Abstract: This paper studies the sort method and development trend of the information security risk assessment tool, then designs and implements an integrated risk assessment tool based on the popular analyzing method of risk assessment. This tool is a multi expert assessment system. It integrates the functions of the assessment tool of security management, the assessment tool of system software and the assistant tool of risk assessment, and it also introduces the quantitative and qualitative method, which improves the efficiency of risk assessment and ensures the results are more scientific.

Key words: information security, risk assessment, assessment tool

摘要： 研究了信息安全风险评估工具的分类方法与发展趋势，在分析国内外多种风险评估方法的基础上，设计并实现了一个综合风险评估工具。该工具是多专家评估系统，集成了安全管理评价工具、系统软件评估工具和风险评估辅助工具3类工具的功能，运用定量和定性相结合的方法进行风险评估，为提高风险评估效率、确保评估结果的科学性提供了有力支持。

关键词: 信息安全, 风险评估, 评估工具

CLC Number: 

• TP309