Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

An information system risk evaluation method and system

An information system and risk assessment technology, applied in transmission systems, digital transmission systems, security communication devices, etc., can solve the problem of high security risks

Inactive Publication Date: 2008-03-26
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is obvious that the security risks of System 1 and System 2 are roughly the same, but if calculated by weighted summation, it will be concluded that the security risk of System 2 is 10 times higher than that of System 1

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An information system risk evaluation method and system
  • An information system risk evaluation method and system
  • An information system risk evaluation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0045] This embodiment is a specific implementation of the information system risk assessment method, and the main operation process is shown in FIG. 1 . The specific process of this embodiment includes the following steps:

[0046] 1. Define asset value

[0047] The asset value A of the host can be divided into five levels by the administrator according to the importance and value of the host. The higher the level, the higher the asset value, and the value range of asset value A is 0-1. The division method adopted in the present invention is:

[0048] Asset value is small: A=0.2;

[0049] The asset value is small: A=0.4;

[0050] Medium asset value: A=0.6;

[0051] Larger asset value: A=0.8;

[0052] The asset value is extremely large: A=1.

[0053] 2. Define Asset Protection Measures

[0054]Asset protection measures refer to the existing security devices and measures in the system, which can make assets prevent attacks against certain services. Asset protection mea...

Embodiment 2

[0101] This embodiment is an example of an asset risk assessment process, and the main operation process is shown in FIG. 2 . The risk assessment system 1 scans the vulnerability of each asset in the system through the network 2, and then completes the calculation of the risk value of each asset and the entire information system based on the asset value, the protection measures taken by the asset, and the vulnerability scanning results, combined with the vulnerability information database. . Assuming that asset 1 is a computer, the vulnerabilities existing on the computer, the CVSS score of the vulnerability, and the services corresponding to each vulnerability are shown in Table 1 below: Table 1

[0102] Vulnerability name

CVSS score

Corresponding service

Vulnerability 1

6.4

service 1

Vulnerability 2

3.3

service 2

Vulnerability 3

8.0

service 2

Vulnerability 4

10.0

service 3

[0103] Assum...

Embodiment 3

[0118] This embodiment is an example of an information system risk assessment process. Suppose there are two information systems, System 1 and System 2. Information system 1 contains 100 computers, one of which is extremely risky, with a risk value of 0.95; the remaining 99 computers do not contain any vulnerabilities, with a risk value of 0. Information system 2 contains 10 computers, one of which is extremely risky, with a risk value of 0.95; the remaining 9 computers do not contain any vulnerabilities, with a risk value of 0. According to formula (5), the risk value of information system 1 is:

[0119] N 1 = [ 1 - ( 1 - 0.95 ) · 1 99 ] · ( 0.9 + 0.95 100 ) ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

This invention discloses a method and a system for risk evaluation of an information system, in which, the method includes: computing the risk value of each asset in the information system and computing the risk value of the information system according to the risk values of the assets, and the computation is based on a probability model. A risk evaluation system is installed on the UE of the internet containing a vulnerability scan unit, an asset value defining unit, an asset safeguard defining unit and a risk evaluation unit of the information system, which can quantize the risk values of assests and the information system together in an appointed fixed space and the quantized result shows the degree of vulnerability of assests or the information system.

Description

technical field [0001] The invention relates to an information system risk assessment method and system, belonging to the field of information security. Background technique [0002] Information system risk assessment refers to the process of evaluating security attributes such as confidentiality, integrity and availability of information systems and the information processed, transmitted and stored by them according to relevant information security technology and management standards. In the existing quantitative analysis methods, the usual method is to first examine the vulnerability, asset value and threat of each asset in the information system, and calculate the risk quantification value of each asset in the information system by weighted summation; The risk quantification value of each asset is weighted and summed to obtain the risk quantification value of the information system, or according to the "short board theory", the maximum value among the risk quantification ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/24H04L12/26G06F21/00H04L9/00
Inventor 周涛许金鹏王虹尹航吴海民谢瑞璇
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products