Abstract:

Based on the analysis of current situation of information security, combined with the new security trends and new business needs in operation security audit field, this article mainly studied the development trends of the operation security audit system, given the technology roadmap for the next generation operation security audit system in three directions: governance, risk management and compliance. In order to solve the lack of effective risk management mechanism for current operation security audit system, this article studied the topic of risk management for the next generation operation security audit system, including risk identification, risk assessment, risk awareness, proposed a security risk analysis methodology with CORAS framework, introduced how to implement it on the operation security audit system through a step-by-step technological method in different scenarios and models. At last presented the risk awareness process using Bayesian theorem.

Key words: operation security audit system, risk management, risk awareness