Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and system for assessing information security risks based on asset dependencies

An information system and dependency technology, applied in transmission systems, electrical components, etc., can solve problems such as inaccurate risk assessment results

Active Publication Date: 2020-03-20
STATE GRID HUNAN ELECTRIC POWER +2
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, the existing information security risk assessment methods mainly do not have the security dependencies between information assets, resulting in inaccurate risk assessment results.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for assessing information security risks based on asset dependencies
  • A method and system for assessing information security risks based on asset dependencies
  • A method and system for assessing information security risks based on asset dependencies

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0086] The present invention will be further described below in conjunction with examples.

[0087] Such as figure 1 As shown, the embodiment of the present invention provides an information security risk assessment method based on asset dependencies, including the following steps:

[0088] Step 1: Obtain the scope of information assets in the information system to be evaluated, and divide the assets into blocks according to the logical network location and / or asset function of the assets;

[0089] Step 2: Identify the threat, vulnerability, and asset importance of the information system to be assessed, and obtain the asset importance value, threat threat value, and vulnerability vulnerability value;

[0090] Step 3: Use the dependency structure matrix to calculate and construct the security dependency matrix between assets, and use the Delphi method to determine the risk transmission coefficient between assets and construct the risk transmission relationship based on the se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a method and system for assessing information security risks based on asset dependencies. The method includes the following steps: 1: Obtain the scope of assets in the information system to be evaluated, and divide the assets into blocks; Step 2: Identify the assets to be evaluated Threats and vulnerabilities of information systems and the importance of assets, and obtain the importance value of assets, the threat value of threats and the vulnerability value of vulnerabilities; Step 3: use the dependency structure matrix to calculate and construct the security dependency matrix between assets , and use the Delphi method to determine the risk transmission coefficient between assets and construct the risk transmission relationship; Step 4: Calculate the internal risk value of each block according to the risk transmission relationship and the importance, threat value and vulnerability value of the assets, The external risk value and the overall risk value of the information system to be assessed. The present invention can more accurately identify the weak links of the system through the above method, and obtain more reliable information security risk assessment results.

Description

technical field [0001] The invention belongs to the field of network security, and in particular relates to an information security risk assessment method and system based on asset dependencies. Background technique [0002] With the promulgation and implementation of the "Network Security Law of the People's Republic of China", the protection of key information infrastructure has become an act of the country's will, and has become an important part of the information construction of large enterprises such as energy, telecommunications, and finance. Due to the continuous development of hacking technology, new types of information security vulnerabilities are constantly being discovered, and various types of network information security incidents occur frequently, causing heavy losses to enterprises and the country. The use of information security risk assessment methods to identify and analyze assets, technical means, threats, etc. in the enterprise information system, to di...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/1416H04L63/20
Inventor 乔宏田建伟田峥黎曦朱宏宇
Owner STATE GRID HUNAN ELECTRIC POWER
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com