摘要
信息安全问题越来越严重,仅仅依靠单一的产品预防根本无法安全有效地保护公司网络信息系统。对此设计一套应用于公司安全风险等级评估系统。风险评估是按照国家有关标准、规范,从信息系统的完整性、保密性及可用性等因素进行综合分析的过程。它和等级保护相结合成为一种有效的风险分析手段。该系统基于等级测评和风险评估相结合的理论,通过建立信息资产风险库,将信息风险和对应的风险等级建立连接。通过对公司信息进行相应的监测,自动测算出每一个系统的风险概率,并提出相应的风险预防措施。整个软件平台经多次测试结果表明,系统运行达到应有的效果。
Information security is becoming more and more serious. It is impossible to achieve the safe and effective protection of the company s network information system security by only relying on a single product. To solve this problem, we designed a set of risk assessment system for company safety. In accordance with relevant national standards and norms, risk assessment was an effective means of risk analysis which combined the process of comprehensive analysis from the aspects of integrity, confidentiality and availability of information system with grade protection. The system was based on the theory combining grade assessment with risk assessment. The information risk and corresponding risk levels were connected by establishing information asset risk database. Through the corresponding monitoring of company information, the risk probability of each system could be calculated automatically, and the corresponding risk prevention measures were put forward. The test results show that the system achieves the desired results.
作者
任贝贝
Ren Beibei(Shanghai Institute for Integrated Application of Network Technology, Shanghai 200233, China)
出处
《计算机应用与软件》
北大核心
2019年第2期151-154,共4页
Computer Applications and Software
关键词
风险评估
等级保护测评
信息安全
Risk assessment
Evaluation of grade protection
Information security
