Security Information Of Intranet Supervising System Based On ISO27000

Information security and risk management is an important condition to enhance the competitiveness of enterprises.The information security risk management capability has become one of the factors affecting technical cooperation.Domestic enterprises government departments have been acutely aware of the importance of information security network.Within the network of Business and government departments,there has been a large number of network security information management software,which offers or only the "vulnerability scanning "function,or only "policy risk assessment".In this paper,the intranet network security information supervising system based on ISO27000covers the entire process of network information security supervising,both vulnerability scanning capabilities,but also in line with ISO27000assessment function.Firstly, the paper researches and analysizes the current situations of domestic and foreign security information within the network management system from the aspects "vulnerability scanning system" and "risk assessment system", after understanding the relevant kownleage of network security and information security,as well as the background of ISO27000standards.Secondly, the paper analysizes the necessity and feasibility of realizing network security information supervising system based on ISO27000, after researching the status quo with the domestic network management.On this basis, there has been a clear overall design of the system.Thirdly, the paper researches and analysizes the key technologies of the intranet information supervising system based on ISO27000.On this basis,designed and implemented the intranet information supervising system based on ISO27000.Finally, the paper evaluates this system, according to security information acquired from Agent.The innovation of this paper is the combination of the functions of "Vulnerability Scanning" and "Policy Control Model" tools when the risk assessment is implementing. Upon this, the assessment can not only scan and find security vulnerabilities, but also can assess the security information system’s risks according to the ISO27000, and make the network information security risk assessment automatic to a certain extent.