Enterprise Information Security Management And Risk Assessment System Research

With the rapid development of information technology and popularization of the global information, enterprise informalization has become the general trend of development of enterprise. Enterprise only speed up the process of information to base on the increasingly fierce competition in the market. In recent years, due to gradually increasing the size of enterprise business and market safe products, a substantial increase infonnation security management and implementation become the most concern. As computer networks and local area network link itself with the diversity of the uneven distribution of terminal and network openness, connectivity and other features, enterprise information security is threatened. Therefore, the network information security and privacy become the core issue of concern, at the same time, for enterprise information management put forward a huge challenge. In addition, for enterprises, information is the asset, it means that involve risks and assets. The enterprises business process always faced by internal factors and external factors of risks, therefore, imply the effective comprehensive evaluation to the enterprises information security risk has a very important, significance. In conclusion, to ensure smooth operation of enterprises stability and further development, developing an information security management and risk assessment system is of great significance.This paper first analyzes and studies the current enterprise facing the information security management problems,detailed analysis the status problem of enterprise infonnation security management technology conditions. Compared the traditional information security management process characteristics and insufficient. In understanding the information security management model,and the research background of this paper is based on the small and medium enterprise, committed, to the current enterprise actual operational status, under the premise of proposedaenterpri.se information security management system. This system divided the enterprise information security management system into eigir subsystems, each subsystem is assigned a different information security management function, through a unified integrated management all subsystems information, finally, collect and summarize the information data submitted to compile the total system. The system has good visual interface, further the enterprise information security maintenance management work, while reducing the enterprise’ s human resources. In addition, for the enterprise facing the threat of risk, this paper discussed two aspects of the enterprise risk assessment arid develop security strategy, focused on risk models, risk assessment information asset identification, threat identification and vulnerability identification method, and thus build a calculated risk the mathematical model. This calculation model is simple and intuitive, unified calculating method, has good maneuverability,it ensure the work quality of the risk assessment while reducing the intensity of risk assessment work, laid a theoretical foundation on making the reasonable and effective security strategy.