Design And Research Of Information System Security Evaluation System Based On.NET

With the recent years of information security incidents blowout,information security issues have gradually been taken seriously, for the security of information systems has become a problem to be solved in all walks of life. The security evaluation of information system is a very important step in the system data and service security protection, only to evaluate the system security situation, can we find the problem in time.So it is very necessary to develop a system to evaluate the security of enterprise information system.At first, this paper analyzes the traditional safety assessment system,automated assessment of the limitations on the information system itself only, and domestic level protection technology development status, in Guizhou Province is put forward for the first time in related technology and principle of information system grading evaluation as a safety assessment based, design and development of a based on B / S structure safety evaluation system. System design process fully considered the quality, efficiency and safety of the balance of the relationship between the three systems, the system evaluation is more objective,comprehensive, rapid and safe. System design to achieve seven big modules, respectively is the module of the user information, the generalsituation of the project implementation module, information system module, safety control for on-site verification module, assessment of the overall statistics module, a risk assessment module and automation of the overall assessment module. Refinement level protection assessment process, the collection and analysis of information system data are also realized in the system function, refine the information system related to the physical security, network security, host security and application security, data security and system security in 73 control points in the 290 Ann assessment tests, safety evaluation elements of three- layer tree hierarchical hierarchical structure model is established is proposed for the first time on information system security assessment of layered quantization score, calculated by weighting system. Finally, it is concluded that information system security assessment scores. The system through years of experience in the evaluation, organize and improve the safety evaluation knowledge base and automated risk assessment module, makes the safety evaluation more scientific, also system development completed greatly save the unit of measurement of information system security evaluation of time cost, reduce manual operation error, through the use of the tool can not only greatly enhance the safety assessment of the team cooperation ability, work efficiency and the ability to analyze risks, ensure the safety of the report quality improvement and business data.