Asset dependence relation-based information security risk evaluation method and system

A dependency and information system technology, applied in transmission systems, electrical components, etc., can solve problems such as inaccurate risk assessment results

Active Publication Date: 2018-03-20
STATE GRID HUNAN ELECTRIC POWER +2
View PDF8 Cites 27 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the existing information security risk assessment methods mainly do not have the

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Asset dependence relation-based information security risk evaluation method and system
  • Asset dependence relation-based information security risk evaluation method and system
  • Asset dependence relation-based information security risk evaluation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0086] The present invention will be further described below in conjunction with examples.

[0087] Such as figure 1 As shown, the embodiment of the present invention provides an information security risk assessment method based on asset dependencies, including the following steps:

[0088] Step 1: Obtain the scope of information assets in the information system to be evaluated, and divide the assets into blocks according to the logical network location and / or asset function of the assets;

[0089] Step 2: Identify the threat, vulnerability, and asset importance of the information system to be assessed, and obtain the asset importance value, threat threat value, and vulnerability vulnerability value;

[0090] Step 3: Use the dependency structure matrix to calculate and construct the security dependency matrix between assets, and use the Delphi method to determine the risk transmission coefficient between assets and construct the risk transmission relationship based on the sec...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an asset dependence relation-based information security risk evaluation method and system. The method comprises the following steps of acquiring an asset range in a to-be-evaluated information system, and dividing the asset into blocks; identifying threats, vulnerability and asset significance of the to-be-evaluated information system, and acquiring significance value of the asset, threat value of the threat, and a vulnerability value of the vulnerability; calculating to build a security dependence relation matrix of assets by using a dependence structure matrix, determining a risk conduction coefficient of the assets by using a Delphi method and building a risk conduction relation; and calculating interior risk value and an exterior risk value of each block and overall risk value of the to-be-evaluated information system according to the risk conduction relation and asset significance, threat value and vulnerability value. The method can acquire a weak link ofthe system more accurately, and acquire more reliable information security risk evaluation results.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to an information security risk assessment method and system based on asset dependencies. Background technique [0002] With the promulgation and implementation of the "Network Security Law of the People's Republic of China", the protection of key information infrastructure has become an act of the country's will, and has become an important part of the information construction of large enterprises such as energy, telecommunications, and finance. Due to the continuous development of hacking technology, new types of information security vulnerabilities are constantly being discovered, and various types of network information security incidents occur frequently, causing heavy losses to enterprises and the country. The use of information security risk assessment methods to identify and analyze assets, technical means, threats, etc. in the enterprise information system, to di...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/20
Inventor 乔宏田建伟田峥黎曦朱宏宇
Owner STATE GRID HUNAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap