Data processing method and device
A data processing and indexing technology, applied in the field of network security, which can solve the problems of insufficient consideration of security situation statistics and inaccurate network security situation assessment results, and achieve accurate asset security situation assessment results, improve reliability, and statistics. Comprehensive effect of data
Active Publication Date: 2016-04-20
BEIJING AN XIN TIAN XING TECH CO LTD
4 Cites 26 Cited by
AI-Extracted Technical Summary
Problems solved by technology
However, these existing data processing methods do not fully consider the statistical data of the security situation, r...
Abstract
The invention discloses a data processing method and a data processing device. In the method and the device, the obtained asset vulnerability index is related to an asset polling vulnerability index, a bug vulnerability index and a configuration irregularity vulnerability index, and the obtained asset threat index is related to an asset security event threat value, a security alarm threat value and a security event threat value. Moreover, the asset security event threat value, the security alarm threat value and the security event threat value are obtained by processing logs of assets. Thus, when network security situation assessment data is processed, the method and the device consider the result of an asset polling inspection service, a bug inspection service, a configuration irregularity inspection service and integrated log and traffic analysis. Therefore, the data considered and counted by the method and the device is more comprehensive, the asset security situation assessment result obtained by the method and the device is more accurate, and the credibility of the asset security situation assessment result is improved.
Application Domain
Transmission
Technology Topic
Traffic volumeTraffic analysis +5
Image
Examples
- Experimental program(4)
Example Embodiment
[0054] Example one
[0055] figure 1 It is a schematic flow diagram of a data processing method in the security situation assessment process at the asset level provided in the first embodiment of the present invention. Such as figure 1 As shown, the method includes the following steps:
[0056] S11. Obtain the weight value, asset vulnerability index and asset threat index of the asset value of the specified asset;
[0057] The asset value is the inherent property of the asset, and the asset value is specified when the asset is added. Asset value is the characteristic value of asset importance. In the embodiment of the present invention, after a certain designated asset is determined, the asset value of the designated asset can be obtained, thereby further obtaining the weight value of the asset value.
[0058] In the embodiment of the present invention, the asset value can be divided into core asset A, key asset B, important asset C, general asset D and simple asset E, and the corresponding weight values are 100, 90, 60, 40, and 10 respectively. .
[0059] In the embodiment of the present invention, the vulnerability index of the asset is related to the asset inspection vulnerability index, the vulnerability vulnerability index, and the configuration non-compliance vulnerability index. The specific implementation method for obtaining the asset vulnerability index of the specified asset is as follows: figure 2 As shown, it includes the following steps:
[0060] S21. Obtain the vulnerability index of inspection business, vulnerability business vulnerability index and configuration non-compliant business vulnerability index of designated assets:
[0061] Among them, obtaining the vulnerability index of the inspection business of the designated asset includes:
[0062] A1. Perform patrol inspection business inspections on designated assets, and obtain the vulnerabilities of the designated assets in the operation process of patrol inspection business:
[0063] It should be noted that the vulnerability of the designated asset during the operation of the inspection business is the hidden security risk of the designated asset during the operation of the inspection business.
[0064] A2. Compare the vulnerabilities of the designated assets in the inspection business operation process with the inspection vulnerabilities dictionary database, and mark the risk levels of the designated assets' vulnerabilities in the inspection business operation process according to the comparison results; In the inspection vulnerability point dictionary database, the vulnerability points in the operation process of the inspection service are divided into different risk levels, and the vulnerabilities of different risk levels are set with different scores:
[0065] It should be noted that an asset corresponds to an inspection vulnerability dictionary database. The inspection vulnerability dictionary database includes all the vulnerabilities that may occur during the operation of the inspection business of an asset, and in the dictionary database, all the vulnerabilities that may appear are divided into different risk levels and different risk levels. The vulnerabilities are set with different points.
[0066] As an example, the corresponding scores of vulnerabilities of different risk levels are shown in Table 1 below:
[0067] Table 1
[0068] Vulnerability level
[0069] This step is specifically as follows: compare the vulnerabilities of the designated assets obtained in step A1 with the vulnerabilities in the patrol vulnerabilities dictionary database during the operation of the inspection business. After the specified asset obtained in step A1 matches the vulnerability in the inspection business operation process, mark the corresponding risk of the specified asset in step A1 according to the comparison result in the inspection business operation process grade. According to the risk level, the score of the vulnerability of the designated asset obtained in step A1 during the operation of the inspection service is determined.
[0070] A3. Accumulate the scores of the vulnerability points of the designated asset during the inspection service operation process, and when the accumulated value reaches the second preset value, it will not be accumulated, and the accumulated value obtained is the inspection service of the designated asset Vulnerability index:
[0071] In the embodiment of the present invention, the scores of all inspection vulnerability points of the same asset are accumulated. The score is not accumulated without limit, but a second preset value is set. When the accumulated value reaches the second preset value, it is no longer accumulated. As an example, the second preset value may be 100.
[0072] The cumulative value of the vulnerability point score of the designated asset in the inspection business operation process obtained by the above method is the inspection business vulnerability index of the designated asset.
[0073] Obtain the vulnerability business vulnerability index of the specified asset, including:
[0074] B1. Perform a vulnerability inspection service on the designated asset to obtain the security vulnerabilities of the designated asset.
[0075] B2. Compare the security vulnerabilities of the specified asset with the vulnerability resource database of the specified asset, and mark the risk level of the security vulnerabilities of the specified asset according to the comparison result; in the vulnerability resource database of the specified asset, Security vulnerabilities are divided into different danger levels, and security vulnerabilities of different danger levels have different scores:
[0076] It should be noted that an asset corresponds to a vulnerability resource library of an asset. A vulnerability resource library includes all security vulnerabilities that may occur during the operation of a vulnerable business. In addition, in the vulnerability resource database, all possible security vulnerabilities are classified into different risk levels, and the vulnerabilities of different risk levels are set with different scores.
[0077] As an example, the scores corresponding to security vulnerabilities of different risk levels are shown in Table 2.
[0078] Table 2
[0079] Vulnerability level
[0080] This step is specifically as follows: compare the security vulnerabilities of the specified asset obtained in step B1 during the operation of the vulnerability check business with the security vulnerabilities in the vulnerability resource database of the specified asset. When the vulnerability resource database of the specified asset is found After the specified assets obtained in step B1 match the security vulnerabilities that exist in the vulnerability check business operation process, mark the security vulnerabilities corresponding to the specified assets obtained in step B1 during the vulnerability check business operation according to the comparison result The hazard level. And according to the risk level, the score of the security vulnerabilities of the designated asset obtained in step B1 during the operation of the vulnerability inspection business is determined.
[0081] B3. Accumulate the scores of the security vulnerabilities of the specified asset during the operation of the vulnerability check business, and when the accumulated value reaches the third preset value, it will not be accumulated; the obtained accumulated value is the vulnerability of the specified asset’s vulnerability business Sex index:
[0082] In the embodiment of the present invention, all security vulnerability scores of the same asset implement a cumulative system. The score is not accumulated without limit, but a third preset value is set. When the accumulated value reaches the third preset value, it is no longer accumulated. As an example, the third preset value may be 100.
[0083] The cumulative value of the security vulnerability score of the specified asset during the operation of the vulnerability check business obtained by the above method is the vulnerability business vulnerability index of the specified asset.
[0084] Obtain the non-compliant business vulnerability index of the designated asset allocation, including:
[0085] C1. Perform configuration compliance checks on designated assets to obtain configuration information of designated assets that does not meet the safety requirements for normal business operations.
[0086] C2. Compare the configuration information that does not meet the safety requirements of normal business operation with the configuration resource library of the designated asset, and mark the danger level of the configuration information that does not meet the safety requirements of normal business operation; In the database, the configuration information that does not meet the safety requirements of normal business operation is divided into different danger levels, and the configuration information of different danger levels that does not meet the safety requirements of normal business operation is set with different scores:
[0087] It should be noted that an asset corresponds to a configuration resource library. The configuration resource database includes all configuration information that may exist in the configuration compliance check process for an asset that does not meet the security requirements for normal business operation. And in the configuration resource database, all the configuration information that may exist that does not meet the safety requirements of the normal operation of the business is divided into different risk levels, and different risk levels are set with different scores.
[0088] As an example, the scores corresponding to the non-compliant configuration information of different risk levels are shown in Table 3 below:
[0089] table 3
[0090] Vulnerability level
[0091] This step is specifically as follows: compare the configuration information of the designated asset obtained in step C1 that does not meet the security requirements of normal business operation during the configuration compliance check operation with the non-compliant configuration information in the inspection vulnerability dictionary database , When the inspection vulnerability dictionary database finds the configuration information that matches the configuration information that does not meet the safety requirements of the normal operation of the business during the configuration compliance check operation of the specified asset obtained in step C1, according to the ratio The result is marked with the risk level corresponding to the vulnerability of the specified asset obtained in step C1 during the configuration compliance check operation. According to the risk level, the score of the configuration information that does not meet the safety requirements of normal business operation of the designated asset obtained in step C1 during the configuration compliance check operation is determined.
[0092] C3. Accumulate the scores of the non-compliant configuration information of the specified asset during the configuration compliance check process. When the accumulated value reaches the fourth preset value, it will no longer be accumulated, and the accumulated value obtained is the specified asset The configuration of non-compliant business vulnerability index:
[0093] In the embodiment of the present invention, all non-compliant configuration information scores of the same asset implement a cumulative system. The score is not accumulated without limit, but a fourth preset value is set. When the accumulated value reaches the fourth preset value, it is no longer accumulated. As an example, the fourth preset value may be 100.
[0094] The cumulative value of the non-compliant configuration information score of the specified asset during the configuration compliance check operation process obtained by the above method is the configuration non-compliant business vulnerability index of the specified asset.
[0095] S22. Compare the size of the inspection business vulnerability index, the vulnerability business vulnerability index, and the configuration non-compliant business vulnerability index of the specified asset. When at least one of the indexes is not zero, the asset vulnerability index of the specified asset Determine the index with the largest value; when the three indexes are all zero, determine the asset vulnerability index of the specified asset as the first preset value:
[0096] In the short-board effect, the various parts of the organization often have different advantages and disadvantages, and the disadvantaged parts often determine the level of the entire organization. Therefore, when at least one of the inspection business vulnerability index, the vulnerability business vulnerability index, and the configuration non-compliant business vulnerability index of the specified asset is not zero, the vulnerability of the specified asset will be specified in the embodiment of the present invention. The asset vulnerability index of the asset is determined to be the largest value among the inspection business vulnerability index, the vulnerability business vulnerability index and the configuration non-compliant business vulnerability index. This is because the larger the vulnerability index, the less secure the asset is.
[0097] When the designated asset does not have any vulnerabilities, and the inspection business vulnerability index, vulnerability business vulnerability index, and configuration non-compliant business vulnerability index of the designated asset are all zero, the embodiment of the present invention sets the asset vulnerability of the designated asset The index is determined as the first preset value. The first preset value is not equal to 0, and is usually a very small value greater than 0. As an example, the value of the first preset value is 0.01. The asset vulnerability index calculated using the first preset value has little effect on the asset safety index.
[0098] In addition, it should be noted that for assets, its threat not only depends on the actual threats in the operation process, it also depends on the actual operating environment on which it depends. Among them, the actual threats in the operation process are related to the security event threat value, security alarm threat value and security event threat value of the asset.
[0099] Among them, the process of obtaining the asset threat index of the specified asset is as follows image 3 As shown, it specifically includes:
[0100] S31. Obtain the actual threat value of the specified asset, where the actual threat value of the specified asset is the sum of the security event threat value, the security alarm threat value, and the security event threat value of the specified asset.
[0101] S32. Calculate the asset threat index of the specified asset according to the actual operating environment and actual threat value of the specified asset and their respective weights:
[0102] It should be noted that the threat of the actual operating environment of the specified asset to the asset cannot be obtained through the detection value of the asset itself. Regarding the two factors that affect the threat of assets: the actual operating environment and the actual threat value, the embodiments of the present invention assign different weights respectively, and the asset threat index of the specified asset is obtained by weighted summation of these two factors.
[0103] As an example, the weight of the actual operating environment may be 20%, and the weight of the actual threat value is 80%. In addition, the embodiment of the present invention also sets that the score corresponding to the actual operating environment may be 5 points.
[0104] As a specific implementation of the present invention, the foregoing obtaining the actual threat value of the specified asset specifically includes:
[0105] D1. Obtain the security event threat value, security alarm threat value and security event threat value of the specified asset.
[0106] D2. Calculate the actual threat value of the specified asset as the sum of the security event threat value, security alarm threat value, and security event threat value of the specified asset, and the result obtained is the actual threat value of the specified asset.
[0107] Among them, obtaining the security event threat value of the specified asset includes:
[0108] E1. Perform security affairs business on designated assets, integrate and normalize the logs of designated assets, and obtain information that threatens the security of designated assets.
[0109] E2. The information threatening the security of the designated asset is formed into a security event of the designated asset; each security event is set with a first score:
[0110] As an example, the first point value set is 0.01 points.
[0111] E3. Count the security situation of the designated asset, and accumulate the scores of the security situation of the designated asset. When the accumulated value reaches the fifth preset value, no accumulation is required, and the accumulated value obtained is the security situation threat value of the designated asset:
[0112] As an example, the fifth preset value may be 10.
[0113] Obtain the security alarm threat value of a specified asset, including:
[0114] F1. Carry out security alarm business on designated assets, and form security alarms from the security events in the specified assets that meet specific rules; each security alarm is set with a second score:
[0115] As an example, the second point value may be 0.1 points.
[0116] F2. Calculate the security alarms of the specified assets, and accumulate the scores of the security alarms of the specified assets. When the accumulated value reaches the sixth preset value, it will no longer be accumulated. The accumulated value obtained is the security alarm threat value of the specified asset:
[0117] As an example, the sixth preset value may be 30.
[0118] Obtain the security event threat value of a specified asset, including:
[0119] G1. Carry out security incident business on designated assets, conduct artificial analysis and qualitative analysis of the security alarms in the designated assets to form a security event; each security event is set with a third score:
[0120] As an example, the third point value may be 4 points.
[0121] G2. Count the security events of the specified asset, and accumulate the scores of the security events of the specified asset. When the accumulated value reaches the seventh preset value, it will no longer be accumulated, and the accumulated value obtained is the security event threat value of the specified asset:
[0122] As an example, the seventh preset value may be 40.
[0123] S12. Calculate the vulnerability loss of the specified asset according to the weight value of the asset value of the specified asset and the asset vulnerability index:
[0124] As an example, the calculation formula for calculating the vulnerability loss of the specified asset according to the weight value of the asset value of the specified asset and the asset vulnerability index is as shown in formula (1):
[0125] F ( A , V ) = A · V - - - ( 1 )
[0126] Among them, F(A,V) is the vulnerability loss of the designated asset;
[0127] A is the weight value of the asset value of the specified asset;
[0128] V is the asset vulnerability index of the designated asset.
[0129] S13. Calculate the threatening loss of the designated asset according to the asset vulnerability index and asset threat index of the designated asset:
[0130] As an example, the calculation formula for calculating the threat loss of the specified asset according to the asset vulnerability index and asset threat index of the specified asset is as shown in formula (2):
[0131] L ( T , V ) = T · V - - - ( 2 )
[0132] Among them, L(T,V) is the threatening loss of the designated asset;
[0133] T is the asset threat index of the specified asset;
[0134] V is the asset vulnerability index of the designated asset.
[0135] S14. Calculate the asset risk value of the specified asset according to the asset vulnerability loss of the specified asset and the threatening loss of the specified asset:
[0136] As an example, according to the asset vulnerability loss of the designated asset and the threatening loss of the designated asset, the calculation formula for calculating the asset risk value of the designated asset is as shown in formula (3):
[0137] R a = F ( A , V ) · L ( T , V ) - - - ( 3 )
[0138] S15. Calculate the asset safety index of the designated asset according to the asset risk value of the designated asset. :
[0139] As an example, calculating the asset safety index of the specified asset according to the asset risk value of the specified asset is shown in formula (4):
[0140] R e =100-R a (4).
[0141] The above is the data processing method in the security situation assessment process at the asset level provided by the embodiments of the present invention. The asset safety index obtained by this data processing method can evaluate the security situation of the designated asset at the asset level. Among them, the greater the asset safety index of the designated asset, the more secure the designated asset is at the asset level.
[0142] As a specific embodiment of the present invention, the asset safety index can be set to multiple different security levels according to the value range of the asset safety index. Determine the security level of the specified asset at the asset level according to the asset security index obtained above.
[0143] It should be noted that in the above-mentioned data processing method, the calculated asset vulnerability index and asset safety index are obtained by considering asset inspection services, vulnerability inspection services, configuration compliance inspection services, logs and traffic Comprehensive analysis results. Therefore, compared with the prior art, the data processing method provided by the present invention has more comprehensive consideration and statistical data. Therefore, the asset security situation assessment result obtained based on the method of the present invention is more accurate, and the asset security situation assessment result is improved. Credibility.
Example Embodiment
[0145] Example two
[0146] It should be noted that the business system is determined by the business content carried by the asset and divided by customers, such as OA system, mail system, etc. The network security situation assessment at the business system level needs to consider the security status of the assets under the business system. For an asset, the business system is also one of its attributes, used to indicate the business content carried by the asset. Each asset belongs to a business system, and each business system can have multiple assets. There is a one-to-many relationship between business systems and assets.
[0147] The data processing method of the network security situation assessment process at the business system level includes: calculating a business system's business system security index, business system threat index, and business system vulnerability index;
[0148] Among them, the process of calculating the business system security index of a business system is as follows: Figure 4 As shown, specifically including:
[0149] S41. Obtain the security risk values of all assets belonging to a business system:
[0150] According to the data processing method in the asset-level security situation assessment process provided in the first embodiment above, the security risk values of all assets belonging to a business system are obtained.
[0151] S42. Calculate the security risk index of the business system according to the security risk value of all assets belonging to a business system:
[0152] Among them, in SIEM, the security risk index R of each business system n Determined by the security risk value of all assets belonging to the business system. Specifically, the security risk index of a single business system is the geometric average of the security risk values of all assets under the business system. Among them, the calculation formula of the security risk index of a single business system is shown in formula (5):
[0153] R n = Π i = 1 n R a i n - - - ( 5 )
[0154] In formula (5), n represents n assets under a single business system, where n is a positive integer;
[0155] R ai Is the asset risk value of asset i.
[0156] S43. Calculate the security index of the business system according to the security risk index of the business system:
[0157] As an example, calculate the security index R of a single business system based on the security risk index of the business system e-n The specific calculation formula of is shown in formula (6):
[0158] R e-n =100-R n (6).
[0159] As a specific embodiment of the present invention, the business system threat index of a business system is calculated as Figure 5 As shown, specifically including:
[0160] S51. Obtain the threat index of all assets belonging to a business system and the weight value of the asset value of all assets:
[0161] According to the data processing method in the security situation assessment process at the asset level provided in the first embodiment above, the threat indexes of all the assets belonging to a business system are obtained.
[0162] The asset value is the inherent property of the asset, and the asset value is specified when the asset is added. Asset value is the characteristic value of asset importance. In the embodiment of the present invention, when a certain designated asset is determined, the weight value of the asset value of the designated asset can be obtained.
[0163] S52. Calculate the business system threat index of the business system according to the threat index of all assets belonging to a business system and the weight value of the asset value of all the assets:
[0164] It should be noted that in SIEM, the threat index T of each business system n Determined by the threat index of all assets belonging to the business system. Threat index T of a single business system n Is the threat index T of all assets under the business system i The weighted average of, where the weight is the asset value of each asset. The corresponding calculation formula is shown in formula (7):
[0165] T n = X i = 1 n A i * T i X i = 1 n A i - - - ( 7 )
[0166] Among them, n indicates that there are n assets under a single business system, where n is a positive integer;
[0167] A i Is the weight value of the asset value of asset i;
[0168] T i Is the threat index of asset i.
[0169] As a specific embodiment of the present invention, the process of calculating the business system vulnerability index of a business system is as follows: Image 6 As shown, specifically including:
[0170] S61. Obtain the vulnerability index of all assets belonging to a business system and the asset value of all assets:
[0171] According to the data processing method in the asset-level security situation assessment process provided in the first embodiment above, the vulnerability indexes of all assets belonging to a business system are obtained.
[0172] The asset value is the inherent property of the asset, and the asset value is specified when the asset is added. Asset value is the characteristic value of asset importance. In the embodiment of the present invention, when a certain designated asset is determined, the asset value of the designated asset can be obtained.
[0173] S62. Calculate the business system vulnerability index of the business system based on the vulnerability index of all assets belonging to a business system and the asset value of all assets:
[0174] It should be noted that in SIEM, the vulnerability of each business system V n Determined by the vulnerability index of all assets belonging to the business system. Vulnerability index of a single business system V n It is the weighted average value of the vulnerability index Vi of all assets under the business system, where the weight is the asset value of each asset. The corresponding calculation formula is shown in formula (8):
[0175] V n = X i = 1 n A i * V i X i = 1 n A i - - - ( 8 )
[0176] Among them, n indicates that there are n assets under a single business system, where n is a positive integer;
[0177] A i Is the weight value of the asset value of asset i;
[0178] V i Is the vulnerability index of asset i.
[0179] The foregoing is the specific implementation manner of the data processing method in the network security situation assessment process at the service system level provided in the second embodiment of the present invention. In this embodiment, according to the asset value, asset safety index, asset vulnerability index, and asset threat index of each of its assets, the corresponding business system security index, business system threat index and Business system vulnerability index.
Example Embodiment
[0181] Example three
[0182] It should be noted that a customer has multiple business systems, so the security status at the customer level is determined by all business systems belonging to the customer. The data processing method of the network security situation assessment process at the customer level includes: calculating the customer safety index, the customer threat index and the customer vulnerability index.
[0183] As a specific embodiment of the present invention, the method for calculating the customer safety index is as follows Figure 7 Shown, including:
[0184] S71. Obtain the security risk indexes of all business systems owned by a customer and the weights of each business system level:
[0185] According to the data processing method described in the second embodiment, the security risk indexes of all business systems owned by a customer are obtained.
[0186] It should be noted that, in the embodiment of the present invention, different business systems are provided with different levels. As an example, the business system level is divided into 5 levels, which are A’, B’, C’, D’, and E’ in descending order of importance. A’ is the most important business system level, and E’ is the least important business system level. Among them, the weight ω occupied by A’ A Is 100, the weight ω occupied by B’ B Is 90, the weight ω occupied by C’ C Is 60, the weight ω occupied by D’ D Is 40, the weight ω occupied by E’ E Is 10.
[0187] According to each business system owned by a single customer, the weight of the business system level corresponding to all each system is obtained.
[0188] S72. Calculate the customer security risk index based on the security risk index of all business systems owned by the customer and the weight of each business system level:
[0189] It should be noted that in the safety operation system, the customer’s safety risk index R all Determined by the security risk index of all business systems belonging to the customer. Specifically, the customer safety risk index R all Security risk index R for all customer business systems n The weighted average of. The weight is the weight of each business level, and its calculation formula is shown in formula (9):
[0190] R a l l = X i = 1 n ω i * R i X i = 1 n ω i - - - ( 9 )
[0191] Among them, n is the number of business systems owned by the customer, where n is a positive integer;
[0192] ω i Is the weight of the business system level corresponding to business system i;
[0193] R i Is the security risk index of business system i.
[0194] S73. Calculate the customer’s safety index according to the customer’s safety risk index:
[0195] As an example, calculate the customer’s safety index R based on the customer’s safety risk index e-all The calculation formula of is shown in formula (10):
[0196] R e-all =100-R all (10)
[0197] As a specific embodiment of the present invention, the method of calculating the customer threat index is as follows Picture 8 Shown, including:
[0198] S81. Obtain the threat index of all business systems owned by a customer and the weight of each business system level:
[0199] According to the data processing method described in the second embodiment, the threat indexes of all business systems owned by a customer are obtained.
[0200] According to each business system owned by a single customer, the weight of the business system level corresponding to all each system is obtained.
[0201] S82. Calculate the threat index of the customer according to the threat index of all business systems owned by the customer and the weight of each business system level:
[0202] It should be noted that in the security operation system, the customer’s threat index T all Determined by the threat index of all business systems belonging to the customer. Specifically, the customer threat index T all Threat index T for all customer business systems n The weighted average of. The weight is the weight of each business level, and its calculation formula is shown in formula (11):
[0203] T a l l = X i = 1 n ω i * T i X i = 1 n ω i - - - ( 11 )
[0204] Among them, n is the number of business systems owned by the customer, where n is a positive integer;
[0205] ω i Is the weight of the business system level corresponding to business system i;
[0206] T i Is the threat index of business system i.
[0207] As a specific embodiment of the present invention, the customer vulnerability index is calculated as Picture 9 Shown, including:
[0208] S91. Obtain the vulnerability index of all business systems owned by a customer and the weight of each business system level:
[0209] According to the data processing method described in the second embodiment, the vulnerability indexes of all business systems owned by a customer are obtained.
[0210] According to each business system owned by a single customer, the weight of the business system level corresponding to all each system is obtained.
[0211] S92. Calculate the customer's vulnerability index according to the business system vulnerability index of all business systems owned by the customer and the weight of each business system level.
[0212] It should be noted that in the security operation system, the customer's vulnerability index R all Determined by the vulnerability index of all business systems belonging to the customer. Specifically, the customer vulnerability index R all Vulnerability index R for all business systems of customers n The weighted average of. The weight is the weight of each business level, and its calculation formula is shown in formula (12):
[0213] V a l l = X i = 1 n W i * V i X i = 1 n W i - - - ( 12 )
[0214] Among them, n is the number of business systems owned by the customer, where n is a positive integer;
[0215] ω i Is the weight of the business system level corresponding to business system i;
[0216] V i Is the vulnerability index of business system i.
[0217] The above is the specific implementation of the data processing method in the network security situation assessment process at the customer level provided in the third embodiment of the present invention. In this specific implementation, different security levels can be divided according to the security index of the customer. If the customer’s security index falls within the range of (90-100), the overall security of the client’s system is considered to be very safe; if the index falls within the range (75-90], the security is considered to be described as safe; if the index belongs to (50-75] range, consider its safety description as good; if the index falls within the (15-50] range, consider its safety description as dangerous; if the index falls within the [0-15] range, consider its safety description It is very dangerous.
[0218] According to the data processing methods described in the first to third embodiments, the data processing method provided by the present invention can evaluate the network security situation at the asset level, and the data processing method provided by the present invention can also be applied to the business system level and Security posture assessment at the customer level. In this way, the data processing method provided by the present invention can calculate the data of the network security situation hierarchically according to the operating conditions, so that the obtained security index is well documented.
[0219] In addition, the data processing method provided by the present invention can process the data of the network situation assessment process at multiple levels, so as to obtain the security index at multiple levels. Specifically, the data processing method provided by the present invention can not only calculate the security index of a single asset, but also calculate the security index of the business system at the level of the business system where the asset is located, and finally calculate the customer level at the customer level. Safety index. In this way, the security index calculated layer by layer is credible and well documented. In this way, users' perception of the security status of systems and assets in different dimensions can be improved.
[0220] In addition, by using this data processing method, the current system security status can be obtained in time through the daily security index, and can be compared with yesterday’s changes, and the fastest understanding of the system security change trend. Through the security situation history comparison, the security of the unit’s business system can be fully reported. Maintenance status and results of safe operation and maintenance work.
PUM
Description & Claims & Application Information
We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.
Similar technology patents
Block chain-based reconciliation system, method and device and electronic equipment
Owner:ADVANCED NEW TECH CO LTD
Method and system for determining overall state of converter valve
Owner:CHINA ELECTRIC POWER RES INST +3
Image recognition method and system, storage medium and processor
Owner:ALIBABA GRP HLDG LTD
Lost person guiding method based on blockchain technology
Owner:FUJIAN UNIV OF TECH