Risk rating method and device for security vulnerabilities of information system, equipment and storage medium

An information system and vulnerability technology, which is applied in the field of information system security, can solve the problems of affecting the priority of dealing with vulnerability threats, poor applicability, time-consuming and labor-consuming, etc., to achieve objective and accurate rating results, improve applicability, and reduce subjective factors Effect

Pending Publication Date: 2022-01-28
SHANGHAI PUDONG DEVELOPMENT BANK
View PDF0 Cites 1 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] At present, the CVSS general vulnerability scoring system is the most used. In specific applications, this model can reflect the possibility of a system being successfully invaded by predicting the vulnerability risk score. However, in actual application, the system model has many index items

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Risk rating method and device for security vulnerabilities of information system, equipment and storage medium
  • Risk rating method and device for security vulnerabilities of information system, equipment and storage medium
  • Risk rating method and device for security vulnerabilities of information system, equipment and storage medium

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] figure 1 It is a flow chart of a risk rating method for information system security vulnerabilities provided in Embodiment 1 of the present invention. This embodiment is applicable to rapidly and accurately grading the risks of system security vulnerabilities in an information system security processing platform. method, the method can be executed by a risk rating device for information system security vulnerabilities, the device can be implemented by software and / or hardware, the device can be configured in the server of the processing platform, refer to figure 1 , including the following steps:

[0028] Step 110, determine the vulnerability type according to the location of the vulnerability to be rated;

[0029] Among them, there are many types of security vulnerabilities in information systems. Different types of vulnerabilities occur in different locations, and the risk levels they bring are also different. For example, SQL injection vulnerabilities at the user-...

Embodiment 2

[0052] figure 2 It is a flowchart of a risk rating method for information system security vulnerabilities provided in Embodiment 2 of the present invention. On the basis of the first embodiment above, optionally, refer to figure 2 , determine the corresponding risk rating indicators and content according to the type of vulnerability, including the following steps:

[0053] Step 210, determine the vulnerability type according to the location of the vulnerability to be rated;

[0054] Step 220, when the vulnerability to be rated is an application security vulnerability, determine the vulnerability occurrence probability index according to the information system access volume and information system access method; determine the vulnerability hazard level index according to the loss caused by the vulnerability to the owner of the information system; Using the difficulty of successfully obtaining the benefit, determine the exploit difficulty metric.

[0055]Among them, when the...

Embodiment 3

[0067] image 3 It is a flow chart of a risk rating method for information system security vulnerabilities provided in Embodiment 3 of the present invention. On the basis of the above embodiments, optionally, refer to image 3 , determine the corresponding risk rating indicators and content according to the type of vulnerability, and also include the following steps:

[0068] Step 310, determine the vulnerability type according to the location of the vulnerability to be rated;

[0069] Step 320, when the vulnerability to be rated is a system software security vulnerability, determine the vulnerability occurrence probability index according to the login status of the vulnerability scanning tool before scanning; determine the vulnerability hazard level index according to the vulnerability hazard rating result in the vulnerability scanning tool scanning result; Whether the tool can automatically exploit successfully after obtaining the preliminary scanning results determines th...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a risk rating method and device for security vulnerabilities of an information system, equipment and a storage medium. The risk rating method for the security vulnerabilities of the information system comprises the following steps: determining vulnerability types according to positions of to-be-rated vulnerabilities; determining a corresponding risk rating index and content according to the vulnerability type, wherein the risk rating indexes comprise a vulnerability occurrence probability index, a vulnerability hazard level index and a vulnerability utilization difficulty index; quantifying the content of each risk rating index to obtain a quantized value of each risk rating index; and according to the quantized value of each risk rating index and a preset weight ratio among the vulnerability occurrence probability index, the vulnerability hazard level index and the vulnerability utilization difficulty index, determining the risk level of the to-be-rated vulnerability. Through the method, the security vulnerabilities of the information system can be graded quickly.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of information system security, and in particular, to a risk rating method, device, device and storage medium for information system security vulnerabilities. Background technique [0002] With the rapid development of big data, the Internet of Things, cloud computing, and the rise of new business forms such as Internet financial technology, cyber attacks have become a new challenge to information system security, and key information infrastructure may be threatened by cyber attacks at all times. For various security vulnerability threats, it is particularly important to be able to quickly determine the risk level to distinguish the priority of treatment for better protection of information system security. [0003] At present, the CVSS general vulnerability scoring system is the most used. In specific applications, this model can reflect the possibility of a system being successful...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57G06F21/56G06Q10/06
CPCG06F21/577G06F21/566G06Q10/06393
Inventor 袁庶轶白艳珂
Owner SHANGHAI PUDONG DEVELOPMENT BANK
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap