Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Information system security risk assessment method and device

An information system and security risk technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve problems such as complex mapping relationship and calculation, distortion of risk status evaluation, and difficulty in realization, so as to solve the problems of risk quantification and improvement The effect of accuracy and confidence

Active Publication Date: 2014-08-20
SHANXI CHINA MOBILE COMM CORP
View PDF5 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] 1. The evaluation index either relies on a single factor or is too complex to reflect the real risk situation; from the perspective of threats, it can reflect the real situation of external attacks. However, due to the large number of external threats and complex sources, there are new types of attacks, There are also very old attacks, and the applicability of the attacks needs to be accurately screened, so the evaluation of the risk status is generally high, which is not conducive to the development of threat handling and remedial measures; from the perspective of vulnerability, it can truly reflect the loopholes of the information system However, since the vulnerability is static, threats and attacks are required to form a risk, so the evaluation of the risk situation is often distorted, which is not conducive to investing effective resources in risk control, and the cost is too high; from threats, vulnerabilities A comprehensive evaluation with asset value can reflect the level of risk status, but since this comprehensive evaluation involves a three-dimensional system, and the three factors are many-to-many, the mapping relationship and calculation are extremely complicated, so it is difficult to achieve in actual use
[0007] 2. The current evaluation system often only focuses on risk threats, vulnerability and asset value, but often ignores the very important link of remedial measures, which is actually an important factor in risk control

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Information system security risk assessment method and device
  • Information system security risk assessment method and device
  • Information system security risk assessment method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0034] The basic idea of ​​the present invention is to construct a threat behavior pattern library, match the calling behaviors recorded in the information system with the threat behaviors in the threat behavior pattern library, obtain the judgment value of each matching calling behavior, and The judgment value of the threat behavior determines the weight of the threat behavior; the risk level is obtained by combining the weight of the threat behavior with the weight of the vulnerability and the weight of the remedial measures.

[0035] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments.

[0036] The present invention implements a method for information system security risk assessment, such as figure 1 As shown, the method includes the following steps:

[0037] Step 101: constructing a threat behavior pattern library;

[0038] Specifically, the specific threat behavior is used as the classifica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an information system security risk assessment method. The method includes the steps of constructing a threatening behavior model bank, matching calling behaviors recorded in an information system with threatening behaviors in the threatening behavior model bank to obtain decision values of the matched calling behaviors, determining weighted values of the threatening behaviors according to the decision values of the matched calling behaviors, and enabling the weighted values of the threatening behaviors to be combined with a vulnerability weighted value and a remedial measure weighted value to obtain a risk grade. The invention further discloses an information system security risk assessment device. Through the scheme of the information system security risk assessment method and device, security risks of the information system can be measured in multi-dimensional mode, the defects of existing risk evaluation quantification are greatly made up for, the accuracy and credibility of threat evaluation are improved, and the core problem of risk quantification of the information system can be solved; consequently, users can conveniently and objectively know the condition of running risks of the information system, and the risks of the information system can be perceived.

Description

technical field [0001] The present invention relates to information security technology, in particular to a method and device for information system security risk assessment. Background technique [0002] With the rapid development of IT technology, the development of the entire national economy is inseparable from the operation and support of information systems. How to ensure the safe operation of these information systems has become a top priority; according to the requirements of the "2006-2020 National Informatization Development Strategy", Comprehensively strengthening the construction of the national information security guarantee system requires all organizations to adhere to active defense and comprehensive prevention, explore and grasp the inherent laws of informatization and information security, and actively respond to information security challenges. [0003] In order to realize the initiative of information security, the key is to solve how to evaluate the info...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 李斌常乐
Owner SHANXI CHINA MOBILE COMM CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com