be operated and can be actually used. Make the work of computer information system security risk assessment from the theoretical level standards extend to the practical application of the quantitative examination. Make the work of computer information system security risk assessment from the requirements of the standard on the actual assessment extend to the analysis of the technical point.Through access to large domestic and foreign-related information and the practice of more than two years, the main contents and results of this study include:1. On the basis of studying and researching abroad standards, reference and summed up CC on the model of information security framework. We developed the information system security assessment framework. As the computer information systems risk assessment standards, this standard is divided into three parts: Engineering, Technology and Management. According to the three parts of the security environment, determined security target, proposed security requirements, achieved information systems security. Technology standard reference to the CC, divided into 11 classes: Security audit, Communication, Cryptographic support, User data protection, Identification and authentication, Security management, Privacy, Protection of the TSF, Resource utilization, TOE access, Trusted path/channels. Management standard reference to the BS7799, divided into 12 classes: Risk management, Information security policy, Information security organizations, Person security, Asset management, Physical and environmental security, Compliance management, Information security planning, System development, Operation, Business continuity and disaster recovery, Emergency response. Engineering standard which refers to SSE-CMM and other international standards, is divided into: Risk process, System definition, Threat assessment, Vulnerability assessment, Security risk assessment, Engineering process, Determine security requirements, High-level safety design, Detailed safety design, Security project, Provide a safe input, Surveillance security situation, Management of security control, Security Coordination, Support process, Verification and validation of safety, Evidence establishing guarantee. Each class has put forward detailed operational subassembly with the structure of the CC. Each subassembly has a different corresponding class which satisfies the safety requirements.2. Through researching the advantages and differences between qualitative and quantitative evaluation methods, we did a qualitative assessment to the quantification of threats and risk as referring the methods that use in the qualitative evaluation. Then, we got a risk calculation formula by referring the methods which are used in a quantitative assessment for the analysis of the incident probability. After summed up several commonly used assessment methods: FTA, FMECA, HazOp and Markov, we put forward the gap analysis method. The gap analysis method is the analysis method that determines the computer information system risk by identifying, judging, analyzing the difference between security situation and security target of the computer information system. In other words, the risk that the system has is the gap between the acceptable risk and the residual risk. First, by analyzing the requirement of computer information system, we get the security requirement and the security target, and summed up the basic requests of the computer information system security, formulate a baseline (Acceptable Risk).These include the above-mentioned three parts: the security requirement and the security target of Engineering, the security requirement and the security target of Technology, the security requirement and the security target of Management. Second, check the status of the computer information system; check the implementation of security safeguard. According to the description of security situation, check results, testing data, analyze the security situation. Then get the gap between security situation and security target. The bigger the gap is, the higher the risk has.The study of the standards and methods of the computer information systems risk assessment are belonged to basic researching work, it is also the major work of this area. It supports the work of risk assessment in China and lays a solid foundation for the future work of risk assessment.