| The Carnegie Mellon? Software Engineering Institute (SEI) is well known not only in software engineering, but also is fruitful in information security. OCTAVE framework represents one of the achievements of the latter.The research task of the thesis comes from the special project"Information Security Risk Assessment for the Critical Government Departments of Chongqing"funded by the Information Head Office of Chongqing. Researching OCTAVE is one of the most important aspects of the project.Main achievements of the thesis are as follows:OCTAVE and its features analysis. OCTAVE concerns the assessed organizations themselves, with emphasis on critical information assets and their security requirements for the business continuity. OCTAVE has the capability to identify the information assets to be protected;OCTAVE assessment process research. Taking the real information security risk assessment for e-governments as the goal, to solve related problems, I research each of critical steps in the OCTAVE process, and present a pruned, tuned and integrated scheme of it;Auxiliary tool development. Since the asset identification is the most important and complex step of all, in which there are a lot of manual work and data collection, an auxiliary tool are developed for it according to software engineering method;Practice and verification. The above results are applied in a real e-government system. This provides a successful case and in the same time, verifies the effectiveness in practice of the above results. The achievement of the thesis is valuable in a practical point of view. |
PDF Full Text Request