Design And Application On Telecom-class Internet Security Risk Assessment Model

Telecommunications is a national economy and strategic industry, and telecom network is the most important information infrastructure in the informatization. Telecom-class Internet safety has drawn greater attention because it is the basic network platform relationship with an important guarantee for security and stability of residents'production and life.Wang Li-dong proposed a method of assessment computer system and network based on privilege-escalating in his article "a quantifiable computer systems and network security risk assessment methodology" [1], which is called Wang's Quantitative Risk Assessment Method. This method describes a computer system and network security assessment method using vulnerability identification. However, this method only researches the function of vulnerability identification in the network security risk assessment instead of the factor of the assets and threats, but does not take into account some characteristics of Telecom-class Internet.This dissertation deeply researches the reference standards of common risk assessment and network security risk assessment model based on the analysis domestic and abroad current security situation of Telecom-class Internet. Then it designs a risk assessment model based on security event, bringing forward assessment architecture reference the feature of telecom network and domestic telecommunications standards with the embryonic from Wang's Quantitative Risk Assessment Method. This model describes the whole process of risk assessment, and discusses the evaluation process, the content of assessment work in every section on detail. It discusses the quantitative methods of asset identification, threat identification, vulnerability identification, and calculates the risk value of every potential security event using Multiplication Method and then it gets the risk value of the entire network with weighted average method. This model will be used to assess Web services of Internet applications for certain A province branch of China Telecom, and bring a reasonable reinforcement proposal for potential security risks in this assess. Meanwhile, it analyzes network security risk assessment model base security event with the method of quantitative and qualitative, compared with Wang's Quantitative Risk Method. And it carry out that the method of network security risk assessment model base security event is more suitable for Telecom-class Internet security risk assessment.This designed assessment model is significance of exploration Telecom-class Internet security risk assessment. The theoretical model provides reference for researching in the field of network security, and the application to assess Web Services of province of China Telecom provides reference and help for other Telecom-class Internet security risk assessments.