The Research And Design Of Risk Assessment Calculation System

With the high-speed development of informationization, especially the gradually deepening promotion of the construction of the current rising information system, e.g. e-government and e-commerce, informationization increasingly becomes an important factor to promote the rapid development of economy and industry. While opening to and sharing with the public, information system network is also inevitably attached to some potential security risk. If these information systems or networks were attacked and paralyzed, there must be a great influence on politics, economy and society. So the situation of information security assurance is very grim.Information security risk assessment is a work for the purpose of enhancing the protection and management of information system security by technical means of assessment, verification, analysis, and so on. By this work, people can find out main problems and contradictions in the information security, as well as methods to solve them. However, the assessment is usually done by manual work, which exist too many disadvantages, such as its complexity, lack of standardization, too many calculations and errors. Therefore, it is very significant to design a risk assessment calculation system in terms of the requirement.With the contemporary information security risk assessment as its research background, this thesis is based on the theme that is how to achieve the design and application of risk assessment calculation system. Through analysis and discussion, three steps are followed in this paper, which include raising questions, theory induction and technique realization. The thesis also analyzes the implementation methods of risk assessment, such as assets, threats, vulnerability identification and assessment evaluation. On the base of experiences and methods formed in practical assessment, and according to relative risk assessment methodology and application standards, the present author analyzes the overall framework of risk assessment calculation system from the view of system designer, and launches the issue about how to implement the risk assessment calculation system.On the base of the research of risk assessment calculation system, this thesis actualizes the part of the analysis calculation of risk assessment, and try to combine the theoretical assessment method to the practice before its application in the system. Thus, it actualizes the primary automatization of assessment calculation, and lays a good foundation for the further development and improvement in the future.