| "Informatization promotes industrialization, industrialization drives informatization". Nowadays, the development of modern industrialization can't do without the support of information technology platforms. However, as enterprise' ClOs, while being fully aware of that there actually having safety risks in information systems, we would be more likely want to know what are the primary risks , and what measures should be taken to improve the safety level of information systems. Risk evaluation could give an objective assessment to enterprises' information systems, and based on the results of it, relative deployment could be done to make the cyber situation more optimal. Among information system safety risk evaluation methods, Qualification assessment and quantification evaluation are two mainstream methods.Quantification evaluation can reflect the enterprises' safety level more directly, but for enterprises, especially large-scale enterprises, there are many different types of information systems, complicated cyber & equipment architectures, it's not wise to adopt general quantification evaluation method, and merely sample quantification evaluation method is not accurate either. It is urgent to investigate a set of information safety risk evaluation means for enterprises, i.e. an enterprise-based information safety risk evaluation method.The enterprise-based information safety risk evaluation method is according to the features of large-scale enterprises, in accordance with the defined evaluation contents and procedures, classifies information systems in term of its type and proportion, selects the evaluation objects and sample amounts. At the same time, according to the functional relationship among enterprise's asset, threatening factor and frangibility, the method selects a proper risk factor expression, and finds out a reasonable evaluation value for enterprises' information safety risk. This has significant meaning to large-scale enterprises.The thesis studied the information safety risk quantification evaluation method, showcased an instance of information safety risk quantification evaluation project in Beijing Yanshan Petrochemical Company. Based on relatively precise evaluating objects and sample amounts, the thesis carried out research ,test and analysis tasks, quantified the three elements(asset, threatening factor, frangibility),calculated the corresponding risk factors, and find out the most-urgent information safety risks to be solved in Beijing Yanshan Petrochemical Company. |
PDF Full Text Request