Risk assessment algorithm for information system

An information system and risk assessment technology, applied in computing, special data processing applications, instruments, etc., can solve the problems of difficult quantitative operation in risk assessment practice, high subjectivity of assessment algorithms, and impact on the accuracy of results, and achieve a simple index system. , convenient for risk assessment, good use effect

Inactive Publication Date: 2013-11-20
GUIZHOU UNIV
View PDF2 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] introduced the basic process and principle of risk analysis in GB / T 20984-2007, by identifying and assigning values ​​to the three major elements (assets, vulnerabilities, threats) , the multiplication or matrix method is used to calculate the risk value, but the attributes of each element are not refined and decomposed, and it is difficult to quantify the operation in risk assessment practice
The current evaluation algorithm is highly subjective, which affects the accuracy of the evaluation results

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Risk assessment algorithm for information system
  • Risk assessment algorithm for information system
  • Risk assessment algorithm for information system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] Embodiments of the invention: a risk assessment algorithm for an information system,

[0019] Step 1: Identify assets. According to the GB / T 20984-2007 standard, a form-based asset classification is shown in Table 1, which is divided into 5 categories. Data mainly includes various data materials on information media; software includes system software, application software, and source programs; hardware includes network equipment, computer equipment, transmission lines, security equipment, security equipment, etc.; services include information services, network services, Office services, etc.; personnel refer to those who have important information and core business.

[0020]

[0021]

[0022] Step 2: Vulnerability identification. In the GB / T 20984-2007 standard, seven categories of vulnerabilities are listed, including technical vulnerabilities and management vulnerabilities, as shown in Table 2. Vulnerability exists in the asset itself. In the actual project imp...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a risk assessment algorithm for an information system. According to the GB/T20984-2007 standard, a correlation between the assessment factors of assets, the assessment factors of vulnerability and the assessment factors of threats of the information system is established, a safety assessment indicator system is achieved, and 24 pairs of risk relations are achieved. The 24 pairs of achieved risk relations are substituted into a formula (1), an asset comprehensive value A is obtained through calculation. According to asset comprehensive value A and a vulnerability value V, the comprehensive value F of the loss caused by security events is worked out. According to the vulnerability value V and a threat value T, a security event possibility comprehensive value L is worked out. The comprehensive value F of the loss caused by the security events and the security event possibility comprehensive value L are substituted into a formula (2), and then a risk comprehensive value R is worked out and obtained. The risk assessment algorithm for the information system can eliminate the influence caused by the facts that assessment factor selection is unreasonable and risk correlation analysis cannot objectively reflect the system state, and improve the objectivity and the accuracy of risk assessment.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to an information system risk assessment algorithm. Background technique [0002] Information security analysis and evaluation is to use scientific methods and means from the perspective of risk management to systematically analyze the threats faced by information systems and their existing vulnerabilities, evaluate the degree of harm that may be caused by security incidents, and propose targeted defense measures. Threat prevention countermeasures and rectification measures provide a scientific basis for preventing and resolving information security risks, controlling risks at an acceptable level, and maximizing information security. [0003] At present, GB / T 20984-2007 introduces two risk value calculation methods, matrix method and multiplication method. [0004] Security risk refers to the establishment of the possibility of security incidents caused by threats exploiting vul...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F19/00
Inventor 唐作其梁静张正平
Owner GUIZHOU UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap