The Design And Implementation Of Business Oriented Risk Analysis System

The rapid development of the information age has brought us convenience in life and work,and it has also made the issue of information security increasingly prominent.While information has brought convenience to enterprises and organizations in production,operation and management,we need to be highly vigilant against the risks brought about by this information.Whether it is the collapse of an important business system under attack or the disclosure of important information,it will cause a fatal blow to the enterprise and the organization,and the loss will be disastrous.Therefore,it is necessary to develop and design a business-oriented risk analysis system to achieve the goal of looking at problems from a global perspective and grasping the health status of business systems in a more macroscopic and accurate manner.The business-oriented risk analysis system is based on the business level and takes the "risk" as the core to design functional modules,including eight functional modules:business asset module,vulnerability module,threat module,risk module,alarm module,report module,system module,and permission module.Asset value,vulnerability and threat constitute the three basic elements of risk analysis.In risk management,when the risk value reaches a certain level,it will trigger a risk alarm.The alarm can be sent to the security administrator in the form of an email at the earliest time,allowing the security administrator to quickly learn about the incident and quickly locate the problem through the system traceability function to quickly solve the problem.In terms of collecting logs,a variety of acquisition modes are provided to ensure log collection integrity.It provides functions of importing and exporting of parsed text to make log parsing more accurate.The system also implements custom report functions that make report output diversified.The architecture design of the business-oriented risk analysis system divides the system into five levels according to the data source,data interface layer,business logic layer,presentation logic layer,and presentation layer.Beginning with the data source and progressively going through the presentation layer,they fully demonstrate the value of a business-oriented risk analysis system.By analyzing data from various graphs and tables,the security administrator can clearly understand the risk of each business system.The system uses JAVA language for programming,employs MySql as a system database,and applies XML as a standardized file to develop system functions.The system generally achieved the design goals,and the test results reached expectations.The application of the system changed the status quo of analyzing the risk of the information asset from the perspective of a single asset,and realized the security risk analysis of the entire business system from the perspective of the business system.