The Design and Implementation of Risk Analysis Tool and Suitable Countermeasure Choice Algorithm

摘要

According to increase dependence for Information & Communication System by development of information, risk about threats and vulnerabilities for system assets is increasing day after day.A risk analysis tool is an automation tool that estimate risk level in reply because accident happens , organization's information leakage and security saliva by these various kinds risk and calculate level of significance. First, essential vulnerability that appear in various assets of organization, threat for these assets, assets to estimate these level of significance should be calculated. This element by recent publication risk for each assets of organization calculation achieve. As a tool that a risk analysis tool that achieve these role diagnoses specification organization's risk and do information leakage and security saliva and prevent accident occurrence beforehand organization's assets threats and vulnerabilities, security countermeasure, and risk for assets analyze and it is a tool that help to reduce organization's risk level. To supplement merits and demerits of various method, a risk analysis tool that embody in treatise that see introduced Delphi methodology to achieve organization's assets by specialist group, threats, estimation about vulnerability as quantitative, and improve objectivity of estimation value. In point that these method achieves embodiment through each asset, threats, quantification about vulnerability, and keep objectivity through Delphi method is different from the existing risk analysis methodology. Describe about design and embodiment of a tool that apply practical risk analysis process in treatise that see to use a risk analysis tool that introduce this methodology applicatively. And, describe in treatise that see about design of algorithm and the embodiment connected with process that calculate remainder risk that can appear in establishment in case apply elect security countermeasure.