| Information resources is an important strategic resources for social development, with the overall speed-up development of national economy and information society, information technology go deep into our political, military, economic, social, business, all areas of life。Large numbers of digital business are emergence such as e-commerce, e-government, e banks, digital libraries, and online media. With the increasing degree of dependence on information, the issues on information security stand out and becoming prominent on national security. How to determine the degree of risk on information system? Whether the security control measures is effective? What is the level of system security? How much risks are still not under control? How to balance the investment on information system and system risk? There are still a lot of issues need to be answered.Risk assessment is a very complex and challenging task, it requires detailed work, expertise support. Project management is also complex, so if you want to complete the information security risk assessments better, you need the help of information security risk assessment management tools. The technology such as expert system let the risk assessment tools not only provide users a risk assessment solution by a simply customized model, but according to expert's experience, reasoning analysis then giving the best control measures. Intelligent risk assessment tools have learning ability, and it could continue to use the new knowledge generated during the process, it has the ability to solve new problems. Expert system-based information security risk assessment tool is an important direction.This paper studies the risk assessment based on expert system methods and technology. It focuses on design and implementation of risk assessment and management system. It also introduces the concept, standards and methods of risk assessment, and analyzes current mainstream risk assessment tools. Based on the scholars'research in related fields, this paper proposes a dynamic risk assessment approach, which compare and analysis a single resource to identify threats to asset bases on the static evaluation, and then use a comprehensive analysis system to implement an integrated risk analysis. According to this risk assessment method I design a risk assessment and management tool which is used to the management of risk assessment project and evaluation of system risk. I also give a preliminary system validation to verify the availability of assessment method and system. |
PDF Full Text Request