信息系统风险分析方法及应用

Method of information system risk analysis and its application

以计算机和网络技术为基础的信息系统成为医院正常运行的重要一环，信息系统的风险分析和防范日益重要。文章阐述了信息系统风险分析的一般方法和过程，提出风险分级逐级防御的方法，对风险进行有效的识别和管理；强调了风险分析和防御后评估和跟踪的重要性。并按上述方法对北京市红十字血液中心信息系统的风险进行了识别，得出风险应对表，形成识别、控制、评估和跟踪的持续改进过程，并在实际系统改造项目中实施防御。

Based on computer and network technologies, the information system has grown into an important part for normal operation of hospitals, pushing up the importance of its risk analysis and defense. This article briefly described general methods and processes of risk analysis for information system, brought forward methods of risk classification and level-defense to identify and manage risks effectively, highlighted the importance of risk analysis, after-defense evaluating and tracking. This method is called into play to identify risks exposure of the information system of Beijing Red Cross Blood Center, contributing to a risk response table, developing a sustained improvement process for risk identification, control, appraisal and tracking, with defense carried out in specific system upgrading projects.