Design And Implementation Of Remote Information Security Risk Assessment System

With development of computer technology,the dependence of various departments and units on information system has been constantly strengthened.And now the society is an information-based society.Although informatization brings convenience to our work and life,informatization is a double-edged sword.The security problem in informatization threatens our interests.Therefore,in the process of modernization,information security status is increasingly important.In order to reduce the damage caused by information security,we need to take effective measures to deal with information security.Information security risk assessment is used to assess the security of information system.Through assessment,the results of risk assessment are given to facilitate the resolution of information security issues and reduce security risks.This paper investigates the previous offline evaluation experience,refers to the research status and risk assessment standards at home and abroad,carries out the system's functional analysis and non-functional analysis,and determines the construction goal of the information risk assessment system.The risk assessment design of this article is based on the principle of security risk assessment,and based on the "GT/T20984-2007" standard.Conduct risk assessments from three aspects:assets,threats,and vulnerabilities,clarify the assessment elements of assets,threats,and vulnerability in risk assessments,use scanners to detect the vulnerability of systems,and experts perform asset assessments and threat assessments.Experts confirm that they have security measures then adjust the relevant inaccuracies in the assessment.After the three assessments are completed,the matrix method is used to calculate the security risk value,thereby completing the remote information security risk assessment.The risk assessment system builds a bridge between the information system and people,and the platform provides users with "one-stop" services.The risk assessment system implements the management of user rights,facilitating user management and extension of functions.The system achieves multi-mode creation tasks,including the creation of timed tasks in multiple situations,the creation of post-approval risk assessment experts,assessment experts for asset assessment,threat assessment.The system realize the interaction with the scanner to facilitate the scanner to conduct a comprehensive scan of the information system and find problems.The platform sets the time detection task to complete the function,carries on the regular inspection task progress.After the scan,the data is retrieved for parsing and storage.The calculated risk value is realized by the matrix method,and the risk value is further calculated by calculating the loss value and probability of the security event.Analyze and display the total assessment data from the perspectives of assets,risk values,and vulnerability.The professional data in the assessment is presented to the users in a variety of formats.The reports are mainly divided into host reports,summary reports,and risk assessment reports,which are convenient for users to view and archive.The system realizes the function of the assessment forum to facilitate users to discuss relevant issues.The system provides safety information display function,and facilitate the user to learn more new security issues by displaying the latest safety information so as to prevent them in advance.The system provides convenience short message notification feature,in the process of user management and evaluation process,the user is reminded of the current scanning task's operating status,which facilitates the user's handling and shortens the evaluation period.At present,the remote security risk assessment system has been put into use to support risk assessment,data analysis,exchange forums,personal information management,and safety information management.The overall operation of the platform is well.