Information security assessment
Service Description
Risk assessment is sometimes referred to as risk analysis. It is an organization's use of appropriate risk assessment tools to determine the threat, impact, and vulnerability (Vulnerability) of information and information processing facilities in accordance with relevant domestic and foreign information security standards. The evaluation of the possibility of occurrence, including the process of scientific evaluation of the security attributes such as the confidentiality, integrity and availability of information systems and the information processed, transmitted and stored by them, ranging from information assets, information systems, business processes, etc. Evaluate the vulnerability of the information system, the threats faced by the information system, and the actual negative impact of the vulnerability after being used by the threat source, and identify the security risk of the information system according to the possibility of security incidents and the degree of negative impact . Risk assessment is the basis of information security management. It provides direction and basis for the follow-up work of security management. The priority and degree of attention of the follow-up work are determined by the information security risk, and the effect of security control must also be determined by the remaining risks. Evaluate to measure.
Significance
▽Risk assessment services can help companies or organizations understand the security status of their own network information systems;
▽Identify asset information that needs key protection through asset importance analysis;
▽Determine the real security threats faced by various assets through system weakness analysis, threat analysis, and effectiveness analysis of security measures;
▽Due to the complexity of the risk assessment process, technical difficulty, long duration, and long cycle, the implementation of risk assessment work in industry enterprises or organizations is seriously troubled;
Implementation Steps
▽Plan and preparation (before the organization formally conducts risk assessment, it should formulate an effective risk assessment plan, clarify the target of the risk assessment, limit the scope of the assessment, establish the relevant organizational structure and delegate responsibilities, and take effective measures to collect the risk assessment Information and data required)
▽Risk assessment action plan
▽Personnel interview
▽Questionnaire
▽Document review
▽Previous audit and evaluation results
▽Analysis of external cases and scenarios
▽Site survey (the information collected through the above service process can be used for the analysis of activities at various stages of risk assessment, including asset identification and evaluation, threat assessment, vulnerability assessment, etc.)
下一篇:無