| As a type of resource and assets, information is so valuable that its security gets more and more attention. Furthermore the risk management technology provides powerful supports to guarantee the security of information. The risk management contains lots of security technology including vulnerability scan, threat recognition, risk assessment and response technology. This paper presents a risk management platform based on the related technologies and the risk management models. The risk management platform consists of three layers including information collect layer, information assess layer and security response layer.In the risk management system, the risk assessment is the basic and first indispensable step. The risk assessment deals with the results of vulnerability scan and threat recognition with some special methods. This paper proposes a kind of algorithm based on probability, this algorithm thinks system safety degree is mainly determined by appearing probability of safe incident and losses that the safe incident caused, it adopts suitable method to evaluate these two factors separately, thus draw the quantization result of system safety degree which can reflect the security performance of goal network scientifically and accurately.In the traditional risk management, the response methods are always deficient. We divide the response into passive and active response. The passive response supports the Email alarm and the window alarm, while the active response implements the dynamic protection through the cooperation with the firewall.The final achievement of the research includes the design and the implement of the risk management prototype which is combined with kinds of security technology including security scan, attack source traceback and thread categorizing technology. The implement of response sub-system enable the alarm functions and dynamic protection in the risk management lifecycle. |
PDF Full Text Request