Network Security Risk Assessment Studies

Along with the network information age development, the Internet becomes people's work gradually and lives the essential constituent, but also let the people face the multitudinous secret network threat at the same time. In the network security problem is not allow to neglect. May distinguish the risk size through the network risk assessment.Through the formulation information security policy, adopts the suitable control goal and the control mode carries on the control to the risk, causes the risk to avoid, the shift or falls to one may the level which accepts. Therefore, to the network security risk assessment correlation content research and the risk assessment system design is the this article key duty.This article through to the network security risk assessment appraisal technology, the method and the appraisal flow and so on the correlation theories research, on the basis current international ISO/IEC17799 standard, ISO/IEC13335 "IT Safety control Policy" and so on the network security appraisal criteria, has established the network security risk assessment model, has carried system disposition on the network security risk assessment system,and the database architecture design. According to risk assessment model which establishes, appraised the system divides into the property appraisal module and the loophole risk assessment module. The property appraised the module uses the B/S pattern, mainly is the property information collection and the property important appraisal; The loophole risk assessment module network architecture is the superintendent/proxy is the C/S pattern. Uses method which qualitative and the quota unifies, and "the quantity" two angles carries on the analysis from "the nature" to the network risk, and used the fuzzy comprehensive judgment to realize the risk computation. Finally through the risk analysis, obtains in the system to organize the risk rank which the internal each information property faces, as well as the organization faces whole security risk condition. According to the risk analysis, may carefully understand clearly organization interior each property in the security condition as well as the management, the operation, the maintenance exist the security problem, has basically achieved the network security appraisal goal.Through to the network security risk assessment research, had a more profound understanding to the current information network development, safe is not absolute, follows the network development to be able to appear the new risk, appraised the method also changes along with the risk production. Therefore, in order to guarantee the network system the security, renews the network appraisal technology unceasingly, simultaneously takes the effective safe protective measure.