| With the rapid development of network technology, network information system plays an increasingly important role both in product activity and daily life. That leads to more and more attention towards information security issue. In this context, information system risk assessment is put forward, which is a technology about how to measure the amount of cost of the information system when security accidents occur. That is, risk assessment can give a more specific and comprehensive description of the information system’s safety, anti-aggressive and recovery capabilities. According to the national standard GB/T20984(Information Security Risk Assessment Norms), risk assessment contains asset assessment, vulnerability identification and risk analysis, and asset assessment is one of the key parts, which directly influences the risk assessment result.This article focuses on the field of network information system assets assessment, which first introduces the background and significance of the research, and summarizes the research status at home and abroad, and then summarizes the knowledge of the asset evaluation and risk assessment, and highlights two assets classification model. On this basis, a hierarchical asset classification framework and an asset database design during the assessment are put forward. It also models the relationship of assets and describes how to value a typical asset. Finally, to illustrate the methodology, a test instance is mentioned in detail.On the basis of a summary about the defects of traditional asset assessment, this project introduce a completely new method to evaluate assets, which concerns about how to make the assessment procedure more regulatory and the result more scientific. At the same time, the asset evaluation, which this paper demonstrates, considers a three-dimensional relationship of assets. That means this method concerns more comprehensive factors and provides a feasible plan for the asset assessment during a whole risk assessment activity. |
PDF Full Text Request