中国联通信息化系统风险评估流程及规范(试行)Page1of26目录1目标...............................................................................................................................................32引用标准.......................................................................................................................................33相关术语.......................................................................................................................................34风险评估概述...............................................................................................................................44.1风险评估概念.....................................................................................................................44.1.1信息安全..................................................................................................................44.1.2安全风险..................................................................................................................44.1.3信息安全风险评估..................................................................................................54.2风险评估要素关系模型.....................................................................................................55风险评估规范...............................................................................................................................65.1风险评估规范概述.............................................................................................................65.2资产评估............................................................................................................................65.2.1资产识别..................................................................................................................65.3脆弱性评估........................................................................................................................75.3.1脆弱性分类..............................................................................................................75.3.2脆弱性赋值..............................................................................................................85.3.3脆弱性评估方法......................................................................................................85.4综合风险分析...................................................................................................................205.5实施改进..........................................................................................................................215.5.1制定策略................................................................................................................215.5.2安全加固................................................................................................................215.5.3安全工程实施........................................................................................................216风险评估流程.............................................................................................................................226.1风险评估沟通阶段...........................................................................................................226.2风险评估实施阶段.........................................................................................
