Method and device for conducting security identification on information system

An information system and security technology, applied in the field of security identification of information systems, can solve the problem that threat identification is difficult to meet the security identification requirements of information systems

Inactive Publication Date: 2010-03-17
BEIJING LEADSEC TECH
View PDF0 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the embodiments of the present invention is to provide a method and device for security identification of information systems to solve the problem that the existing threat identification based on vulnerability scanning is difficult to meet the security identification requirements of information systems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for conducting security identification on information system
  • Method and device for conducting security identification on information system
  • Method and device for conducting security identification on information system

Examples

Experimental program
Comparison scheme
Effect test

no. 1 example

[0063] see figure 1 , which is a flow chart of the first embodiment of the method for security identification of an information system in the present invention:

[0064] Step 101: Determine the target information system.

[0065] Step 102: Obtain the security attribute values ​​of each asset in the target information system and the quantified value of the corresponding threat category according to the result of security threat modeling of the target information system.

[0066] Step 103: Calculate the security information value of each asset in the target information system according to the quantified value of the threat category.

[0067] Step 104: Obtain the security information value of the target information system according to the security information value of each asset and the weight value of each asset in the target information system.

[0068] Step 105: Search the preset security level list according to the security information value of the target information system...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a method and a device for conducting security identification on an information system. The method includes the following steps: determining a target information system; according to the result of security threat modeling of the target information system, acquiring the security attribute value of each property in the target information system and the quantization value of the corresponding threat category; according to the quantization value of the threat category, calculating the security information value of each property in the target information system; according to the security information value of each property and the weight value of each property in the target information system, obtaining the security information value of the target information system; and according to the security information value of the target information system, searching for a preset security level list and obtaining the corresponding security level of the target information system. By quantizing the property, threat and leak in the information system and comprehensively considering the security risk in the information system, the embodiment meets the requirement of the information system on security identification.

Description

technical field [0001] The invention relates to the technical field of security information, in particular to a method and device for security identification of an information system. Background technique [0002] Information system security identification refers to the process of identifying security attributes such as confidentiality, integrity and availability of information systems and information processed, transmitted and stored according to relevant information security technology and management standards. The most important step in the process of security identification is how to identify threats and quantify the possibility of threat occurrence. In the prior art, when threat identification is performed, it mainly relies on the security evaluation personnel of the information system to make judgments based on technical experience, scan the information system for vulnerabilities and obtain the vulnerability information of the information system, and determine the thre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/00G06F21/78
Inventor 何伟谭曙光
Owner BEIJING LEADSEC TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap