Network Security Risk Assessment Based On The Vulnerability Scanning

.As the field of information security issues and the development of information technology increasingly serious, causing widespread attention at home and abroad. But the study found that:the information system is no absolute security, but also the risk of not completely, but when there are security risks beyond the control of security measures only may lead to security incidents. Therefore, security management of information systems is essentially transformed into information systems also inherent risks and safety measures to manage and control, through the analysis of existing risks and risk control measures taken, weigh and reduce risk to an acceptable level, the process of organization and implementation of the information security risk assessment on the discipline to complete. Indeed, for certain information systems security and risk assessment is to strike a balance between, both to ensure the safe operation of information systems, but also to prevent the implementation of risk control measures arising from the high cost problem. Therefore, the risk assessment process is a dynamic, iterative balancing process, reduce the security risk is an ongoing process, but also an asset in the information security risks and the costs of measures adopted to find a balance between the cost of the process.In this paper, the full theory of learning information security risk assessment based on the information security risk assessment describes the development process and the research status of information security risk assessment describes the basic concepts and theories of the traditional risk factors analysis methods, models and assessment aids, pointed out the fault tree analysis method in the presence of inadequate risk analysis and make improvements, as well as traditional risk assessment models ignore the vulnerability in which proportion. Meanwhile, a way to quickly and accurately carry out a risk assessment based on the risk assessment of vulnerability scanning system. Subsequently, the resulting research and practice need to combine research and development of a knowledge-based information systems security risk assessment aids.