Self-assessment: refers to the risk assessment that comes with the computer system, is running or is initiated by the unit.
Self-assessment is an assessment activity carried out by an organization to know its own security situation regularly, which plays an important role in the management of organizational information security. In order to make the organization's own risk assessment more scientific and reasonable, it is necessary to determine the process and method of assessment implementation before the assessment.
Inspection and evaluation: refers to the risk assessment of network security carried out by the state and system management departments according to laws and regulations.
Self-assessment and inspection and evaluation can rely on their own technical strength, or seek technical help from third-party institutions.