Application on Information Security Risk Assessment
|School||Beijing University of Posts and Telecommunications|
|Course||Electronics and Communication Engineering|
|Keywords||information security risk assessment BS7799 OCTAVE firewall Trend Micro Antivirus system|
With rapid development of information technology , information security has become one of the main concerns in constructing the information systems. This paper surveys the current risk assessment standards and assessment technology and applies the technology to the Guangxi Unicom BSS systems to identify the major risks and find out the corresponding solutions. The details are as follows:1. BS7799: BS7799 is the standard formulated by the British Standard Institute (BSI), for information security management. This standard gives a method to improve management continuously based on DAI Central (PCDA)2. OCTAVE: OCTAVE (Operationally Critical Threat, Asset. and Vulnerability Evaluation) focuses on the practicality. OCTAVE is now a commonly used risk assessment method and is suitable for the organization to do Self-assessment. Followed OCTAVE, organizations can make information protection decisions based on the risk of the CIA of critical information assets.3. Applications of risk assessment techniques in Guangxi Unicom BSS system: based on BS7799 standard and application OCTAVE technology, BSS Guangxi Unicom develop a risk assessment system and implement programs to identify major risk system, according to the results of the risk assessment to identify security-building programs.4. Firewall construction: Reconstruct the network structure of Guangxi Unicom Billing Center BSS, add the firewall equipment, and divide the Billing Center network into four mutually isolated physical modules to prevent the invasion of external network to the internal network.5. Trend Micro Antivirus system: Build Trend Micro AntiVirus systems in Guangxi Unicom Billing Center BSS, centralize the management of antivirus work, and effectively prevent the outbreak of the virus.