摘要： 针对目前风险管理系统中风险消减体现不足以及安全标准难以综合运用的问题，给出了一种新的信息安全风险管理工具的设计思路和实现方法。提出了风险评估结果分析方法和风险消减策略，并对某些风险管理中的关键要素分析算法进行了改进。弥补了诸多风险管理系统设计在功能性与结论数据通用性等方面的不足，提高了实际应用价值。

关键词: 信息安全, 风险管理, 风险评估

Abstract: To solve the problem of lacking risk mitigation part and using security standards synthetically in current information security risk management system(ISRMS), this article expatiates a method to design and implement a new ISRMS. It also brings forward a way to analyze the result of risk assessment and a method to mitigate the risk. Some algorithms for analyzing key factors in risk management are improved. This system covers the short in functions and the interoperability of data in most ISRMS and enhances its application value.
information security; risk management; risk assessment

Key words: information security, risk management, risk assessment

中图分类号: 

• TP309