《信息系统 信息安全风险评估报告格式》模板
《信息系统信息安全危险评估报告格式》模板目录一、危险评估项目概述1.1工程项目概略1.1.1建设项目基本信息1.1.2建设单位基本信息1.1.3承建单位基本信息1.2危险评估实施单位基本状况二、危险评估流动概述2.1危险评估工作安排管理2.2危险评估工作进程2.3基于的技术标准及相关法规文件2.4保证与限制条件三、评估目标3.1评估目标构成与定级3.1.1网络结构3.1.2业务使用3.1.3子系统构成及定级3.2评估目标等级保护方法3.2.1XX子系统的等级保护方法3.2.2子系统N的等级保护方法四、财物识别与分析4.1财物类型与赋值4.1.1财物类型4.1.2财物赋值4.2重要财物说明五、要挟识别与分析5.1要挟数据收集5.2要挟描绘与分析5.2.1要挟源分析5.2.2要挟行为分析5.2.3要挟能量分析5.3要挟赋值六、脆弱性识别与分析6.1常规脆弱性描绘6.1.1管理脆弱性6.1.2网络脆弱性6.1.3系统脆弱性6.1.4使用脆弱性6.1.5数据管理和存储脆弱性6.1.6运行维护脆弱性6.1.7灾备与应急呼应脆弱性6.1.8物理脆弱性6.2脆弱性专项检测6.2.1木马病毒专项检测6.2.2浸透与攻击性专项测试6.2.3重要设备安全性专项测试6.2.4设备收购和维保服务专项检测6.2.5别的专项检测6.2.6安全保护效果综合验证6.3脆弱性综合列表七、危险分析7.1重要财物的危险计算成果7.2重要财物的危险等级7.2.1危险等级列表7.2.2危险等级统计7.2.3基于脆弱性的危险排行7.2.4危险成果分析八、综合分析与评估九、整改意见附件1:管理方法表附件2:技术方法表附件3:财物类型与赋值表附件4:要挟赋值表附件5:脆弱性分析赋值表("Information System Information Security Risk Assessment Report Format" Template Catalog 1. Overview of risk assessment projects 1.1 Overview of engineering projects 1.1.1 Basic information of construction projects 1.1.2 Basic information of construction units 1.1.3 Basic information of contractors 1.2 Basic conditions of risk assessment implementation units 2. Overview of risk assessment flow 2.1 Risk assessment work arrangement and management 2.2 Risk assessment work process 2.3 Technical standards and relevant regulatory documents based on 2.4 Guarantees and restrictions 3.1.3 Subsystem composition and classification Type of property 4.1.2 Property assignment 4.2 Description of important property Vulnerability Identification and Analysis 6.1 General Vulnerability Delineation 6.1.1 Management Vulnerability 6.1.2 Network Vulnerability 6.1.3 System Vulnerability 6.1.4 Usage Vulnerability 6.1.5 Data Management and Storage Vulnerability 6.1.6 Operation and Maintenance Vulnerability 6.1 .7 Disaster Preparedness and Emergency Response Vulnerability 6.1.8 Physical Vulnerability 6.2 Special Vulnerability Detection 6.2.1 Trojan Horse Virus Special Detection 6.2.2 Infiltration and Attack Special Test 6.2.3 Important Equipment Security Special Test 6.2.4 Equipment Acquisition 6.2.5 Special inspections for and maintenance services 6.2.6 Comprehensive verification of safety protection effects 6.3 Comprehensive list of vulnerabilities .2 Hazard level statistics 7.2.3 Hazard ranking based on vulnerability 7.2.4 Analysis of risk results 8. Comprehensive analysis and evaluation 9. Rectification opinions Annex 4: Threat assignment table Annex 5: Vulnerability analysis assignment table)
页:
[1]