An information security risk assessment method

A technology for risk assessment and information security, applied in the field of information security, it can solve the problems of ignoring potential threats, single assessment items, and small assessment scope, and achieves the effect of clear description and processing plan, high risk visualization, and wide assessment scope.

Active Publication Date: 2020-09-15
航天科工智慧产业发展有限公司
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The above method is a threat assessment of security events generated by vulnerability and virus early warning information. The assessment items are single, the scope of assessment is small, potential threats are ignored, and custom rule assessment is not supported.
Since this evaluation method does not support custom evaluations, there are many obstacles in alert processing
In terms of evaluation data, the content is one-sided, lack of risk description and treatment plan, and potential threats are not reflected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • An information security risk assessment method
  • An information security risk assessment method
  • An information security risk assessment method

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment

[0038] The first step is to define the risk assessment data entity class:

[0039] Define entity class attributes, basic asset information attributes, such as asset number, name, asset value, etc., risk attributes, such as threat, vulnerability, risk value, risk level and other attributes are used as package evaluation data.

[0040] The second step is to configure risk assessment rules and risk baselines. The specific process can be as follows figure 1 Shown:

[0041] 1. Configure the security attribute level and level description of asset value. Security attributes include availability, integrity, and confidentiality, which are used to calculate the value of assets.

[0042] 2. Configure the risk type, judgment standard, level and value level of the threat risk coefficient and define the rules of this level. The risk type includes vulnerability and threat, which is used to evaluate the risk according to the rules and judgment standards.

[0043] 3. Configure the type of as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an information safety risk assessment method and relates to the technical field of information safety. The method is complete in assessment item and wide in assessment range, supports custom rule assessment, can find threats and potential threats in time and can carry out early warning processing better; and meanwhile, assessment data is comprehensive in data content, risk visualization is high, and embodiment of the potential threats and description of risk conditions and processing schemes are clear.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to an information security risk assessment method. Background technique [0002] Network and information security is one of the strategic objectives of the development of the information industry. The "National Long-Term Science and Technology Development Plan (2006-2020)" clearly stated: "Develop network information security technology and related products, and establish an information security technology guarantee system." [0003] At present, in the field of network and information security, risk assessment is mainly carried out through the method of threat assessment, that is, according to the security incidents generated by vulnerability warning information and virus warning information, threat screening is performed on security incidents, risk levels are identified, and the corresponding Information asset information, generating risk assessment data. [...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06G06F21/57
CPCG06F21/577H04L63/1433
Inventor 韩腾飞
Owner 航天科工智慧产业发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap