Method and system for evaluating risk of information system

An information system and risk assessment technology, applied in the information system risk assessment method and system field, can solve problems such as unavailable assessment results, incomplete understanding of threat and vulnerability analysis, and unreliable risk assessment results, so as to improve the efficiency of prevention and control Effect

Inactive Publication Date: 2017-05-31
NSFOCUS INFORMATION TECHNOLOGY CO LTD +1
View PDF6 Cites 30 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The current traditional risk assessment method is usually to establish a risk assessment model to conduct qualitative analysis of the computer system. In reality, an assessment team composed of IT technical support members and business owners conducts qualitative assessment of risk levels, which often leads to threat and vulnerability analysis, etc. Factors are not fully understood; in addition, when the amount of risk assessment increases, the risk assessment results will become unreliable due to subjective factors
Since the various existing risk assessment mechanisms are often subjective, the assessment results vary from assessor to assessor and often become unusable

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for evaluating risk of information system
  • Method and system for evaluating risk of information system
  • Method and system for evaluating risk of information system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0018] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, rather than all embodiments . Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0019] see figure 1 As shown, the embodiment of the present invention provides a schematic flow chart of an information system risk assessment method, and the specific implementation method includes:

[0020] Step S101, obtaining a security risk report of an information system.

[0021] Step S102, according to the security risk report, determine the value of each basic risk element of each evaluation object in the information system, and ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and system for evaluating a risk of an information system. The method comprises the steps of obtaining a safety risk report of the information system; determining the values of basic elements of the risk of each evaluated object in the information system according to the safety risk report, wherein the basic elements of the risk at least include three basic elements of assets, threats and vulnerability; for any to-be-evaluated object, determining the loss caused by the risk according to a vulnerability value of the to-be-evaluated object and an asset value of the to-be-evaluated object; determining the possibility of the risk according to the vulnerability value of each to-be-evaluated object and the asset value of each to-be-evaluated object; and multiplying the loss caused by the risk and the possibility of the risk and then extracting a root to obtain the risk value of each to-be-evaluated object.

Description

technical field [0001] The invention relates to the field of network security, in particular to an information system risk assessment method and system. Background technique [0002] For computer systems, due to defects in the specific implementation of hardware, software and / or protocols in the computer system or system security policies, attackers can access or destroy the computer system without authorization. These flaws are also known as computer vulnerabilities. Some computers on the network have network threats due to vulnerabilities. With the rapid development of computer networks, computer systems that provide various services through computer networks are becoming more and more popular, and the losses caused by the loopholes in these computer systems are also greater. [0003] The current traditional risk assessment method is usually to establish a risk assessment model to conduct qualitative analysis of the computer system. In reality, an assessment team compose...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/20
Inventor 赵粤征肖岩军李瀛贠珊
Owner NSFOCUS INFORMATION TECHNOLOGY CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products