Research And Implementation On Information Security Risk Detection And Evaluation Platform

With the trends of globalization in data centralization and business centralization, Information systems support every aspect of business operations and processes. Information systems bring great convenience to human beings, but also facing the challenges of information security. As a basis of information security management system, information security risk detection and evaluation is becoming an important means and tools of safety management. It has been paid close attention on its rationality, usability, implement and other aspects. It becomes the focus among information security experts in recent years, that how to better research and develop the tool of information security risk detection and evaluation.The aim of this paper is that how to implement each process of information security detection and evaluation and how to make this processes automation.In this paper, the processes of information security evaluation are researched, and a platform of information security risk detection and evaluation are implemented on the base of combining the information security risk standard and technology at home and abroad. After automatically scanning and discovering unknown assets, the platform can import the assets into its own system and support user to modify the weight of assets as well as enlarge the scope of detection and evaluation through the support of importing checklist modules. The platform support many networking protocols to connect and detect the security risk on assets. And then it can export reports of information risk evaluation after the procedure of analyzing the collected results. The assets that the platform support to detect and assess include all the general software and hardware device, such as operating systems, applications, databases, routers, switches, and firewalls. The ideas of detection and evaluation, framework designed of this platform, automatic procedure, and the design of core modules are shown in this paper. At last, the use of the platform and operation interface as well as the style of report are demonstrated by an evaluating instance, the performance of this platform is also analyzed.