Method and system for automated information security evaluation

An information security and safety technology, applied in special data processing applications, instruments, electrical and digital data processing, etc., can solve problems such as error-prone, aggravating staff workload, and difficulty in scanning result data analysis in a comprehensive, objective, and complete manner. To achieve the effect of reducing labor costs, improving work efficiency and ensuring accuracy

Active Publication Date: 2012-02-15
GUANGDONG POWER GRID CO LTD INFORMATION CENT
View PDF2 Cites 33 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Scanning tools can reduce manual identification of system and network vulnerabilities, but analysts still need to analyze a large amount of scanning result data to analyze and evaluate various vulnerabilities and risks in the information system; Increased the workload of staff like this, can't improve work efficiency;
[0006] 2. It is difficult for analysts to rate the risks of scan results, which also increases the workload of assessment work;
[0007] 3. Due to various reasons, it is difficult for the analysts to ensure a comprehensive, objective and complete analysis of the scanning result data, which is prone to errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for automated information security evaluation
  • Method and system for automated information security evaluation
  • Method and system for automated information security evaluation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In order to make the objectives, technical solutions and advantages of the present invention clearer and clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

[0040] Such as figure 1 As shown, an automated information security assessment method provided by the present invention includes the following steps:

[0041] Step S110: Automatically identify security vulnerabilities in multiple systems through the scanning tool, and collect the risk vulnerabilities of each system, and use CVE (the full English name is "Common Vulnerabilities & Exposures", that is, public vulnerabilities and exposures) encoding and key identification feature content two In this way, the collected vulnerability information is uniquely identified and marked to establ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for automated information security evaluation. The method includes the following steps: creating a risky leak library; creating the risk levels of the risky leak library; utilizing an interface call-scanning tool to scan an evaluated system, and acquiring and storing scanning result data; comparing the acquired scanning result data with the leak data in the risky leak library for judgement, and identifying security leaks and risk levels thereof existing in the evaluated system. Since the method and the system for automated information security evaluation provided by the invention adopt the scanning tool to directly carry out interface analysis and read the scanning result data of the scanning tool, the invention can carry out complete, objective and intelligent data analysis on scanning results by means of a security mapping identification mechanism of the evaluation system, thus guaranteeing accuracy, increasing the working efficiency andreducing the manpower cost.

Description

Technical field [0001] The invention relates to the technical field of system automatic assessment, and in particular to a method and device for automatic information security assessment of system risks. Background technique [0002] Risk assessment is a time-consuming, labor-intensive and requires a lot of relevant professional or business knowledge support. Usually, this work is done by professional consultants. These consultants can come from the organization or consulting company being assessed. These consultants with professional qualities play an important role in risk assessment. In order to make risk assessment work widely carried out in all walks of life, risk assessment tools have become indispensable technical support methods. At present, many organizations have developed risk assessment tools based on some safety management guidelines and annotations, which provide convenient conditions for risk assessment. As the process of risk assessment gradually shifts to autom...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F17/30G06Q10/00
Inventor 徐晖王甜魏理豪陈军朱奕李一兵黄敬志
Owner GUANGDONG POWER GRID CO LTD INFORMATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap