Network security risk assessment
Source: Shangpin China |
Type: website encyclopedia |
Time: June 20, 2014
Network security risk assessment is a popular research course month that has developed rapidly in recent years. It is also a "hot spot", "difficult point" and problem to be urgently solved by the network security silver city. Network security poses multiple threats. How to deal with multiple network security threats? However, the security assessment and risk of the network can be carried out to reduce the security threat to the lowest level. The core of risk assessment is not only theory, but also practice, and the actual work of assessment is difficult to persuade. According to the statistics, only 60% of the wind night assessments are successful. The risk assessment work in China is faced with many challenges. The following is a discussion on the help of key players in network risk assessment. In fact, the main links and practical methods of risk assessment should be given, so as to achieve effective network security risk management.
What is the application of complete risk assessment Network design Security risk refers to the possibility and impact of security incidents caused by man-made or natural city faces due to the vulnerability of the network For example, Keshan website may face more security threats. How to find the security of the website? Or how to confirm whether the website has security vulnerabilities and weaknesses? This is a comprehensive security risk assessment of the website. Network security risk assessment refers to the process of scientifically evaluating the confidentiality, integrity, availability and other security attributes of the network system and its processing, transmission and storage information according to the relevant network security technical standards.
.jpg)
In the network risk assessment, the security risk segment of network fragmentation should be identified based on the assessment of the possibility and negative impact of security events. The evaluation data of the wind face in the sense of a well filling: O *. That is, the work task that a unit does not earnestly realize through the network. The more the mission deviates from the Ipa degree of the two collaterals, the more the task of Fenglian's assessment focuses on "O asset and x value". Assets refer to the network system, information, production and service capacity accumulated through the construction of information technology; Value refers to the degree of perception, importance and criticality of assets. Network assets may be available. Threats can be described by a variety of attributes. For example, the main body of threats ("face ears"), strength, resources, motivation, ways, possibilities and consequences; ④ vulnerability. The shortcomings and monthly points of network assets and their security measures in terms of security are also often referred to as "mouth moistening"; ⑤ events. Threat subjects use the weakness of network assets and their security measures to actually create a situation of risk education; ⑥ wind eyelids. Due to the vulnerability of the network system, the possibility and impact of security events caused by man-made or natural threats; O Residual risk. Risks still exist in the network after taking security measures and improving the ability of network security; After shift risk is unavoidable; That is, safety deviation. In order to ensure the normal exercise of the outstanding life, the specific requirements on the network security vault pumping; Take safety measures. The sum of various practices, procedures and opportunities implemented to deal with threats, reduce vulnerability, protect assets, limit the impact of off shift events, detect and respond to off shift events, promote disaster recovery and combat cyber criminals, and the main links and methods of cyber risk assessment
According to the analysis of the key factors of the wind drop assessment, the network wind delay assessment is a complex process. Many studies have begun the process and steps of network risk assessment. In fact, one wind farm is familiar with many aspects of sand assessment, including risk analysis, wind and night assessment, safety decision-making and safety monitoring
(1) Safety risk analysis
Safety risk analysis is the first link of wind face assessment. The so-called risk refers to the possibility of losing the assets to be protected. The purpose of network security risk analysis is to estimate the possibility of network synergy and the potential loss caused by the vulnerability of the system. Most risk analyses confirm and evaluate network assets at the beginning; Thereafter, different methods are used to calculate the input and loss. Squid network security and official. Hanrun and Chenglei are two main objects of risk determination.
(2) Risk assessment
When conducting network security wind night assessment, the method used in the position has a light effect on the effectiveness of the assessment. The selection of evaluation methods should be linked to each link in the evaluation process, so that the final evaluation results can be left and right. Therefore, we should be very careful about the specific situation of the network. Choose an appropriate wind face assessment method. There are many methods for risk assessment, which can be summarized into two categories: fixed risk assessment methods and qualitative risk assessment methods.
The fixed f evaluation method refers to the use of the teaching f index to evaluate the windy evening. Generally, distribution state function is used, and risk is defined as a function of distribution state function. The determination and analysis methods of the classic group include factor analysis, class analysis, time series search, regression chess, etc. The advantage of the evaluation method is to use the data of Yiyan to describe the results of the evaluation. It is clear at a glance. Using the fixed t evaluation method can make the research results scientific and rigorous. The qualitative assessment method is mainly based on the researcher's knowledge, experience, historical lessons, policy trends and special case of Nafei cloud data to make a judgment on the risk situation of the Eastern system. It is mainly based on the in-depth interviews with DuZha on t, and the most basic information is the case record
Data. Then through theoretical derivation and deductive analysis, the data are reasoned out and the evaluation conclusion is reached. The qualitative evaluation method needs to know the probability value of previous events, and can establish a reasonable decision-making chess code from the military. Qualitative evaluation is a common analytical method
(3) Safety Decision
Security decision is to decide the security challenge that the network system will adopt according to the evaluation conclusion. The purpose of risk analysis and assessment is to provide decision support information to the network and managers, so as to form reasonable and targeted security strategies and effectively control network threats.
Source Statement: This article is original or edited by Shangpin China's editors. If it needs to be reproduced, please indicate that it is from Shangpin China. The above contents (including pictures and words) are from the Internet. If there is any infringement, please contact us in time (010-60259772).
