1. Product/Service name and self-developed ingredient description

This product is mainly to provide the organization with the completeness and correctness of the inventory of information assets and how to manage and control the asset value and information security weaknesses. Under the concept of group classification of information assets, it can quickly assess weaknesses and threats and find solutions to plan for improvement can be proposed. Facing information security vulnerabilities ,our system can improve tracking quickly and manage with a more intuitive and precise approach.

The design and development of the entire product are designed in accordance with the guidelines of the ISO-27001 specification.

In the application of the technology platform, under the consideration of the sustainable development of the system, the company adopts Windows Server and SQL Server as the system operating environment, which can be repaired quickly and can easily obtain maintenance manpower. The program architecture adopts the Microsoft .NET solution with the best operating performance and stability, and plans the overall system with a three-tier architecture. Since our company is a Microsoft "gold-level" technology partner, we can get the best technical guarantee.

The programming language for project development is mainly ASP.NET and C#, and Microsoft ASP.Net MVC 5 is adopted as the main development technology and framework for each system of this project in terms of architecture.

At the same time, our company's internal information security regulations have formulated the "Information Security Online Audit Form", which regulates the responsible project managers to carry out information security design during the program development stage, and checks whether the program design is written according to the specifications, so as in line with the spirit of the Security Software Development Life Cycle (SSDLC) standard.

2. Product/Service function description

The development of the entire ISMS（Information Asset and Risk Assessment Management System ）is designed in accordance with the spirit of ISO27001/ISMS:

A. Initiate inventory work flexibly according to the organization's audit plan.

B. Multiple permissions (unit/role) settings for a single account.

C. Agent risk control settings.

D. Flexible self-built drop-down custom menu information.

E. Asset quick copy and file building function..

F. Asset transaction review mechanism and review process records.

G. Asset vulnerability and threat management mechanism by groups.

H. Automatically calculate asset risk.

I. Asset inventory creation and export function..

J. Multilingual interface (Chinese/English) for multinational enterprises.

3. Description of application scenarios of products/services

A. Explanation of suitable application fields: Due to the frequent occurrence of information security incidents, it often causes heavy losses to the organization. Whether it is the frequent fraud cases due to the leakage of customer information data, or the huge payment caused by the infiltration of blackmail virus, it will cause extreme troubles for the organization, such as trouble and unnecessary financial losses, or even affect the normal operation. Therefore, if there is a system that can effectively inventory and classify assets and can be updated at any time, and can flexibly follow the organization's information security requirements and specifications, it can timely verify the weaknesses and threats of assets such as hardware, software, data, and personnel within the organization. , to creat a risk assessment report, and make improvements and tracking, so that protective measures can be taken.

B. Existing application cases: In actual cases, a public company, two commercial banks have adopted this information asset risk assessment management system. There are a large number of information software and hardware assets , Intensive workload of personnel, inability to clearly communicate the operation process specification and other factors often make it difficult to manage. Existing customers have successfully used this system to completely establish an information asset risk management mechanism and quickly resolve information security issues.