| In the early stage a security solution for an information system consists of combination of various single techniques only, and the current trend solving security isses is to put the top-design and security framework incuding security laws and security strategies in the first place.Laws and policies have been published in China, in which the classified protection to information systems (CPIS) is to be defined as"a fundamental policy of information security"and the risk assessment (RA), on the other hand, is to be defined as"a main approach to deploy the fundamental policy". It is obvious that CPLS and RA are two frameworks that will be titly related each other. RA, moreover, plays a crucial role providing benchmarks to CPIS. In this dissertation one of main-stream RA standards, BS 7799, has been investigated for its potencial applications in CPIS.The main work and results of the dissertation include: analyzed the key idea and contents of BS7799 standard, and considering the difference in management culture and CPIS in our country, pointed out the issues in carrying out BS7799; fine tuned the BS7799 in order to make it adaptive for our country while keeping the advanteges of BS7799 in risk management; by designing and implementing an auxiliary software tool, the above research results were applied to carry out the information security risk assessment for a real information system effectively, which shows that the achievement of the dissertation is feasible and practical, and is a good reference for the future risk assessemt practices. |
PDF Full Text Request