Information security risk assessment refers to relevant standards and industry best practices at home and abroad, uses scientific methods and means to assess the threat faced by assets and the possibility of using vulnerability to lead to security incidents, and combines the asset value involved in security incidents to judge the risk once security incidents occur. Risk assessment is equivalent to a comprehensive physical examination of the information system, providing the basis for the next step of security system construction.
Provide decision basis for safety construction
Check the site selection of machine room, power supply and distribution of machine room, anti-theft, waterproof and moisture-proof, fire prevention, lightning protection and anti-static, access control, etc.
Check the host's account password policy, access control, patch update, log audit and other test items.
Check the network architecture, account password, access control, policy update, patch management, log audit and policy backup of network equipment.
Check SQL injection, XSS, command execution, file upload, middleware, database query, etc.
Check personnel management, management system, approval system, operation and maintenance system, sensitive information protection and other test items.