Security services

Risk assessment services

Security service item


According to different target ranges, it is divided into database special risk assessment, business system risk assessment and comprehensive information security risk assessment.


Content description


Conduct security business asset identification, security threat identification, vulnerability identification and analysis of existing security protection measures for hosts, networks, applications and data related to important business systems in the enterprise, sort out the current situation of information security, and provide security risk disposal suggestions, security risk avoidance measures, overall security reinforcement and rectification plan and long-term construction plan.


Database special risk assessment services, including architecture assessment, security configuration risk verification, access learning sorting, business SQL statement analysis and audit score, business SQL performance monitoring, abnormal behavior analysis, and providing suggestions on account authority rectification, business SQL statement optimization, etc.



Deliverables

《企業(yè)信息安全風險評估報(bào)告》

Enterprise information security risk assessment report

《企業(yè)業(yè)務數據庫風險評估報(bào)告》

Enterprise business database risk assessment report

Reference standard

《信息技(jì)術(shù) 安全技(jì)術(shù) 信息安全管理實施指南(nán)》(ISO/IEC 27002:2013) 

Implementation Guide for information technology security management (ISO / IEC 27002:2013)  

《信息安全技(jì)術(shù) 信息系統安全等級保護基本要求》(GB/T 22239-2008)

Information security technology - basic requirements for security level protection of information systems (GB / T 22239-2008)

《信息安全技(jì)術(shù) 信息安全風險管理指南(nán)》(GB/Z 24364-2009) 

Information security technology - Guidelines for information security risk management (GB / Z 24364-2009)  

《信息安全技(jì)術(shù) 信息安全風險評估規範》(GB/T 20984-2007) 

Information security technology - Code for information security risk assessment (GB / T 20984-2007)  

《信息安全技(jì)術(shù) 信息安全風險評估實施指南(nán)》(GB/T 31509-2015) 

Information security technology - Guidelines for the implementation of information security risk assessment (GB / T 31509-2015)  

《NIST-SP800-30 Guide for Conducting Risk Assessments風險評估指南(nán)》

Nist-sp800-30 guide for conducting risk assessments

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

《NIST-SP800-26 Security Self-Assessment Guide for Information Technology Systems》

(NIST-SP800 信息技(jì)術(shù)系統安全自(zì)我評估指南(nán))

(nist-sp800 information technology system security Self Assessment Guide)

《信息安全技(jì)術(shù) 信息安全事(shì)件(jiàn)管理指南(nán)》(GB/T 20985-2007)

Information security technology - Guidelines for information security incident management (GB / T 20985-2007)

 

 









Copyright © 2019 All Rights Reserved Designed
Hangzhou pldsec Network Technology Co