Information Security Risk Assessment Research And Application

With the prosperous development of information technoligies and popularity of informatization on a global basis, enterprise informatization and being networked has become a trend and inevitable part of enterprise growth. Only an enterprise is speeding up the process of informatization, which is playing a increasingly important role in the enterprise growth, may it seize a market place in this highly competitive market. The greater an enterprise relies on information system, the more likely that information security will grow into a social issue which will cast influence on economic development and national security. The gist for solving information system security problem lies in effective risk assessment of information system as well as adoption of highly-effecient safeguard measures,which helps steer the safeguard machanism from passive to active. Enterprises in the course of business will be ever facing risks both from internal and external, and thus it carries vital significance to effectively conduct a comprehensive risk assessment on enterprise information system on a regular basis.This article has studied on methods of information security risk assessment in a innovative way from the following aspects:1. The key problems and solutions in the risk assessment process. Analyzing technical problems arising out of key milesones in risk assessment,and proposingcorresponding solutions. Summaring up innovative risk assessment model; proposing asset category classification and assets value calculation as well as computationformulae with respect to information assets identification;proposing threat sources identification and classification and threat analysis measures with respect to threat identificaion; analyzing new risks incidentally arising out of vulnerability identification and proposing coping strategies and prevention tactics with respect to vulnerability identification.2. Case studies. Through case studies, delineating real-life application of risk assessment method, and being verified through practice. Case analysis shows that the method adopted in this research is in line with the actual assessment results.