Risk Assessment

Information security risk assessment refers to relevant standards and industry best practices at home and abroad, uses scientific methods and means to assess the threat faced by assets and the possibility of using vulnerability to lead to security incidents, and combines the asset value involved in security incidents to judge the risk once security incidents occur. Risk assessment is equivalent to a comprehensive physical examination of the information system, providing the basis for the next step of security system construction.

Service content
Assets sorting
Assist customers to sort out various assets such as network, equipment, host, etc., analyze the potential value of various assets, and clarify the protection value and required protection level of various assets.
Safety risk identification
According to the scientific risk assessment method, combined with the comprehensive consideration of assets, weaknesses, threats and existing security measures, risk calculation is carried out to identify the security risks of customer information system in an all-round and effective way.
Risk reassessment
For the safety risk after rectification, a secondary assessment will be conducted until the risk is eliminated or reduced to an acceptable risk.

Service object

Provide decision basis for safety construction

Computer room safety assessment

Check the site selection of machine room, power supply and distribution of machine room, anti-theft, waterproof and moisture-proof, fire prevention, lightning protection and anti-static, access control, etc.

Host security assessment

Check the host's account password policy, access control, patch update, log audit and other test items.

Network security assessment

Check the network architecture, account password, access control, policy update, patch management, log audit and policy backup of network equipment.

Application and data security assessment

Check SQL injection, XSS, command execution, file upload, middleware, database query, etc.

Safety management assessment

Check personnel management, management system, approval system, operation and maintenance system, sensitive information protection and other test items.