Design And Implementation Of Information Network Risk Assessment System For PanJin Power Supply Company

The business forms of Power Information Network have become increasingly abundent. The security challenges what we are facing are becoming more and more diverse and complex. The information security risk assessmentin research has already been a new subject that fuses information security, operations research, management, sociology and other aspects of knowledge.Using the theory of information security risk assessment,we can establish an effective risk assessment system for information networks of the power company and assess the security level of the company information networks accurately, producing warnings of possible threats in the running system, providing the appropriate protective measures and protection class. It is great significance to ensure that the long-term company information system running securely and stably.This paper discusses the risk assessment and risk assessment status and related theory of the Power Information Network. Meanwhile giving the significance of the development of risk assessment aids, introducing the definition, effect, development of the standards, evaluation factors model, implementation process and principal means of information security risk assessment. The main work of this paper is:design and implement a power enterprise information network risk assessment assistance systems based on the "Information Security Risk Assessment Guide" established by Informatization Office of the State Council. The research mainly focus on four aspects: the risk analysis method, risk factors attribute value method, the design of information base and knowledge base, assessment of a number of experts and the management of evaluating each step.The risk assessment auxiliary tool is designed and implementated by this paper has the following characteristics:it is more experts assessment system; The software contains risk assessment management terminal and the expert evaluation terminal; On the basis of "Information Security Risk Assessment Guide" it designs risk assessment process in risk assessment; It combines with the analytic hierarchy process, Delphi, the decision tree, making evaluation results more comprehensive and objective.