Information system security assurance is to put forward security assurance requirements from the aspects of technology, management, engineering and personnel throughout the entire life cycle of the information system to ensure the confidentiality, integrity and availability of the information system and reduce security Risks are reduced to an acceptable level to ensure that the system achieves the mission of the organization. All instructions invoked by information processing, including operational instructions (programs) that instruct and control computer hardware and process instructions used in information processing. Programs include operating system programs, spreadsheet programs, word processing programs, etc. The process includes data entry process, error correction process, data transfer process, etc.

Data resources include: alphanumeric data composed of numbers, letters, and other characters describing organizational activities and other things; text data composed of sentences and paragraphs; image data in the form of graphics and charts; records of people Audio data with other sounds.

Information systems that meet different needs and have various functions form the basis of the information society. They improve the production and management efficiency of various industries and departments in society, facilitate human daily life, and promote The development of society advances.

(1) Risk

The factors causing information security risks mainly include vulnerabilities in the information system itself and threats from outside the system. There are threat sources with specific threat motivations in the information system operating environment. By using various attack methods and exploiting various vulnerabilities of the information system, they have certain adverse effects on the information system, thus causing information security problems and incidents.

(2) Guarantee

Information security assurance is to formulate information security assurance strategies for various risks faced by information systems in the operating environment, and design and implement them under the guidance of the strategies. The information security assurance architecture or model adopts technical, management and other security assurance measures to control risks to an acceptable range and degree, thereby achieving its business mission.

(3) Mission

Describes the requirements and goals for the operation of the information system throughout the entire life cycle of design, implementation, testing, operation, maintenance, and abandonment. The mission of an information system is inseparable from its security, and information system security measures are required to ensure the correct execution of goals. As the threats faced by information systems and the operating environment change, security assurance also needs to provide corresponding safeguards to ensure the correct operation of information systems.

Risk management is the basic method of information security work. Information security assurance should be based on risk management and take targeted preventive measures against various possible threats and own weaknesses. Information security is not the pursuit of absolute security, but the pursuit of controllable security risks. The most appropriate information security strategy is the optimal risk management strategy, which is an optimal choice issue under the premise of limited resources. Insufficient information system prevention measures will cause direct losses, affect the normal operation of business systems, and also cause adverse effects and losses. In other words, the issue of information security assurance is the issue of security effectiveness, and trade-offs must be made from the feasibility and effectiveness of economy, technology, and management.