| Summary: | 碩士 === 國防大學中正理工學院 === 電子工程研究所 === 96 === Information technology impacts almost every aspect of modern life. Organizations have used information systems to process information for better support of their daily operations. Hence, information security is gaining much more attention. Information Assets are critical elements for organizations to survive. Without the concept of information security, the organizations will not know how to response to risks. Therefore, how to evaluate the risks associated critical assets of the organization is the important issue to organizations. The organizations must know the risk degrees of their critical assets, otherwise they can’t select the appropriate plans to protect their critical information assets.
This research proposes a risk assessment model for a host computer. This model is different with traditional risk assessment models. It includes security practices, not just technology. We use OCTAVE method to determine the risk profile of organization’s host computer, and use Nessus vulnerability scanner tool to scan the vulnerabilities within organization’s host computer. By combining the outputs of OCTAVE and Nessus, the proposed model can product an overall risk value and risk distribution for the host computer. These information reveals where should be enhanced to eliminate risks of the host computer.
Key words: Assets, Risk Assessment, Nessus, OCTAVE
|
|---|
