Abstract. Because lacks a knowledge base or do not involve all security issues, it is really hard for an enterprise to protect their intranet security. A correctly and effectively security risk assessment if very important, it helps to control risks in the acceptable range with the minimum cost. Based on ISO 27000 and NIST SP800 standards, we have designed a framework used to guide the enterprise to build their own risk assessment indicators or checklists, which help enterprises, focus on core security risk under limited resources. It has got good application effect in our own enterprise.
Background and Problem Analysis