Check patentability & draft patents in minutes with Patsnap Eureka AI!

Security risk assessment method and device for information system and apparatus

A security risk and information system technology, which is applied in the field of computer-readable storage media and information system security risk assessment, can solve the problem of low assessment speed, achieve the effect of increasing the speed and avoiding the calculation process

Pending Publication Date: 2019-08-09
GUANGDONG POWER GRID CO LTD +1
View PDF4 Cites 5 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] The purpose of this application is to provide a security risk assessment method, device, equipment and computer-readable storage medium for an information system to solve the problem of low assessment speed of traditional security risk assessment schemes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security risk assessment method and device for information system and apparatus
  • Security risk assessment method and device for information system and apparatus
  • Security risk assessment method and device for information system and apparatus

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0041] The following describes the first embodiment of a security risk assessment method for an information system provided by this application, see figure 1 , The first embodiment includes:

[0042] Step S101: by querying the pre-created asset description file, vulnerability description file, and threat description file, the asset value parameters, vulnerability parameters, and threat intensity parameters of the assets to be assessed are determined respectively;

[0043] Information system (Information system) is a human-machine integrated system composed of computer hardware, network and communication equipment, computer software, information resources, information users and rules and regulations for the purpose of processing information flow. The software and hardware in the information system can be called information assets. Security risks are potential and unoccurring dangers of information assets. Due to the existence of security risks, information assets may be dangerous und...

Embodiment 2

[0051] See figure 2 , The second embodiment specifically includes:

[0052] Step S201: Determine the assets to be evaluated in the information system;

[0053] The specific determination method may be determined according to user requests, or the assets to be assessed may be filtered out from the information system according to preset rules. This embodiment does not limit the number of assets to be assessed.

[0054] Step S202: Determine the asset value level, vulnerability level, and threat intensity level of the asset to be assessed by querying the pre-created asset description table, vulnerability description table, and threat description table;

[0055] For the asset description table, the creation process is as follows: create an asset description table, divide different categories and sub-categories of assets in the table, and identify the asset value of different categories. Specifically, the identification level can be divided into "very low" and "low" , "Medium", "High", "Hi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a security risk assessment method for an information system. According to the method, an asset description file, a vulnerability description file and a threat description fileare created in advance, during the evaluation process, the asset value parameter, the vulnerability parameter and the threat intensity parameter of the to-be-evaluated asset can be found from the description file, the the loss degree parameter and the risk probability parameter of the to-be-evaluated asset are determined according to the parameters, and finally the security risk evaluation resultof the to-be-evaluated asset is determined. Therefore, according to the method, the description files used for describing the value, the vulnerability and the threat strength of the assets are createdin advance, the security risk parameters can be determined by directly searching the description files during the assessment process, finally, the security risk assessment result is determined, so that the complex calculation process is avoided, and the security risk assessment speed is increased. The invention further provides a security risk assessment device for the information system, an apparatus and a computer readable storage medium which have the effects corresponding to the effects of the above method.

Description

Technical field [0001] This application relates to the field of information security, in particular to a security risk assessment method, device, equipment and computer-readable storage medium of an information system. Background technique [0002] With the development of network technology and the deepening of the Internet informatization process, information systems and related products have been deployed in various industries and become supporting tools for informatization. However, the security problems faced by the country have become increasingly severe. , Organizations, or individuals have brought huge challenges. Therefore, timely understanding or comprehensive grasp of the risks faced by the information systems they operate has become a key concern of the information security community, and risk assessment is the main means or tool to solve this problem. [0003] From the perspective of network and information security, risk assessment is the process of comprehensively stu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 沈伍强吴勤勤周昉昉沈桂泉
Owner GUANGDONG POWER GRID CO LTD
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com