Netinfo Security ›› 2015, Vol. 15 ›› Issue (2): 7-8.doi: 10.3969/j.issn.1671-1122.2015.02.002

Previous Articles     Next Articles

Research and Implementation on Information Security Risk Assessment Key Technology

WEN Wei-ping1(), GUO Rong-hua2, MENG Zheng1, BAI Xiao1   

  1. 1. School of Software & Microelectronics, Peking University, Beijing 102600, China
    2. LEETC, Luoyang Henan 471003, China
  • Received:2014-12-17 Online:2015-02-10 Published:2015-07-05

Abstract:

Information security is the most concerned problem in the development of global information. As organizations get into the era of information office, almost all the information of organizations is stored in the information systems. Once the information system encounters threats and attacks, it will be hard to imagine the damage and loss. The rules for safety risk assessment were initially put forward abroad, now are applied widely in the area of information security. The article firstly introduces the theoretical basis and process of risk assessment, including the definition of risk assessment, the relationship between risk assessment factors, safety risk model, and the common risk assessment methods. Then the article introduces the structure design and function modules design of risk assessment and control software. The software involves asset identification, threats analysis, vulnerabilities analysis, confirmation and assessment of the existing security strategies, comprehensive risk assessment and assessment report output. Combining with the SQL server database and Tomcat middleware technology, the risk assessment system is implemented and tested in the test platform. In the process of designing the assessment software, the vulnerability detection function is added, which provides further security safeguard for assessment. The modular structure of the system is simple and clear and the assessment function is strong, achieving the prominent effect.

Key words: risk assessment, asset identification, vulnerability analysis, threats analysis, vulnerabilities detection

CLC Number: