Security services

Risk assessment services

Security service item


According to different target ranges, it is divided into database special risk assessment, business system risk assessment and comprehensive information security risk assessment.


Content description


Conduct security business asset identification, security threat identification, vulnerability identification and analysis of existing security protection measures for hosts, networks, applications and data related to important business systems in the enterprise, sort out the current situation of information security, and provide security risk disposal suggestions, security risk avoidance measures, overall security reinforcement and rectification plan and long-term construction plan.


Database special risk assessment services, including architecture assessment, security configuration risk verification, access learning sorting, business SQL statement analysis and audit score, business SQL performance monitoring, abnormal behavior analysis, and providing suggestions on account authority rectification, business SQL statement optimization, etc.



Deliverables

《企業信息安全風險評估報告》

Enterprise information security risk assessment report

《企業業務數據庫風險評估報告》

Enterprise business database risk assessment report

Reference standard

《信息技術 安全技術 信息安全管理(lǐ)實施指南》(ISO/IEC 27002:2013) 

Implementation Guide for information technology security management (ISO / IEC 27002:2013)  

《信息安全技術 信息系統安全等級保護基本要求》(GB/T 22239-2008)

Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)

《信息安全技術 信息安全風險管理(lǐ)指南》(GB/Z 24364-2009) 

Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)  

《信息安全技術 信息安全風險評估規範》(GB/T 20984-2007) 

Information security technology - Code for information security risk assessment (GB / T 20984-2007)  

《信息安全技術 信息安全風險評估實施指南》(GB/T 31509-2015) 

Information security technology - Guidelines for the implementation of information security risk assessment (GB / T 31509-2015)  

《NIST-SP800-30 Guide for Conducting Risk Assessments風險評估指南》

Nist-sp800-30 guide for conducting risk assessments

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

(NIST-SP800 信息技術系統安全自(zì)我評估指南)

(nist-sp800 information technology system security Self Assessment Guide)

《信息安全技術 信息安全事件管理(lǐ)指南》(GB/T 20985-2007)

Information security technology - Guidelines for information security incident management (GB / T 20985-2007)

 

 









Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co