System and method for evaluating security risk based on asset weak point analysis

A technology for assessing system and security risks, applied in transmission systems, computer security devices, instruments, etc., can solve problems such as the inability to accurately calculate the degree of system threat, and achieve the effect of beneficial risk assessment

Inactive Publication Date: 2010-01-06
BEIJING VENUS INFORMATION TECH +1
View PDF0 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

That is, without exact knowledge of the vulnerability, it is impossible to calculate exactly how threatened the system is

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for evaluating security risk based on asset weak point analysis
  • System and method for evaluating security risk based on asset weak point analysis
  • System and method for evaluating security risk based on asset weak point analysis

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0031] Example 1. image 3 is a system composition block diagram according to aspects of the present invention, which includes two cascaded risk factor calculators:

[0032] Weakness risk factor calculator 301, used to read the characteristics of the discovered weakness and the impact of corresponding security measures, and calculate the risk factor of the weakness;

[0033] The system risk factor calculator 302 is used to read the risk factor of the vulnerability and the structural composition information of the system, and calculate the total risk factor of the entire evaluated system.

Embodiment 2

[0034] Example 2. Figure 4 It is a structural block diagram of the vulnerability risk factor calculator 301 of a security risk assessment system based on asset vulnerability analysis according to Embodiment 1, which includes:

[0035] 1) The vulnerability feature reading device 401 is used to obtain a security feature of a vulnerability and send it to the vulnerability risk factor calculation output device 403;

[0036] 2) The vulnerability security measure reading device 402 is used to obtain the impact value of the system's security measures for the vulnerability on the security of the vulnerability, and send it to the vulnerability risk factor calculation output device 403;

[0037] 3) Weakness risk factor calculation output means 403, used to calculate and output the risk factor of a weakness.

Embodiment 3

[0038] Example 3. Figure 5 It is a structural composition block diagram of a system risk factor calculator 302 of a security risk assessment system based on asset weakness analysis according to Embodiment 1, which includes:

[0039]1) The system structure reading device 501 is used to obtain the structure information of the evaluated system and send it to the system risk factor calculation output device 503;

[0040] 2) Weakness risk factor reading device 502, used to acquire the risk factors of each weakness output by the system's vulnerability risk factor calculator and send them to the system risk factor calculation output device 503;

[0041] 3) System risk factor calculation and output means 503, used to calculate and output the total risk factor of the evaluated system.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system and a method for evaluating security risk based on asset weak point analysis. The system comprises two subsystems, namely a weak point risk counter and a system risk counter. The method comprises the following steps: carrying out hierarchical partition for computer security system assets in terms of function; calculating a weak point risk factor of each component according to a partitioned hierarchical model; and calculating the total risks of the whole security system according to the weak point risk factor of each component. Based on an asset hierarchical structure, the system and the method use the weak point risk of the component of the asset hierarchical structure to evaluate and calculate the risks of the system so as to overcome the defect of the prior risk evaluation algorithm and effectively realize reasonable evaluation of the security risk of the information system.

Description

technical field [0001] The invention relates to a security risk assessment system and method based on asset weakness analysis, belonging to the field of information security. Background technique [0002] The information security risk assessment method is to analyze and count various evaluation data of all security elements of the information system to determine the potential safety hazards and risk levels of the information security system. Provide detailed and reliable safety analysis reports to owners of safety asset elements based on the evaluation results, providing an important basis for improving the overall level of system safety. [0003] There are many traditional risk assessment methods, among which the more representative ones are asset-based qualitative risk analysis according to three levels of asset evaluation, risk evaluation and risk management; asset-based qualitative risk analysis by organization, region and level; asset-based Weakness analysis and vulner...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/00H04L29/06G06F21/57
Inventor 胡振宇叶润国骆拥政
Owner BEIJING VENUS INFORMATION TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap