ICS35.040L80中华人民共和国国家标准GB/T××××—××××信息安全风险评估指南InformationSecurityRiskAssessmentGuideline(送审稿)××××-××-××发布××××-××-××实施国家质量监督检验检疫总局发布GB/T××××—××××目次前言................................................................................I1范围..................................................................................12规范性引用文件........................................................................13术语和定义............................................................................14概述..................................................................................34.1目的与意义..........................................................................34.2目标读者............................................................................44.3文档组织............................................................................45风险评估框架及流程....................................................................45.1风险要素关系图......................................................................45.2风险分析示意图......................................................................65.3实施流程............................................................................66风险评估实施..........................................................................76.1风险评估的准备......................................................................76.2资产识别............................................................................86.3威胁识别...........................................................................136.4脆弱性识别.........................................................................156.5已有安全措施的确认.................................................................176.6风险分析...........................................................................176.7风险评估文件记录...................................................................197风险评估在信息系统生命周期中的不同要求...............................................207.1信息系统生命周期概述...............................................................207.2信息系统生命周期各阶段的风险评估...................................................218风险评估的形式及角色运用.............................................................258.1风险评估的形式.....................................................................258.2风险评估不同形式与其中各角色的关系.................................................25附录A..............................................................................28A.1风险矩阵测量法.....................................................................28A.2威胁分级计算法.....................................................................29A.3风险综合评价法.....................................................................30A.4安全属性矩阵法.....................................................................30附录B..............................................................................33B.1安全管理评价系统...................................................................33B.2系统软件评估工具...................................................................33B.3风险评估辅助工具...................................................................34前言为指导和规范针对组织的信息系...
