Unlock instant, AI-driven research and patent intelligence for your innovation.

Business analysis method and apparatus, and business security assessment method and system

A business analysis and evaluation system technology, applied in the field of business analysis methods and devices, can solve problems such as lack of pertinence, difficulty in finding security problems, unfamiliar business, etc., and achieve the effect of improving effectiveness

Inactive Publication Date: 2017-07-25
CHINA INFORMATION TECH SECURITY EVALUATION CENT
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1) The assessment object of the asset-oriented risk assessment method is the security of the information system and related infrastructure, and does not assess whether the business can operate safely;
[0006] 2) The asset-oriented risk assessment method can only find problems at the technical level, and it is difficult to find security problems at the business level that can affect the safe operation of the business;
[0007] 3) Due to the lack of pertinence in the asset-oriented risk assessment method, it is difficult to find key security issues that can affect the safe operation of the business;
[0008] 4) The asset-oriented risk assessment method is not familiar with the business to be assessed, so it is impossible to assess the business impact based on the discovered security problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Business analysis method and apparatus, and business security assessment method and system
  • Business analysis method and apparatus, and business security assessment method and system
  • Business analysis method and apparatus, and business security assessment method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0071] Please refer to Figure 1 to Figure 3 , this embodiment provides a business analysis method, including:

[0072] Step S1, a step of analyzing the business by using the enterprise architecture model.

[0073] Among them, the enterprise architecture model includes the business layer, data layer, application layer and infrastructure layer from top to bottom; the description of the business corresponds to the business layer; the input data, output data and control data corresponding to the business correspond to the data layer; The software application system that supports business corresponds to the application layer; the facilities that support the communication of the software application system and the hardware and software platform for information processing correspond to the infrastructure layer.

[0074] Please refer to figure 2 , software application system communication facilities and information processing hardware and software platform include network domain X...

Embodiment 2

[0090] Please refer to Figure 4 and Figure 5 , this embodiment provides a method for evaluating service security, including: the service analysis method in Embodiment 1. Through the service analysis method in Embodiment 1, through the corresponding relationship between layers corresponding to the service, the cause of the security problem of the service can be found, thereby improving the effectiveness of service sorting.

[0091] Wherein, after the steps of the business analysis method in Embodiment 1, it also includes:

[0092] Step S2, using the threat model to conduct threat analysis on the business, so as to generate the security requirements of the business itself.

[0093] In this embodiment, the STRIDE model of Microsoft Corporation is used for threat analysis, mainly analyzing six types of threats of counterfeiting, tampering, denial, information leakage, denial of service and privilege escalation, as shown in Table 2 below.

[0094] Table 2 STRIDE model

[0095...

Embodiment 3

[0124] Please refer to Figure 6 , this embodiment provides a service analysis device, including an analysis module 1; the analysis module 1 is used to analyze services by using an enterprise architecture model.

[0125] Among them, the enterprise architecture model includes the business layer, data layer, application layer and infrastructure layer from top to bottom; the description of the business corresponds to the business layer; the input data, output data and control data corresponding to the business correspond to the data layer; The software application system that supports business corresponds to the application layer; the facilities that support the communication of the software application system and the hardware and software platform for information processing correspond to the infrastructure layer.

[0126] Among them, the analysis module 1 is specifically used to combine the functional modeling in the integrated computer-aided manufacturing with the business laye...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a business analysis method and apparatus, and a business security assessment method and system, belongs to the technical field of information security, and solves the problem that an assessment result is lack of pertinence and validity due to ignorance of security demands of different businesses of a business layer and business operation security in an existing asset-oriented risk assessment method. The business analysis method comprises a step of analyzing a business by adopting an enterprise architecture model, wherein the enterprise architecture model comprises the business layer, a data layer, an application layer and an infrastructure layer from top to bottom; a business description corresponds to the business layer; input data, output data and control data corresponding to the business correspond to the data layer; a software application system supporting the business corresponds to the application layer; and a facility supporting communication of the software application system and information processing hardware and software platforms correspond to the infrastructure layer.

Description

technical field [0001] The invention belongs to the technical field of information security, and in particular relates to a business analysis method and device, and a business security evaluation method and system. Background technique [0002] At present, most information security risk assessment methods take the information system and related infrastructure that carry business operations as the assessment object, and conduct risk assessment by discovering the value, existing vulnerability, and threats of the information system and related infrastructure. This assessment method pays more attention to listing security issues from the technical level, but ignores the security requirements of different businesses at the business level and the security of the business itself, resulting in a lack of pertinence and effectiveness in the assessment results. [0003] Specifically, the threat identification in the asset-oriented risk assessment method is centered on the information / i...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/034
Inventor 陈锦佟鑫宋璟王禹李斌班晓芳
Owner CHINA INFORMATION TECH SECURITY EVALUATION CENT