Study On The Risk Assessment Of Information Security System

With rapid development of information technology, the information system has been widely applying in government, national defence and economic sphere etc., and the operation of the society has been more and more depended on information system. So security risk assessment of the information system is investigated abroad. With the study of risk assessment, the point that the technology cannot brim the information system security totally is accepted. The problem relates to many parts such as rules, policy, standards, technology and so on. Its solution must take account of the view of the engineering, namely the information system safety engineering. Risk analysis and assessment bet a bid footing in this information system safety engineering. The security problem of information system is more and more related to the economic development and national defence etc.Therefore, evaluating risk effectively, selecting effective defence measures and defending information threats actively are the key points of resolving security problems of information system.Risk analysis helps the administrator to know the security of the whole system, base on the research of system architecture, policy, staffs and equipments, such as workstation, server, switch, database application. Risk assessment is a main technology of web security protection and a part of information security engineering. According to the security policy and rules, risk assessment checks vulnerability of the system by simulating the attack and tells the risk level and the way of control threat.The paper makes an introduction firstly to information system security and risk assessment, and then it studies on the research of relative standard and the analyzing way of system's asset, threat and vulnerability. It also studies on trend of the information security risk assessment system. It also tells the analyzing way and sort method of this system by describing the system's modules step by step. At the end of paper, After introducing Information Security Management System (ISMS) standard and its implementation processes, this paper analyzes the importance of the controls, brings forward a risk assessment method in ISMS. This paper also discusses a risk assessment system in ISMS, and offers a complete assessment course.