Fuzzy risk evaluation system and method for computer information security

A technology of risk assessment system and information system, which is applied in the computer information security fuzzy risk assessment system and the field of information security risk assessment, can solve the problems of lack of security assessment framework, assessment criteria and indicators are difficult to quantify, etc., to improve objectivity and fairness, reduce The effect of subjective factors

Inactive Publication Date: 2009-07-01
BEIJING VENUS INFORMATION TECH
View PDF0 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Due to the subjective arbitrariness in element analysis operations and the lack of a unified and systematic security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fuzzy risk evaluation system and method for computer information security
  • Fuzzy risk evaluation system and method for computer information security
  • Fuzzy risk evaluation system and method for computer information security

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0022] A computer information system fuzzy risk assessment system (such as figure 2 ), there is a fuzzy risk matrix calculator, which calculates the degree of membership of the fuzzy level of the evaluation element according to the user's risk judgment on the evaluation element, and it has the following inputs:

[0023] 1) Evaluation element identification (ID),

[0024] 2) The discriminant vector (d 1 , d 2 ,...,d n ). d i Indicates the estimated score (0≤d i ≤10), for each evaluation element, its output is an evaluation element fuzzy level membership vector. If there are k evaluation elements, a k×n fuzzy matrix is ​​obtained, which is denoted as the fuzzy risk matrix R.

[0025] If the risk level standard set by the user is a 7-point level {0, 0.1, 0.3, 0.5, 0.7, 0.9, 1}, the implementation of the main components is as follows:

[0026] 1. Implementation of the fuzzy risk matrix calculator:

[0027] Let the risk level vector input by the user be {d 1 , d 2 ,...,...

Embodiment 2

[0037] Such as figure 1 As shown, a specific evaluation process is as follows:

[0038] 1. Establish risk level standards.

[0039] First define a 7-point risk level as shown in Table 1:

[0040] Table 1: Risk Level Criteria

[0041] grade factor

Grade symbol

No describe

0 S 1 Ignorable. The occurrence of a risk event has little impact on the system

0.1

S 2

small. Influential but small. Once a risk event occurs, at most

10% loss of value. 0.3 S 3 slightly obvious. A change in the system can be felt, but not serious.

[0042] Once a risk event occurs, at most 30% of the value will be lost.

0.5

S 4

medium. can cause damage to system reputation, or to system resources or

The reduction of service trust requires the payment of maintenance fees for important resources.

Once a risk event occurs, it can cause a 50% value loss.

0.7

S 5 serious. Can ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a fuzzy risk evaluation system and a method of a computer message system, wherein the method comprises calculating out the fuzzy grade subjection degree of evaluation factors according to the risk judgment to the evaluation factors by users, combing the subjection procedure vectors of all the evaluation factors to be a fuzzy risk matrix calculator of a fuzzy risk matrix, calculating out a comprehensive risk counter of fuzzy risks of an integral system according to the fuzzy risk matrix of all the evaluation factors and weight vectors of the evaluation factors, and calculating out a system risk quantizer of risk deterministic vector values of the integral system according to the comprehensive fuzzy risk and risk level standard of the system. The invention has the advantages that fully considering the relationship among the evaluation factors, a subjection relationship table and a weight table of each factor are established through introducing a fuzzy calculating technique, thereby reducing subjective factors, and improving objective fairness of evaluation results.

Description

technical field [0001] The invention relates to a computer information security fuzzy risk assessment system and method, belonging to the field of information security, and in particular to an information security risk assessment. Background technique [0002] The existing information system security assessment methods can be roughly classified into four categories: security audit, risk analysis, system security engineering capability maturity model (SSE2CMM) and security evaluation. The risk analysis model conducts security assessment from the perspective of risk control, and it obtains the measurement of network system security through probability statistics; security assessment evaluates system security more from the perspective of security technology and function; security audit, SSE2CMM model and other risk assessments The methods also start from a certain aspect of system security, and only focus on evaluating the practice norms of a certain aspect of network system se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06N7/02H04L12/24H04L29/06G06F21/57
Inventor 胡振宇史萍萍李杰谢瑞璇
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap