Method for assessing network security maturity
By constructing an indicator judgment matrix and calculating entropy, and combining subjective and objective weights, the problem of unreasonable weight allocation of cybersecurity maturity evaluation indicators was solved, resulting in more scientific and accurate evaluation results.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUANGDONG POWER GRID CO LTD INFORMATION CENT
- Filing Date
- 2026-04-01
- Publication Date
- 2026-07-10
AI Technical Summary
In existing technologies, the weighting of cybersecurity maturity evaluation indicators is not scientifically sound or reasonable, which affects the accuracy and credibility of the evaluation results.
By constructing an indicator judgment matrix, subjective weights are calculated based on the relative importance of experts' subjective opinions, and objective weights are calculated by combining entropy values. These are then integrated into a comprehensive target weight, combining subjective and objective weights to assess cybersecurity maturity.
The scientific rigor, accuracy, and comprehensiveness of the weighting of cybersecurity maturity assessment indicators have been enhanced, ensuring that the assessment results are consistent with professional understanding in the cybersecurity field and supported by actual assessment data.
Smart Images

Figure CN122372250A_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of cybersecurity technology, and in particular relates to a method for assessing cybersecurity maturity. Background Technology
[0002] With the deep integration of the digital economy and critical infrastructure, power grids and other energy companies, as carriers supporting the national economy and people's livelihood, face severe challenges in cybersecurity due to increasingly complex attack methods and diversified threat scenarios. Cybersecurity maturity assessment has become a core means for enterprises to identify risk weaknesses, optimize protection systems, and meet regulatory compliance requirements, and the weighting of evaluation indicators directly determines the scientific validity and decision-making value of the assessment results.
[0003] In existing technologies, the methods for determining the weights of cybersecurity maturity assessment indicators mainly fall into two categories. Subjective weighting methods, represented by the Delphi method, assess the importance of indicators based on expert experience, aligning with logical judgments relevant to business scenarios. However, the weights are easily influenced by expert subjective biases and lack responsiveness to differences in actual data. Objective weighting methods, represented by the coefficient of variation method, automatically calculate weights based on the dispersion of the assessment data. They objectively reflect the distinguishing ability of the indicators, but rely entirely on data distribution, potentially ignoring experts' deep understanding of business risks, leading to a disconnect between weights and actual protection needs.
[0004] Based on this, it can be argued that the weighting of cybersecurity maturity evaluation indicators in existing technologies is not scientifically sound or reasonable, which in turn affects the accuracy and credibility of cybersecurity maturity assessment results. Summary of the Invention
[0005] This application provides a method for assessing cybersecurity maturity, which can solve the problem of poor scientificity and rationality in the weight allocation of cybersecurity maturity evaluation indicators.
[0006] In a first aspect, embodiments of this application provide a method for assessing network security maturity, the method comprising: For multiple evaluation indicators at the same level for assessing cybersecurity maturity, an indicator judgment matrix is constructed based on the subjective relative importance of the evaluation indicators. The element in the i-th row and j-th column of the indicator judgment matrix is used to describe the subjective relative importance of the evaluation indicator corresponding to the i-th row relative to the evaluation indicator corresponding to the j-th column. The evaluation indicators are divided into multi-level power grid field evaluation indicators. Eigenvalue normalization calculation is performed on multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to multiple evaluation indicators. An initial evaluation matrix is constructed based on the first evaluation values of multiple first evaluation objects on multiple evaluation indicators; The entropy values of multiple evaluation indicators are calculated based on multiple first evaluation values; the entropy values of evaluation indicators are used to reflect the evaluation ability of evaluation indicators to assess cybersecurity maturity. The objective weights of multiple evaluation indicators are calculated based on their entropy values. For any evaluation indicator, the target comprehensive weight of the evaluation indicator is obtained based on the subjective weight and objective weight corresponding to the evaluation indicator. Cybersecurity maturity is assessed based on a comprehensive weighted assessment of objectives.
[0007] In the aforementioned technical solution, for multiple evaluation indicators of cybersecurity maturity at the same level in the power grid sector, an element in the i-th row and j-th column is constructed based on the subjective relative importance among the indicators. This element forms an indicator judgment matrix describing the importance of the i-th row indicator relative to the j-th column indicator. Eigenvalue normalization is then performed on the matrix elements to obtain the subjective weight of each evaluation indicator. Furthermore, the importance correlation between evaluation indicators can be determined based on domain-specific knowledge. Combined with the scientific calculation method of eigenvalue normalization, the subjective weights align with the practical business of cybersecurity maturity assessment while ensuring logical consistency and rationality in weight allocation. Additionally, an initial evaluation matrix is constructed based on the first evaluation values of multiple first evaluation objects under each evaluation indicator. The entropy value of the evaluation indicator, reflecting its ability to assess cybersecurity maturity, is calculated using these first evaluation values. This establishes a quantitative analysis foundation based on actual evaluation data, and the actual evaluation value of each indicator is accurately quantified based on the entropy value. This process uncovers objective information within the actual evaluation data, ensuring that the value judgment of the evaluation indicators is supported by real data. Subsequently, based on the entropy values of each evaluation indicator, the corresponding objective weights are further calculated. This transforms the evaluation capability reflected by the entropy values into directly applicable objective weights, reflecting the objective differentiation and information contribution of each evaluation indicator in actual assessment. This effectively compensates for the shortcomings of single subjective weighting, which is easily affected by experience bias. Finally, for any evaluation indicator, its corresponding subjective weight and objective weight are combined to obtain the target comprehensive weight. The cybersecurity maturity is then assessed based on the target comprehensive weight. This integrates the business adaptability of subjective weights with the data objectivity of objective weights, ensuring that the final weights of the cybersecurity maturity evaluation indicators are both in line with professional understanding in the cybersecurity field and supported by actual assessment data. This fundamentally improves the scientific, accurate, and comprehensive nature of determining the evaluation indicator weights, thereby accurately assessing the cybersecurity maturity in the power grid sector.
[0008] In one embodiment, the evaluation indicators are divided into three levels for the power grid sector. The first level includes cybersecurity strategy and governance, cybersecurity technology and protection, and cybersecurity effectiveness and assurance. The second level, corresponding to cybersecurity strategy and governance, includes cybersecurity strategy and management and organizational support. The second level, corresponding to cybersecurity technology and protection, includes basic security protection, advanced protection and detection, and emergency response and recovery. The second level, corresponding to cybersecurity effectiveness and assurance, includes safe operation efficiency, industry and ecosystem synergy, and continuous improvement and innovation. The third level, corresponding to cybersecurity strategy, includes top-level cybersecurity design and systems, and the alignment of cybersecurity strategy with business operations. The third level, corresponding to management and organizational support, includes the soundness of the cybersecurity organizational structure, the completeness of cybersecurity management systems, and the implementation and assessment of security responsibilities. The third-level indicators for basic security protection include network boundary security deployment rate, host and terminal security protection rate, and application and data security protection rate. The third-level indicators for advanced protection and detection include intrusion detection / threat awareness capabilities, situational awareness and monitoring coverage, and identity access control maturity. The third-level indicators for emergency response and recovery include emergency response capability index, incident handling closure rate, and backup and disaster recovery effectiveness. The third-level indicators for secure operation efficiency include security incident incidence rate, average security incident handling time, and system secure operation time. The third-level indicators for industry and ecosystem collaboration include the degree of collaboration with government / industry, information sharing and linkage capabilities. The third-level indicators for continuous improvement and innovation include the continuous improvement rate of security capabilities and the application of emerging technologies.
[0009] The aforementioned technical solution designs the evaluation indicators into a three-tiered indicator system tailored to the power grid sector. Starting from three core primary dimensions—cybersecurity strategy and governance, technology and protection, and efficiency and assurance—it breaks down the indicators into corresponding secondary and tertiary detailed indicators. The indicator system is clearly hierarchical, logically coherent, and comprehensively comprehensive. It fully covers all business aspects of power grid cybersecurity, including strategic planning, management organization, technical protection, emergency recovery, operational efficiency, ecological collaboration, and continuous innovation. Furthermore, it precisely aligns with the actual needs and industry characteristics of power grid cybersecurity assessment. This comprehensive, systematic, and objective approach supports subsequent weight calculations and maturity assessments, providing a scientific, standardized, and targeted indicator foundation for the quantitative evaluation of power grid cybersecurity maturity. This enhances the comprehensiveness, rationality, and practical application value of the assessment results.
[0010] In one embodiment, normalization calculations are performed on multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to multiple evaluation indicators, including: Solve the indicator judgment matrix to obtain the largest eigenvalue of the indicator judgment matrix; Obtain the eigenvector corresponding to the largest eigenvalue; the eigenvector includes eigencomponents corresponding to multiple evaluation indicators, and the eigencomponents are used to reflect the relative importance ratio among the multiple evaluation indicators; The multiple feature components in the feature vector are normalized to obtain the subjective weights corresponding to the multiple evaluation indicators.
[0011] In the above technical solution, the largest eigenvalue is obtained by solving the indicator judgment matrix, allowing the extraction of quantitative features of expert subjective judgment contained within the matrix. Then, the eigenvector corresponding to the largest eigenvalue is obtained, accurately transforming the qualitative pairwise relative importance comparisons between evaluation indicators by experts into quantitative proportional relationships of feature components corresponding to each evaluation indicator. This fully preserves the subjective judgments of domain experts based on their business understanding of cybersecurity maturity assessment, achieving a crucial transformation from qualitative analysis to quantitative quantification. Finally, the feature components in the eigenvector are normalized to obtain subjective weights. While preserving the relative importance ratios between feature components and not deviating from the original expert judgments, the quantitative ratios are converted into standard weight values, ensuring that the obtained subjective weights meet the basic requirements of weight allocation normalization. Through this method, not only is the complete transformation from the indicator judgment matrix to subjective weights achieved, ensuring that the subjective weights align with the actual business scenarios of cybersecurity maturity assessment, but the scientific rigor, accuracy, and rationality of subjective weight calculation are also improved.
[0012] In one embodiment, after performing eigenvalue normalization calculation on multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to multiple evaluation indicators, the method further includes: Based on the largest eigenvalue of the indicator judgment matrix and the number of evaluation indicators, a consistency parameter is calculated; the consistency parameter is used to reflect the degree to which the indicator judgment matrix deviates from complete consistency. When the consistency parameter is less than the first preset value, multiple subjective weights are determined as valid weights; When the consistency parameter is greater than or equal to the first preset value, repeat the steps of constructing the indicator judgment matrix and subsequent steps until multiple subjective weights are determined to be effective weights.
[0013] In the above technical solution, by setting a first preset value as the quantitative standard for consistency judgment, the validity judgment of subjective weights has a clear numerical basis, avoiding vague qualitative judgments. When the consistency parameter is less than the first preset value, the valid weight is directly determined, ensuring the logical rationality of the subjective weights. When the consistency parameter is greater than or equal to the first preset value, the matrix and subsequent steps are repeatedly constructed to eliminate the problem of subjective weight distortion caused by logical contradictions in pairwise comparisons by experts, further ensuring the reliability and usability of subjective weights. Based on this, through a closed-loop process of calculation, verification, and iteration, the subjective weights of the evaluation indicators retain both the experts' business understanding and have strict logical self-consistency.
[0014] In one embodiment, the evaluation index entropy value corresponding to multiple evaluation indicators is calculated based on multiple first evaluation values, including: For any evaluation indicator, based on the first evaluation value of multiple first evaluation objects for the evaluation indicator, the indicator weight of each of the multiple first evaluation objects is calculated; the indicator weight is used to describe the relative contribution of the first evaluation object under the evaluation indicator. The entropy value of the evaluation index is calculated based on the weight of multiple indicators.
[0015] In the above technical solution, for any evaluation indicator, the first evaluation values of multiple first assessment objects are transformed into indicator proportions representing the relative contribution levels. This eliminates computational interference caused by differences in the absolute values and dimensions of the original evaluation values, allowing subsequent entropy value calculations to focus on the distribution characteristics and dispersion of the indicator among the assessment objects. Then, based on the indicator proportions, the entropy value of the evaluation indicator is aggregated and calculated. This accurately extracts the effective evaluation information contained in the indicator from the actual evaluation data, ensuring that the calculated entropy value can truly and objectively reflect the evaluation indicator's ability to assess cybersecurity maturity.
[0016] In one embodiment, based on the first evaluation values of multiple first evaluation objects on the evaluation indicators, the indicator weights of the multiple first evaluation objects are calculated respectively, including: The sum of the first evaluation values of multiple first evaluation objects under the evaluation indicators is used to obtain the comprehensive evaluation value. Determine the maximum evaluation value among the first evaluation values of multiple first evaluation objects under the evaluation indicators; Calculate the product of the overall evaluation value and the maximum evaluation value; The ratio of the first evaluation value of each of the multiple first evaluation objects to the product of the evaluation indicators is determined as the indicator weight of each of the multiple first evaluation objects.
[0017] In the above technical solution, a unified quantitative benchmark is constructed by first calculating the product of the comprehensive evaluation value and the maximum evaluation value. Then, the ratio of the first evaluation value of each evaluation object to the product is used as the indicator weight. This not only makes full use of the overall scale and extreme value information of the scores of all evaluation objects under the evaluation indicator, thus constructing a reference benchmark that is more in line with the data distribution, but also accurately quantifies the relative contribution of each evaluation object through ratio calculation, avoiding the one-sidedness of a single benchmark and the interference of extreme values, making the calculation of indicator weight more stable and scientific.
[0018] In one embodiment, the entropy value of the evaluation index is calculated based on the weight of multiple indicators, including: The weights of multiple indicators are input into a preset information entropy calculation formula to obtain the entropy value of the evaluation indicators; the information entropy calculation formula is as follows: ; Where j represents the j-th evaluation index, Let m represent the entropy value of the j-th evaluation index, and m represent the number of objects in the first evaluation. This represents the weight of the x-th first evaluation object in the j-th evaluation indicator.
[0019] In the above technical solution, through The normalization process ensures that the entropy value remains stable within the 0-1 range, accurately quantifying the information dispersion of the evaluation index among multiple primary assessment objects and objectively reflecting the index's ability to evaluate cybersecurity maturity. Furthermore, the entire calculation process relies on rigorous mathematical logic without any additional subjective intervention, guaranteeing the scientific validity and traceability of the entropy results. It also provides a precise and consistent quantitative basis for subsequent calculations of objective weights based on entropy values, further enhancing the rigor and reliability of the evaluation index weight determination method.
[0020] In one embodiment, the objective weights of multiple evaluation indicators are calculated based on their entropy values, including: For any evaluation indicator, the difference between the preset standard value and the entropy value of the corresponding evaluation indicator is calculated to obtain the difference coefficient of the evaluation indicator; the difference coefficient is positively correlated with the evaluation ability of the evaluation indicator. Calculate the sum of multiple difference coefficients; The ratio of the difference coefficient to the sum is determined as the objective weight of the evaluation index.
[0021] In the above technical solution, for any evaluation indicator, the difference between the preset standard value and the entropy value of the corresponding evaluation indicator is calculated to obtain the difference coefficient of the evaluation indicator. By using the ratio of the difference coefficient of a single evaluation indicator to the total difference coefficient, the evaluation ability of each indicator is transformed into an objective weight that meets the requirement that the total weight is 1. This not only strictly preserves the relative size of the evaluation ability of different indicators, but also gives the weight a standardized attribute that can be directly applied, providing a quantitative basis for the subsequent integration with subjective weights.
[0022] In one embodiment, the target comprehensive weight of the evaluation index is obtained based on the subjective and objective weights corresponding to the evaluation index, including: The product of the subjective weight and the first coefficient is summed with the product of the objective weight and the second coefficient to obtain the target comprehensive weight; the sum of the first coefficient and the second coefficient is 1.
[0023] In the above technical solution, by introducing a first coefficient and a second coefficient that sum to 1, the subjective weight and the objective weight are weighted and fused to obtain the target comprehensive weight. This not only allows for flexible adjustment of the emphasis on subjective and objective weights through coefficient matching, adapting to the actual needs of different cybersecurity maturity assessment scenarios, but also ensures the normalization attribute of the comprehensive weight by relying on the constraint that the coefficients sum to 1. This ensures that the fused target comprehensive weight retains the professional knowledge of domain experts on cybersecurity business, aligns with the actual business logic of cybersecurity maturity assessment, and fully incorporates the objective support of actual assessment data, thereby improving the scenario adaptability, scientificity, and rationality of the target comprehensive weight.
[0024] In one embodiment, after obtaining the target comprehensive weight of the evaluation index based on the subjective and objective weights corresponding to the evaluation index, the method further includes: Obtain the second evaluation value of the second evaluation object on multiple evaluation indicators; The second evaluation value is weighted based on the overall target weight to obtain the actual cybersecurity maturity of the second evaluation object; Calculate the maturity difference between the preset maturity level and the actual cybersecurity maturity level; If the absolute value of the maturity difference is greater than or equal to the second preset value, then the first coefficient and the second coefficient are adjusted based on the maturity difference. The objective weights and subjective weights are weighted based on the adjusted first and second coefficients to obtain a new overall target weight.
[0025] In the above technical solution, by obtaining the second evaluation value of the second assessment object and combining it with the target comprehensive weight to calculate the actual cybersecurity maturity, the target comprehensive weight is combined with the actual assessment scenario, achieving an effective connection between weight determination and maturity assessment. The sum of the two values is used to calculate the maturity difference between the preset maturity and the actual maturity, and the second preset value is used as a quantitative threshold to determine whether the deviation is within an acceptable range, avoiding vague qualitative judgments and improving the scientific rigor of deviation verification. When the absolute value of the maturity difference is greater than or equal to the second preset value, the first and second coefficients are adjusted based on the maturity difference, and a new target comprehensive weight is obtained through reweighting. This dynamically corrects the proportion of subjective and objective weights in the weight allocation, solving the problem that the target comprehensive weight may deviate from the preset maturity target under fixed coefficients, ensuring that the target comprehensive weight continuously aligns with assessment needs and preset targets, and improving the adaptability and accuracy of the weights.
[0026] In one embodiment, if the maturity difference is greater than or equal to a second preset value, then the first coefficient and the second coefficient are adjusted based on the difference, including: The target coefficient is determined based on the relative magnitude of the absolute value of the maturity difference and the third preset value; the target coefficient is when the absolute value of the maturity difference is greater than the third preset value, and the target coefficient is when the absolute value of the maturity difference is less than or equal to the third preset value. Calculate the product of the maturity difference and the preset coefficient and the target coefficient to obtain the coefficient correction value; Calculate the difference between the first coefficient and the coefficient correction value to obtain the adjusted first coefficient, and calculate the adjusted second coefficient based on the adjusted first coefficient.
[0027] In the above technical solution, the degree of maturity deviation is graded and the target coefficient is determined by a third preset value, realizing a binary switch control for coefficient correction. This accurately distinguishes whether to perform intensity correction for different degrees of deviation, effectively avoiding over-correction for minor deviations and under-correction for significant deviations. Subsequently, the coefficient correction value is obtained by multiplying the maturity difference, the preset coefficient, and the target coefficient. The preset coefficient strictly limits the magnitude of a single coefficient correction, preventing sudden increases or decreases in the first coefficient and avoiding the distortion of evaluation results caused by abrupt changes in weighting ratios, thus ensuring the stability and rationality of coefficient adjustment. Simultaneously, the adjusted first coefficient is obtained by calculating the difference between the first coefficient and the coefficient correction value, and the adjusted second coefficient is derived concurrently, giving the coefficient adjustment process rigorous mathematical logic and repeatable quantitative standards. Therefore, through the above steps, the scientific nature and controllability of coefficient adjustment can be effectively improved, making the adjusted coefficient more suitable for the requirements of the preset maturity target.
[0028] Secondly, embodiments of this application provide a network security maturity assessment apparatus, the apparatus comprising: For multiple evaluation indicators at the same level for assessing cybersecurity maturity, an indicator judgment matrix is constructed based on the subjective relative importance of the evaluation indicators. The element in the i-th row and j-th column of the indicator judgment matrix is used to describe the subjective relative importance of the evaluation indicator corresponding to the i-th row relative to the evaluation indicator corresponding to the j-th column. The evaluation indicators are divided into multi-level power grid field evaluation indicators. Normalize the multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to the multiple evaluation indicators. An initial evaluation matrix is constructed based on the first evaluation values of multiple first evaluation objects on multiple evaluation indicators; The entropy values of multiple evaluation indicators are calculated based on multiple first evaluation values; the entropy values of evaluation indicators are used to reflect the evaluation ability of evaluation indicators to assess cybersecurity maturity. The objective weights of multiple evaluation indicators are calculated based on their entropy values. For any evaluation indicator, the target comprehensive weight of the evaluation indicator is obtained based on the subjective weight and objective weight corresponding to the evaluation indicator. Cybersecurity maturity is assessed based on a comprehensive weighted assessment of objectives.
[0029] Thirdly, embodiments of this application provide an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the method described in the first aspect above.
[0030] Fourthly, embodiments of this application provide a computer-readable storage medium storing a computer program that, when executed by a processor, implements the method described in the first aspect above.
[0031] Fifthly, embodiments of this application provide a computer program product that, when run on an electronic device, causes the electronic device to execute the method described in the first aspect.
[0032] The beneficial effects of the embodiments in this application compared with the prior art are: Attached Figure Description To more clearly illustrate the technical solutions in the embodiments of this application, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0033] Figure 1 This is a flowchart illustrating the implementation of a network security maturity assessment method according to an embodiment of this application. Figure 2 This is a schematic diagram illustrating one implementation method for determining subjective weights in a network security maturity assessment method provided in an embodiment of this application; Figure 3 This is a schematic diagram illustrating one implementation method for determining subjective weights in a network security maturity assessment method provided in another embodiment of this application; Figure 4 This is a schematic diagram illustrating one implementation method for calculating the entropy value of the evaluation index in a network security maturity assessment method provided in an embodiment of this application; Figure 5 This is a schematic diagram illustrating one implementation method for determining the weight of indicators in a network security maturity assessment method provided in an embodiment of this application; Figure 6 This is a schematic diagram illustrating one implementation method for determining objective weights in a network security maturity assessment method provided in an embodiment of this application; Figure 7 This is a schematic diagram illustrating one implementation method for updating the comprehensive weight of the target in an embodiment of the network security maturity assessment method provided in this application; Figure 8 This is a schematic diagram illustrating an implementation method for adjusting the first and second coefficients in a network security maturity assessment method provided in an embodiment of this application; Figure 9 This is a schematic diagram of the structure of a network security maturity assessment device provided in an embodiment of this application; Figure 10 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation
[0034] In the following description, specific details such as particular system architectures and techniques are set forth for illustrative purposes and not for limitation, in order to provide a thorough understanding of the embodiments of this application. However, those skilled in the art will understand that this application may also be implemented in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, apparatuses, circuits, and methods have been omitted so as not to obscure the description of this application with unnecessary detail.
[0035] It should be understood that, when used in this application specification and the appended claims, the term "comprising" indicates the presence of the described features, integrals, steps, operations, elements and / or components, but does not exclude the presence or addition of one or more other features, integrals, steps, operations, elements, components and / or a collection thereof.
[0036] It should be noted that the information collection process (such as patient information collection process, physiological information collection process, etc.) / feature extraction process involved in this application is carried out with the user's knowledge and permission. That is, the information collection process / feature extraction process complies with the requirements of laws and regulations and does not constitute an act that harms the public interest.
[0037] Furthermore, in the description of this application and the appended claims, the terms "first," "second," "third," etc., are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.
[0038] With the deep integration of the digital economy and critical infrastructure, power grids and other energy companies, as carriers supporting the national economy and people's livelihood, face severe challenges in cybersecurity due to increasingly complex attack methods and diversified threat scenarios. Cybersecurity maturity assessment has become a core means for enterprises to identify risk weaknesses, optimize protection systems, and meet regulatory compliance requirements, and the weighting of evaluation indicators directly determines the scientific validity and decision-making value of the assessment results.
[0039] In related technologies, the methods for determining the weights of cybersecurity maturity evaluation indicators mainly fall into two categories. Subjective weighting methods, represented by the Delphi method, assess the importance of indicators based on expert experience, aligning with logical judgments relevant to business scenarios. However, the weights are easily influenced by expert subjective biases and lack responsiveness to differences in actual data. Objective weighting methods, represented by the coefficient of variation method, automatically calculate weights based on the dispersion of the evaluation data. They objectively reflect the distinguishing ability of the indicators, but rely entirely on data distribution, potentially ignoring experts' deep understanding of business risks, leading to a disconnect between weights and actual protection needs.
[0040] Based on this, in order to reasonably and scientifically allocate the weights of the evaluation indicators used to evaluate network security maturity, this application provides a method for evaluating network security maturity. This method can be applied to electronic devices such as tablet computers, laptops, ultra-mobile personal computers (UMPCs), and netbooks. This application does not impose any restrictions on the specific type of electronic device.
[0041] Please see Figure 1 , Figure 1 The following is a flowchart illustrating the implementation of a network security maturity assessment method provided in an embodiment of this application. The method includes the following steps: S101. For multiple evaluation indicators at the same level used to assess cybersecurity maturity, construct an indicator judgment matrix based on the subjective relative importance of the evaluation indicators.
[0042] In the aforementioned indicator judgment matrix, the element in the i-th row and j-th column describes the subjective relative importance of the evaluation indicator corresponding to the i-th row relative to the evaluation indicator corresponding to the j-th column. The evaluation indicators are divided into multi-level evaluation indicators for the power grid sector.
[0043] In one embodiment, the aforementioned cybersecurity maturity refers to the level of capability evolution of a power grid enterprise across dimensions such as cybersecurity strategy and governance, technology and protection, and operation and maintenance, from basic compliance to proactive defense and continuous optimization. It reflects the completeness of the enterprise's cybersecurity protection system, its risk response capabilities, and its potential for sustainable improvement.
[0044] Evaluation indicators are specific dimensions and quantitative criteria used to measure cybersecurity maturity. As an example, evaluation indicators can be divided into primary indicators (first level), secondary indicators (second level), and tertiary indicators (third level). For instance, primary indicators could be cybersecurity strategy and governance (A), cybersecurity technology and protection (B), and cybersecurity operation and maintenance (C). Secondary indicators could be cybersecurity strategy (A1) and management and organizational support (A2) under evaluation indicator A, and basic security technology (B1) under evaluation indicator B, etc. Tertiary indicators could be cybersecurity strategy coverage (A11) and management and organizational support completeness rate (A12) under evaluation indicator A1, etc., without limitation.
[0045] It should be noted that the aforementioned evaluation indicators must be at the same level, meaning they are indicators at the same logical level within the indicator system, representing parallel evaluation dimensions without any inclusion relationship. For example, first-level indicators A, B, and C are at the same level; second-level indicators A1 and A2 are at the same level; and third-level indicators A11, A12, and A13 are at the same level. When constructing the judgment matrix, only pairwise comparisons are performed on indicators at the same level; indicators at different levels are not included in the construction of the same matrix.
[0046] As an example, the above-mentioned multi-level evaluation indicators can be shown in Table 1 below: Table 1:
[0047] The indicators for Cybersecurity Strategy and Governance (A1) primarily focus on an organization's capabilities in strategic design, implementation, and management. Cybersecurity Strategy and Governance (A1) includes two tertiary indicators: Cybersecurity Strategy Formulation (A11) and Cybersecurity Strategy Alignment with Business Operations (A12). The A11 indicator measures an organization's top-level design capabilities in formulating its cybersecurity strategy, ensuring clear and executable strategic objectives. The A12 indicator assesses the alignment between the organization's strategy and business needs, ensuring that the cybersecurity strategy effectively supports the organization's business development. In terms of Management and Organizational Support (A2), there are four tertiary indicators: Soundness of Cybersecurity Organizational Structure (A21), Completeness of Cybersecurity Management Systems (A22), Implementation and Assessment Mechanisms for Security Responsibility (A23), and Security Budget and Personnel Investment (A24). These indicators measure an organization's organizational structure and resource allocation in cybersecurity management, ensuring clear organizational support and sufficient resource guarantees for cybersecurity work.
[0048] The indicators for Cybersecurity Technology and Protection (B) focus on assessing an organization's technical protection capabilities to ensure effective responses to various security threats. Basic Security Protection (B1) includes three Level 3 indicators: Network Perimeter Security Deployment Rate (B11), Host and Endpoint Security Protection Rate (B12), and Application and Data Security Protection Rate (B13). These indicators reflect whether the organization has implemented effective protection measures at each level to prevent external attacks and internal threats. Advanced Protection and Detection (B2) involves three Level 3 indicators: Intrusion Detection / Threat Awareness Capabilities (B21), Situational Awareness and Monitoring Coverage (B22), and Zero Trust / Identity Access Control Maturity (B23). These indicators assess an organization's ability to identify and respond to potential threats, ensuring timely detection and response to various high-level security threats. Emergency Response and Recovery (B3) measures an enterprise’s response speed, processing capacity and disaster recovery system recovery capability in response to security incidents through three tertiary indicators: Emergency Response Capability Index (B31), Incident Handling Closed-Loop Rate (B32), and Backup and Disaster Recovery Effectiveness (B33), ensuring that normal operations can be quickly restored in the event of a security incident.
[0049] The Cybersecurity Effectiveness and Assurance (C) metrics assess an enterprise's capabilities in cybersecurity operational effectiveness and continuous improvement. Security Operation Effectiveness (C1) includes three tertiary metrics: Security Incident Occurrence Rate (C11), Mean Time To Resolve (MTTR) for Security Incidents (C12), and System Availability and Secure Uptime (C13). These metrics reflect the enterprise's security status in daily operations, the frequency of security incidents, and the efficiency of its response and recovery when incidents occur. Industry and Ecosystem Collaboration (C2) assesses the degree of cooperation and information sharing between the enterprise and government / industry through two tertiary metrics: Degree of Collaboration with Government / Industry (C21) and Security Information Sharing and Collaboration Capabilities (C22), enhancing overall protection capabilities. Continuous Improvement and Innovation (C3) includes two tertiary metrics: Continuous Improvement Rate of Security Capabilities (C31) and Application of Emerging Technologies (C32), measuring the enterprise's continuous improvement capabilities in cybersecurity and its active application of emerging technologies, such as artificial intelligence and big data, to enhance security protection capabilities. Through these metrics, enterprises can continuously optimize their security protection measures to adapt to the rapidly changing cybersecurity environment.
[0050] In this embodiment, the evaluation indicators are designed as a three-tiered indicator system tailored to the power grid sector. Starting from three core primary dimensions—cybersecurity strategy and governance, technology and protection, and efficiency and assurance—the system is broken down into corresponding secondary and tertiary detailed indicators. The indicator system is hierarchical, logically coherent, and comprehensive. It fully covers all business aspects of power grid cybersecurity, including strategic planning, management organization, technical protection, emergency recovery, operational efficiency, ecosystem collaboration, and continuous innovation. It also precisely meets the actual needs and industry characteristics of power grid cybersecurity assessment. This system can comprehensively, systematically, and objectively support subsequent weight calculations and maturity assessments, providing a scientific, standardized, and targeted indicator foundation for the quantitative evaluation of power grid cybersecurity maturity, thereby enhancing the comprehensiveness, rationality, and practical application value of the assessment results.
[0051] The aforementioned subjective relative importance can be used by domain experts to make pairwise comparisons of the importance of two indicators within the same level, taking into account the business characteristics, risk priorities, and protection needs of power grid companies. For example, among the primary indicators, experts may believe that cybersecurity technology and protection (B) has a greater impact on the real-time operational risks of the power grid, and therefore has a higher subjective importance than cybersecurity strategy and governance (A).
[0052] It should be noted that the subjective importance mentioned above is "relative" rather than absolute, and only reflects the differences in importance between indicators within the same level.
[0053] The aforementioned indicator judgment matrix is an n×n matrix (where n is the number of evaluation indicators at the same level), used to quantify the subjective relative importance of all indicators pairwise within the same level. The element aij in the i-th row and j-th column of the matrix represents the degree of subjective importance of the i-th indicator relative to the j-th indicator (usually assigned a scale of 1 to 9).
[0054] For example, when constructing a 3×3 indicator judgment matrix for primary indicators A, B, and C, the element aBA represents the importance assignment of "cybersecurity technology and protection (B)" relative to "cybersecurity strategy and governance (A)".
[0055] One approach to constructing the aforementioned indicator judgment matrix is to select a specific level within the indicator system where weights need to be calculated (e.g., first-level indicator levels A, B, and C). Then, cybersecurity experts are invited to compare the importance of each pair of evaluation indicators (i, j) within that level, assigning values using a scale of 1 to 9. Specifically, when i and j are equally important, the element is 1; when i is slightly more important than j, the element is 3; when i is significantly more important than j, the element is 5; when i is strongly more important than j, the element is 7; and when i is extremely more important than j, the element is 9. If j is more important than i, it is assigned the reciprocal of the scale (e.g., 1 / 3, 1 / 5). Finally, the experts' assignments are filled into the corresponding positions in an n×n matrix to form the complete indicator judgment matrix.
[0056] The constructed indicator judgment matrix can be as follows: ; Where aij represents the subjective relative importance of the evaluation index corresponding to the i-th row relative to the evaluation index corresponding to the j-th column.
[0057] It should be noted that, for all evaluation indicators at a specific level in the cybersecurity maturity index system, experts were organized to conduct pairwise importance comparisons of the evaluation indicators within that level to obtain subjective relative importance judgments. These judgments were then converted into values on a 1-9 scale and filled into an n×n matrix to construct the indicator judgment matrix, providing a basis for determining the subjective dimensions in subsequent subjective weighting.
[0058] S102. Normalize the multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to the multiple evaluation indicators.
[0059] In one embodiment, the above normalization method includes, but is not limited to, feature vector normalization, linear normalization, and first-order Min-Max normalization, and there is no limitation thereto.
[0060] It should be noted that the pairwise comparison judgments (judgment matrix) of experts are transformed into quantifiable weight values. The logical consistency of the weights is ensured through eigenvalue calculation, and the additivity of the weights (the sum is 1) is ensured through normalization. This provides a subjective dimension weight basis that is in line with business cognition for cybersecurity maturity assessment.
[0061] S103. Based on the first evaluation values of multiple first evaluation objects on multiple evaluation indicators, construct an initial evaluation matrix.
[0062] In one embodiment, the first assessment object refers to multiple power grid enterprise entities or business units included in the assessment scope, which are the specific assessment carriers of cybersecurity maturity. For example, three municipal power supply companies under a provincial power grid company, different core business systems (dispatch automation system, marketing business system, etc.), or the same assessment object at different time points. This assessment object constitutes the source of assessment data, ensuring sufficient sample support when calculating objective weights using the entropy weight method.
[0063] The first evaluation value refers to the original evaluation score of each first-assessed object under a certain evaluation indicator, reflecting the object's cybersecurity maturity performance in that indicator dimension. For example, using a 1-100 point system, "City Power Supply Company 1" scores 85 points on the evaluation indicator "Cybersecurity Strategy Coverage (A11)" and 72 points on "Host and Terminal Security Protection Rate (B12)". These scores are the first evaluation values. This first score is usually obtained through on-site verification, technical testing, document review, etc., and serves as the original data basis for subsequent objective weight calculations.
[0064] The aforementioned initial evaluation matrix can be a structured numerical matrix that organizes the first evaluation values of multiple first evaluation objects according to the structure of "evaluation object (row) - evaluation index (column)" for unified storage and processing of raw evaluation data. For example, if there are 3 evaluation objects (A, B, C) and 5 evaluation indicators (A11, A12, B11, B12, C11), then the initial evaluation matrix is a 3×5 matrix, with each cell corresponding to the first evaluation value of an evaluation object under one indicator.
[0065] It should be noted that since the selected evaluation indicators have different dimensions, they need to be dimensionless to make them comparable. Therefore, the initial evaluation matrix can also be normalized to obtain a normalized initial evaluation matrix.
[0066] It should be noted that by constructing an initial evaluation matrix, the performance of multiple evaluation objects can be transformed into a quantifiable and comparable numerical matrix, ensuring that the subsequent entropy weight method can objectively reflect the distinguishing ability of each evaluation indicator based on the dispersion of real data.
[0067] S104. Calculate the entropy values of the evaluation indicators corresponding to the multiple evaluation indicators based on the multiple first evaluation values.
[0068] Among them, the entropy value of the evaluation index is used to reflect the evaluation index's ability to assess cybersecurity maturity.
[0069] In one embodiment, the entropy value of the evaluation index is a quantification of the dispersion of the evaluation index's scores across multiple assessment objects, based on information entropy theory. It reflects the amount of effective evaluation information contained in the index. Generally, the closer the entropy value is to 1, the more concentrated (smaller the difference) the scores of the evaluation index are across different assessment objects, and the less effective evaluation information it provides; conversely, the closer the entropy value is to 0, the more dispersed (larger the difference) the scores of the evaluation index are across different assessment objects, and the more effective evaluation information it provides. In the context of power grid enterprises, the entropy value of the evaluation index can serve as a quantitative basis for measuring the index's ability to differentiate cybersecurity maturity.
[0070] The aforementioned evaluation capability refers to the ability of evaluation indicators to distinguish differences in cybersecurity maturity among different assessment targets. For example, using security incident response time (C12) as an evaluation indicator, if the scores of different municipal power supply companies vary greatly (e.g., some score 2 hours, others 24 hours), it indicates that the evaluation indicator can effectively distinguish the emergency response capabilities of each company, demonstrating strong evaluation capability. Based on this, it can be considered that the entropy value of the evaluation indicator is negatively correlated with the evaluation capability: the lower the entropy value, the stronger the evaluation capability; the higher the entropy value, the weaker the evaluation capability.
[0071] The methods for calculating the entropy value of the evaluation index include, but are not limited to, the standard entropy weight method and the weighted entropy value method.
[0072] It should be noted that the first evaluation value of the initial evaluation matrix is used as input to calculate the entropy value of the evaluation index for each evaluation object under the evaluation index, so as to directly reflect the evaluation ability of the index. In this way, the weight allocation no longer depends on the subjective judgment of experts, but is based on the dispersion of the real evaluation data, ensuring that the objective weight can accurately reflect the distinguishing value of the index in the actual evaluation.
[0073] S105. Calculate the objective weights of multiple evaluation indicators based on their entropy values.
[0074] In one embodiment, the electronic device can calculate the objective weight using the relative entropy weight method or the modified entropy weight method, without limitation.
[0075] For example, an electronic device can calculate the sum of the entropy values of multiple evaluation indicators and determine the ratio of the entropy value of each evaluation indicator to the sum as the aforementioned objective weight.
[0076] S106. For any evaluation indicator, based on the subjective and objective weights corresponding to the evaluation indicator, obtain the target comprehensive weight of the evaluation indicator.
[0077] In one embodiment, the electronic device can sum the subjective weight and the objective weight to obtain the target total weight. In another embodiment, the electronic device can also sum the product of the subjective weight and the first coefficient with the product of the objective weight and the second coefficient to obtain the target comprehensive weight. The sum of the first coefficient and the second coefficient is 1.
[0078] In one embodiment, the first coefficient is a weight adjustment coefficient for subjective weight allocation, and the second coefficient is a weight adjustment coefficient for objective weight allocation. Both are non-negative numbers between 0 and 1, and satisfy the constraint that the first coefficient + the second coefficient = 1. The relationship between the two coefficients directly reflects the degree of emphasis the target comprehensive weight places on subjective and objective weights. A larger first coefficient indicates a greater emphasis on the subjective weights given by domain experts based on their understanding of cybersecurity business, while a larger second coefficient indicates a greater emphasis on the objective weights calculated based on actual assessment data. The ratio of the two coefficients can be flexibly adjusted according to the assessment scenario and business needs of cybersecurity maturity.
[0079] It should be noted that by introducing a first coefficient and a second coefficient that sum to 1, the subjective and objective weights are weighted and fused to obtain the target comprehensive weight. This not only allows for flexible adjustment of the emphasis on subjective and objective weights through coefficient matching, adapting to the actual needs of different cybersecurity maturity assessment scenarios, but also ensures the normalization attribute of the comprehensive weight by relying on the constraint that the coefficients sum to 1. This ensures that the fused target comprehensive weight retains the professional knowledge of domain experts on cybersecurity business, aligns with the actual business logic of cybersecurity maturity assessment, and fully incorporates the objective support of actual assessment data, thereby improving the scenario adaptability, scientificity, and rationality of the target comprehensive weight.
[0080] S107. Assess cybersecurity maturity based on comprehensive target weights.
[0081] In one embodiment, the electronic device can multiply the evaluation values of each evaluation indicator by their corresponding target comprehensive weights and then sum them to directly obtain the total score for cybersecurity maturity. Alternatively, according to a three-tiered indicator system, the evaluation values of each evaluation indicator at the third tier are first multiplied by their corresponding target comprehensive weights and then summed to obtain the scores of each evaluation indicator at the second tier. Then, the scores of each evaluation indicator at the second tier are multiplied by their corresponding target comprehensive weights and then summed to obtain the scores of each evaluation indicator at the first tier. Finally, the scores of each evaluation indicator at the first tier are multiplied by their corresponding target comprehensive weights and then summed to obtain the aforementioned cybersecurity maturity. In this embodiment, the method for assessing cybersecurity maturity is not limited.
[0082] In this embodiment, for multiple evaluation indicators of network security maturity at the same level in the power grid field, an element in the i-th row and j-th column is constructed based on the subjective relative importance between the indicators. This element corresponds to an indicator judgment matrix describing the importance of the i-th row indicator relative to the j-th column indicator. Eigenvalue normalization is then performed on the matrix elements to obtain the subjective weight of each evaluation indicator. Furthermore, the importance correlation between each evaluation indicator can be determined based on domain-specific knowledge. Combined with the scientific calculation method of eigenvalue normalization, the subjective weights are made to both align with the business realities of network security maturity assessment and ensure the logical consistency and rationality of weight allocation. Moreover, an initial evaluation matrix is constructed based on the first evaluation values of multiple first evaluation objects under each evaluation indicator. The entropy value of the evaluation indicator, reflecting its ability to evaluate network security maturity, is calculated using multiple first evaluation values. This establishes a quantitative analysis foundation based on actual evaluation data, and the actual evaluation value of each evaluation indicator is accurately quantified based on the entropy value. This process uncovers objective information within the actual evaluation data, ensuring that the value judgment of the evaluation indicators is supported by real data. Subsequently, based on the entropy values of each evaluation indicator, the corresponding objective weights are further calculated. This transforms the evaluation capability reflected by the entropy values into directly applicable objective weights, reflecting the objective differentiation and information contribution of each evaluation indicator in actual assessment. This effectively compensates for the shortcomings of single subjective weighting, which is easily affected by experience bias. Finally, for any evaluation indicator, its corresponding subjective weight and objective weight are combined to obtain the target comprehensive weight. The cybersecurity maturity is then assessed based on the target comprehensive weight. This integrates the business adaptability of subjective weights with the data objectivity of objective weights, ensuring that the final weights of the cybersecurity maturity evaluation indicators are both in line with professional understanding in the cybersecurity field and supported by actual assessment data. This fundamentally improves the scientific, accurate, and comprehensive nature of determining the evaluation indicator weights, thereby accurately assessing the cybersecurity maturity in the power grid sector.
[0083] In another embodiment, the electronic device may also be based on, for example... Figure 2 The steps S201-S203 shown are for calculating subjective weights. Details are as follows: S201. Solve the indicator judgment matrix to obtain the largest eigenvalue of the indicator judgment matrix.
[0084] In one embodiment, the largest eigenvalue is the largest among all eigenvalues obtained after solving the characteristic equation for an n-order index judgment matrix (square matrix), denoted as . The eigenvalue is an inherent mathematical property of a matrix. In an indicator judgment matrix, the largest eigenvalue can be used as the basis for solving the corresponding eigenvector (which is the basis for calculating subjective weights) and as a parameter for the consistency test of the indicator judgment matrix.
[0085] It should be noted that by transforming the qualitative pairwise comparisons between evaluation indicators by experts (indicator judgment matrix) into quantifiable feature values / feature vectors through mathematical methods, the mathematical rigor of subsequent subjective weight calculations is ensured, and a quantitative basis is provided for verifying the logical consistency of expert judgments.
[0086] S202. Obtain the eigenvector corresponding to the largest eigenvalue.
[0087] The feature vector includes feature components corresponding to multiple evaluation indicators, and the feature components are used to reflect the relative importance ratio among the multiple evaluation indicators.
[0088] In one embodiment, the electronic device can obtain the eigenvector by solving a homogeneous linear system of equations. That is, the non-zero solution of the system of equations is the eigenvector corresponding to the largest eigenvalue, which will not be described in detail here.
[0089] In this context, each eigenvalue is an independent value in the eigenvector corresponding to the largest eigenvalue. The eigenvector consists of several eigenvalues, and the number of eigenvalues is exactly the same as the order of the indicator judgment matrix (i.e., the number of evaluation indicators). Each eigenvalue corresponds one-to-one with an evaluation indicator. For example, in the eigenvector X=[1, 3, 0.5]T of a 3rd-order matrix, the values 1, 3, and 0.5 are three eigenvalues, corresponding to the first-level indicators of cybersecurity maturity: A (strategy and governance), B (technology and protection), and C (operation and maintenance). The eigenvalues are the basic units for quantifying the relative importance of indicators.
[0090] The aforementioned relative importance ratio is the numerical ratio between each feature component in the same feature vector. This ratio directly quantifies the subjective relative importance between evaluation indicators within the same level of cybersecurity maturity. It is a quantitative proportional relationship extracted from the pairwise qualitative comparisons made by experts through mathematical methods.
[0091] The aforementioned relative importance ratios are the original relative ratios and do not need to meet the normalization requirement of summing to 1. They only reflect the degree of difference in importance between indicators. For example, if the feature components are 1, 3, and 0.5, the corresponding relative importance ratios are A:B:C=1:3:0.5, which intuitively shows that the subjective importance of evaluation indicator B is 3 times that of evaluation indicator A and 6 times that of evaluation indicator C. This ratio is the basis for subsequent calculation of the subjective weights of each indicator.
[0092] It should be noted that by obtaining the eigenvector corresponding to the largest eigenvalue, and since this eigenvector contains several eigencomponents that correspond one-to-one with the evaluation indicators, the ratio of the values of each eigencomponent represents the subjective relative importance ratio between the indicators. Furthermore, the qualitative pairwise importance comparisons between evaluation indicators by experts can be transformed into quantitative relative importance ratios through rigorous mathematical methods. This preserves the experts' subjective judgment based on their understanding of cybersecurity business, while also laying a quantitative foundation for subsequent processing of the eigenvectors to obtain the subjective weights of each evaluation indicator.
[0093] S203. Normalize the multiple feature components in the feature vector to obtain the subjective weights corresponding to the multiple evaluation indicators.
[0094] In one embodiment, the normalization method described above can be summation normalization, scaling normalization, etc., and there is no limitation on this.
[0095] In this embodiment, the largest eigenvalue is obtained by solving the indicator judgment matrix, allowing the extraction of quantitative features representing expert subjective judgments. Then, the eigenvector corresponding to the largest eigenvalue is obtained, precisely transforming the qualitative pairwise relative importance comparisons between evaluation indicators by experts into quantitative proportional relationships of feature components corresponding to each evaluation indicator. This fully preserves the subjective judgments of domain experts based on their business understanding of cybersecurity maturity assessment, achieving a crucial transformation from qualitative analysis to quantitative quantification. Finally, the feature components in the eigenvector are normalized to obtain subjective weights. While preserving the relative importance ratios between feature components and maintaining the original expert judgments, the quantitative ratios are converted into standard weight values, ensuring that the obtained subjective weights meet the basic requirements of weight allocation normalization. Through this method, not only is the complete transformation from the indicator judgment matrix to subjective weights achieved, ensuring that the subjective weights align with the actual business scenarios of cybersecurity maturity assessment, but the scientific rigor, accuracy, and rationality of subjective weight calculation are also improved.
[0096] In another embodiment, after obtaining the aforementioned subjective weights, it is also possible to determine, based on, as follows: Figure 3 Steps S301-S303, as shown, validate the subjective weights. Details are as follows: S301. Calculate the consistency parameter based on the maximum eigenvalue of the indicator judgment matrix and the number of evaluation indicators.
[0097] The consistency parameter reflects the degree to which the indicator judgment matrix deviates from complete consistency.
[0098] In one embodiment, in the analytic hierarchy process (AHP) for cybersecurity maturity assessment, the consistency parameter is a specific quantitative indicator that reflects the deviation of the indicator judgment matrix from the complete consistency matrix. It also serves as a parameter to verify the logical rationality of experts' subjective judgments. The complete consistency matrix is an ideal matrix in which there are no logical contradictions in the pairwise comparisons of the subjective relative importance of indicators among experts. For example, in a 3rd-order matrix, if evaluation indicator A is 3 times more important than evaluation indicator B, and evaluation indicator B is 2 times more important than evaluation indicator C, then A must be 6 times more important than evaluation indicator C, and in this case, the consistency parameter is 0.
[0099] The larger the value of the consistency parameter, the more obvious the logical contradiction in the judgment matrix and the higher the degree of deviation from complete consistency; the smaller the value, the more logically consistent the pairwise comparison judgments of the experts are, and the better the matrix consistency. This parameter is only related to the largest eigenvalue of the judgment matrix and the number of evaluation indicators at the same level.
[0100] The consistency parameter can be calculated as follows: ; Where CI represents the consistency parameter. denoted as the largest eigenvalue, and n represents the number of evaluation indicators.
[0101] It should be noted that transforming the consistency of the indicator judgment matrix from qualitative description to quantitative values can avoid the distortion of subsequent subjective weights due to conflicting judgments by experts, thus ensuring the logical rationality and calculation validity of the subjective weights of the cybersecurity maturity evaluation indicators from the source.
[0102] S302. When the consistency parameter is less than the first preset value, determine multiple subjective weights as valid weights.
[0103] S303. When the consistency parameter is greater than or equal to the first preset value, repeat the steps of constructing the indicator judgment matrix and subsequent steps until multiple subjective weights are determined to be effective weights.
[0104] In one embodiment, the first preset value is a critical threshold for consistency parameters, pre-set to define the validity of subjective weights, and is a quantitative standard for judging whether the logical contradictions in the judgment matrix constructed by experts are within an acceptable range. For example, the first preset value can be 0.1.
[0105] When the calculated consistency parameter is lower than the first preset value, it indicates that the logical deviation of the indicator judgment matrix is within the allowable range and the corresponding subjective weight is valid; when the consistency parameter is higher than or equal to the first preset value, it indicates that the logical contradiction of the indicator judgment matrix exceeds the acceptable range, the subjective weight is at risk of distortion, and has no practical application value.
[0106] It should be noted that when the consistency parameter is less than the first preset value, the logical deviation of the indicator judgment matrix constructed by the experts is within an acceptable range, and the subjective weights of the multiple evaluation indicators obtained in this calculation are directly determined as valid weights, which can be used for subsequent fusion calculations with objective weights. When the consistency parameter is greater than or equal to the first preset value, the indicator judgment matrix is determined to have significant logical contradictions, and the subjective weights calculated in this calculation are at risk of distortion. Therefore, the steps of constructing the indicator judgment matrix and subsequent steps need to be repeated until the newly calculated consistency parameter is less than the first preset value, and the valid subjective weights are determined.
[0107] In this embodiment, by setting a first preset value as the quantitative standard for consistency judgment, the validity judgment of subjective weights has a clear numerical basis, avoiding vague qualitative judgments. When the consistency parameter is less than the first preset value, the valid weight is directly determined, ensuring the logical rationality of the subjective weights. When the consistency parameter is greater than or equal to the first preset value, the matrix and subsequent steps are repeatedly constructed to eliminate the problem of subjective weight distortion caused by logical contradictions in pairwise comparisons by experts, further ensuring the reliability and usability of subjective weights. Based on this, through a closed-loop process of calculation, verification, and iteration, the subjective weights of the evaluation indicators retain both the experts' business understanding and have strict logical self-consistency.
[0108] In another embodiment, the electronic device may also be based on, for example... Figure 4 The steps S401-S402 shown are for calculating the entropy value of the evaluation index. Details are as follows: S401. For any evaluation indicator, based on the first evaluation value of multiple first evaluation objects in the evaluation indicator, calculate the indicator weight of multiple first evaluation objects respectively.
[0109] The indicator weight is used to describe the relative contribution of the first evaluation object under the evaluation indicator.
[0110] In one embodiment, the indicator weight is a quantitative reflection of the first evaluation value of a single first evaluation object for any evaluation indicator in the cybersecurity maturity assessment. The relative proportion of the first evaluation value of all first evaluation objects under this evaluation indicator is used to describe the relative contribution of that evaluation object to the overall cybersecurity maturity assessment under that indicator dimension. A higher indicator weight indicates a higher contribution of the evaluation object's performance on that indicator to the overall assessment, and vice versa. It is a core pre-quantification parameter in the entropy weight method for calculating the entropy value of the evaluation indicator.
[0111] As an example, for any evaluation index, the electronic device can first perform dimensionless normalization on the first evaluation values of all first evaluation objects under that evaluation index to eliminate dimensional differences. Then, it calculates the sum of all normalized evaluation values under that evaluation index. Finally, it divides the normalized evaluation value of each evaluation object by this sum to obtain the index weight of the corresponding evaluation object.
[0112] It should be noted that, for any evaluation indicator, the first evaluation value of multiple first evaluation objects under that evaluation indicator is used as the basis for calculation. By solving the indicator weight corresponding to each first evaluation object, the relative contribution of each evaluation object under that evaluation indicator is quantitatively represented.
[0113] S402. Calculate the entropy value of the evaluation index based on the weight of multiple indicators.
[0114] In one embodiment, the electronic device can input the weights of multiple indicators into a preset information entropy calculation formula to obtain the entropy value of the evaluation indicator; the information entropy calculation formula is: ; Where j represents the j-th evaluation index, Let m represent the entropy value of the j-th evaluation index, and m represent the number of objects in the first evaluation. This represents the weight of the x-th first evaluation object in the j-th evaluation indicator.
[0115] It should be noted that the calculated... If the logarithm is 0, then lnPij is defined as 0 to avoid making logarithmic calculations meaningless.
[0116] Based on the above formula, through The normalization process ensures that the entropy value remains stable within the 0-1 range, accurately quantifying the information dispersion of the evaluation index among multiple primary assessment objects and objectively reflecting the index's ability to evaluate cybersecurity maturity. Furthermore, the entire calculation process relies on rigorous mathematical logic without any additional subjective intervention, guaranteeing the scientific validity and traceability of the entropy results. It also provides a precise and consistent quantitative basis for subsequent calculations of objective weights based on entropy values, further enhancing the rigor and reliability of the evaluation index weight determination method.
[0117] In this embodiment, for any evaluation indicator, the first evaluation values of multiple first evaluation objects are transformed into indicator weights representing the relative contribution levels. This eliminates computational interference caused by differences in the absolute values and dimensions of the original evaluation values, allowing subsequent entropy value calculations to focus on the distribution characteristics and dispersion of the indicator among the evaluation objects. Then, based on the indicator weights, the entropy value of the evaluation indicator is aggregated and calculated. This accurately extracts the effective evaluation information contained in the indicator from the actual evaluation data, ensuring that the calculated entropy value can truly and objectively reflect the evaluation indicator's ability to assess cybersecurity maturity.
[0118] In another embodiment, the electronic device may also be based on, for example... Figure 5 The calculation of the index proportions in steps S501-S504 is detailed below: S501. Calculate the sum of the first evaluation values of multiple first evaluation objects under the evaluation indicators to obtain the comprehensive evaluation value.
[0119] S502. Determine the maximum evaluation value among the first evaluation values of multiple first evaluation objects under the evaluation indicators.
[0120] S503. Calculate the product of the comprehensive evaluation value and the maximum evaluation value.
[0121] S504. The ratio of the first evaluation value of each of the multiple first evaluation objects to the product of the evaluation indicators shall be determined as the indicator weight of the multiple first evaluation objects.
[0122] In one embodiment, the product is the sum of the first evaluation values of all first evaluation objects under the evaluation index (comprehensive evaluation value), multiplied by the maximum evaluation value among all first evaluation values under the evaluation index. This can be considered as an amplified unified quantitative benchmark that combines the overall scale of the scores and the extreme value level. It not only reflects the total characteristics of the scores of all evaluation objects under the evaluation index, but also avoids the one-sidedness of using only the sum or only the maximum value as the benchmark.
[0123] It should be noted that using the ratio of the first evaluation value of each first evaluation object to the product as the indicator weight can strictly preserve the relative differences of the original scores while avoiding the distortion of the weight caused by the original score values being too small or too large, so that the scores of evaluation objects of different sizes can be stably quantified.
[0124] In this embodiment, a unified quantitative benchmark is constructed by first calculating the product of the comprehensive evaluation value and the maximum evaluation value. Then, the ratio of the first evaluation value of each evaluation object to the product is used as the indicator weight. This fully utilizes the overall scale and extreme value information of the scores of all evaluation objects under the evaluation indicator, constructs a reference benchmark that is more in line with the data distribution, and accurately quantifies the relative contribution of each evaluation object through ratio calculation. This avoids the one-sidedness of a single benchmark and the interference of extreme values, making the calculation of the indicator weight more stable and scientific.
[0125] In another embodiment, the electronic device may also be based on, for example... Figure 6 The steps S601-S603 shown calculate the objective weights. Details are as follows: S601. For any evaluation indicator, calculate the difference between the preset standard value and the entropy value of the corresponding evaluation indicator to obtain the difference coefficient of the evaluation indicator.
[0126] S602. Calculate the sum of multiple difference coefficients.
[0127] S603. The ratio of the difference coefficient to the sum is determined as the objective weight of the evaluation index.
[0128] Among them, the coefficient of difference is positively correlated with the evaluation ability of the evaluation index.
[0129] In one embodiment, the above-mentioned standard value can be set in advance according to the actual situation. For example, the above-mentioned preset value can be 1, and there is no limitation thereto.
[0130] The larger the difference coefficient, the smaller the entropy value, the more significant the difference in scores of the evaluation indicators on different evaluation objects, and the stronger the ability to distinguish (evaluate) cybersecurity maturity; the smaller the difference coefficient, the larger the entropy value, the more similar the scores of the evaluation indicators, and the weaker the evaluation ability.
[0131] For example, if the entropy value of the evaluation index for security incident response time is 0.2 and the difference coefficient is 0.8, it means that the evaluation index can effectively distinguish the emergency response capabilities of different enterprises and has a strong evaluation capability; if the entropy value of the evaluation index for system completeness rate is 0.9 and the difference coefficient is 0.1, it means that the index can hardly distinguish the differences between enterprises and has an extremely weak evaluation capability.
[0132] It should be noted that, in this embodiment, for any evaluation index, the difference between the preset standard value and the entropy value of the corresponding evaluation index is calculated to obtain the difference coefficient of the evaluation index. By using the ratio of the difference coefficient of a single evaluation index to the total difference coefficient, the evaluation ability of each index is transformed into an objective weight that meets the requirement that the total weight is 1. This not only strictly preserves the relative size of the evaluation ability of different indicators, but also gives the weight a standardized attribute that can be directly applied, providing a quantitative basis for the subsequent integration with subjective weights.
[0133] In another embodiment, the accuracy of assessing cybersecurity maturity will gradually decrease as technology changes. Therefore, for the above-mentioned comprehensive weight of objectives, it is necessary to continuously iterate the proportion of variable subjective weights and objective weights to obtain a more scientific and reasonable comprehensive weight of objectives in order to improve the accuracy of the final assessment results.
[0134] As an example, electronic devices can be based on, for example Figure 7 The steps S701-S705 shown update the target composite weights. Details are as follows: S701. Obtain the second evaluation value of the second evaluation object on multiple evaluation indicators.
[0135] S702. The second evaluation value is weighted based on the comprehensive weight of the target to obtain the actual cybersecurity maturity of the second evaluation object.
[0136] In one embodiment, the second evaluation object is similar to the first evaluation object, and the second evaluation value is similar to the first evaluation value; this will not be described in detail. Furthermore, the actual cybersecurity maturity level is the value obtained by multiplying the target comprehensive weight of each evaluation indicator by the corresponding second evaluation value and then summing all the product values.
[0137] S703. Calculate the maturity difference between the preset maturity level and the actual cybersecurity maturity level.
[0138] S704. If the absolute value of the maturity difference is greater than or equal to the second preset value, then adjust the first coefficient and the second coefficient based on the maturity difference.
[0139] S705. Based on the adjusted first and second coefficients, the objective weights and subjective weights are weighted to obtain a new target comprehensive weight.
[0140] In one embodiment, the preset maturity level is a target maturity benchmark value pre-set based on industry standards, corporate strategic goals, or historical best performance before the cybersecurity maturity assessment. For example, power grid companies can set the preset maturity level to a security protection capability of Level 3 or a compliance score of ≥90 points, in accordance with the "Requirements for Cybersecurity Level Protection in the Power Industry," as a reference for measuring whether the actual maturity level meets the standard.
[0141] The aforementioned second preset value is a quantitative threshold (e.g., set to 5 points or 10%) for determining whether the deviation between the actual maturity level and the preset maturity level requires intervention. When the absolute value of the maturity difference is greater than or equal to the second preset value, it indicates that the current target comprehensive weighting ratio (first coefficient, second coefficient) causes the evaluation result to deviate from the target and needs adjustment; if the absolute value of the maturity difference is less than the second preset value, the maturity difference is within an acceptable range, and no coefficient adjustment is required, and the current target comprehensive weighting can be directly used.
[0142] The adjustment method includes, but is not limited to, adding the first adjustment coefficient to the preset adjustment value, or subtracting the preset adjustment value from the first adjustment coefficient.
[0143] It should be noted that since the sum of the first coefficient and the second coefficient is 1, the adjusted second coefficient can be obtained after obtaining the adjusted first coefficient.
[0144] As an example, an electronic device can adjust the first coefficient according to the following formula, detailed below: ; in, This represents the first coefficient after adjustment. Indicates the first coefficient. Indicates the difference in maturity. Indicates the preset maturity level. This indicates the second preset value.
[0145] In this embodiment, by obtaining the second evaluation value of the second assessment object and combining it with the target comprehensive weight to calculate the actual cybersecurity maturity, the target comprehensive weight is combined with the actual assessment scenario, achieving an effective connection between weight determination and maturity assessment. The sum of the target comprehensive weight and the actual maturity is used to calculate the maturity difference between the preset maturity and the actual maturity, and the second preset value is used as a quantitative threshold to determine whether the deviation is within an acceptable range, avoiding vague qualitative judgments and improving the scientific rigor of deviation verification. When the absolute value of the maturity difference is greater than or equal to the second preset value, the first and second coefficients are adjusted based on the maturity difference, and a new target comprehensive weight is obtained through reweighting. This dynamically corrects the proportion of subjective and objective weights in the weight allocation, solving the problem that the target comprehensive weight may deviate from the preset maturity target under fixed coefficients, ensuring that the target comprehensive weight continuously aligns with assessment needs and preset targets, and improving the adaptability and accuracy of the weight.
[0146] In another embodiment, the electronic device may also be based on, for example... Figure 8 The S801-S803 settings show adjustments to the first and second coefficients. Details are as follows: S801. Determine the target coefficient based on the relative magnitude of the absolute value of the maturity difference and the third preset value.
[0147] Among them, the target coefficient is when the absolute value of the maturity difference is greater than the third preset value, and the target coefficient is when the absolute value of the maturity difference is less than or equal to the third preset value.
[0148] In one embodiment, the third preset value is similar to the second preset value, and will not be described further.
[0149] The target coefficient is an adjustment coefficient determined based on the relative magnitude of the absolute value of the maturity difference and a third preset value. It can take either a fixed value of 0 or 1, without limitation. For example, when the absolute value of the maturity difference is greater than or equal to the third preset value, the target coefficient is 1; when the absolute value of the maturity difference is less than the third preset value, the target coefficient is 0, and no coefficient correction is required (the correction intensity is 0). By using a binary value of 0 / 1, precise on / off control of the coefficient correction is achieved, avoiding over-correction for slight deviations and ensuring the rationality of the coefficient adjustment.
[0150] S802. Calculate the product of the maturity difference and the preset coefficient and the target coefficient to obtain the coefficient correction value.
[0151] The aforementioned preset coefficients are pre-set fixed ratio coefficients, which are non-negative numbers between 0 and 1. They are used to limit the basic strength value of the coefficient's single correction range, avoiding the situation where the first coefficient suddenly increases or decreases due to the excessive absolute value of the maturity difference, preventing the distortion of the assessment results caused by sudden changes in the weight ratio, and conforming to the actual needs of smooth weight optimization in cybersecurity maturity assessment.
[0152] Among them, the coefficient correction value is a quantitative value obtained by multiplying the maturity difference, the preset coefficient, and the target coefficient. It is directly used as the basis for adjusting the first coefficient. The adjusted first coefficient is obtained by performing a difference operation with the original first coefficient, so that the adjustment of the first coefficient has a clear and controllable quantitative standard, ensuring the scientific nature and repeatability of the coefficient adjustment.
[0153] S803. Calculate the difference between the first coefficient and the coefficient correction value to obtain the adjusted first coefficient, and calculate the adjusted second coefficient based on the adjusted first coefficient.
[0154] The method for determining the second coefficient after obtaining the adjusted first coefficient can be referred to the example description in S705 above, and will not be explained further.
[0155] In this embodiment, a third preset value is used to classify and determine the degree of maturity deviation and establish a target coefficient, achieving binary switch control for coefficient correction. This accurately distinguishes whether to perform intensity correction for different degrees of deviation, effectively avoiding over-correction for minor deviations and under-correction for significant deviations. Subsequently, the coefficient correction value is obtained by multiplying the maturity difference, the preset coefficient, and the target coefficient. The preset coefficient strictly limits the magnitude of a single coefficient correction, preventing sudden increases or decreases in the first coefficient and avoiding the distortion of evaluation results caused by abrupt changes in weighting ratios, thus ensuring the stability and rationality of coefficient adjustment. Simultaneously, the difference between the first coefficient and the coefficient correction value is calculated to obtain the adjusted first coefficient, and the adjusted second coefficient is derived concurrently, giving the coefficient adjustment process rigorous mathematical logic and repeatable quantitative standards. Therefore, through the above steps, the scientific nature and controllability of coefficient adjustment can be effectively improved, making the adjusted coefficient more suitable for the requirements of the preset maturity target.
[0156] It should be understood that the sequence number of each step in the above embodiments does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application.
[0157] Please see Figure 9 , Figure 9 This is a schematic diagram of the structure of a network security maturity assessment device provided in an embodiment of this application. The network security maturity assessment device in this embodiment includes modules used for performing... Figures 1 to 8The steps in the corresponding embodiments. Please refer to the details. Figures 1 to 8 as well as Figures 1 to 8 The relevant descriptions in the corresponding embodiments are shown below. For ease of explanation, only the parts relevant to this embodiment are shown. See also... Figure 9 The network security maturity assessment device 900 may include: a first construction module 910, a first computing module 920, a second construction module 930, a second computing module 940, a third computing module 950, a fourth computing module 960, and an assessment module 970, wherein: The first construction module 910 is used to construct an indicator judgment matrix based on the subjective relative importance of multiple evaluation indicators of the same level for assessing network security maturity. The element in the i-th row and j-th column of the indicator judgment matrix is used to describe the subjective relative importance of the evaluation indicator corresponding to the i-th row relative to the evaluation indicator corresponding to the j-th column. The evaluation indicators are divided into multi-level power grid field evaluation indicators.
[0158] The first calculation module 920 is used to perform normalization calculations on multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to the multiple evaluation indicators.
[0159] The second construction module 930 is used to construct an initial evaluation matrix based on the first evaluation values of multiple first evaluation objects on multiple evaluation indicators.
[0160] The second calculation module 940 is used to calculate the entropy value of the evaluation index corresponding to multiple evaluation indicators based on multiple first evaluation values; the entropy value of the evaluation index is used to reflect the evaluation ability of the evaluation index to assess the maturity of cybersecurity.
[0161] The third calculation module 950 is used to calculate the objective weights of multiple evaluation indicators based on the entropy values of multiple evaluation indicators.
[0162] The fourth calculation module 960 is used to obtain the target comprehensive weight of any evaluation indicator based on the subjective and objective weights corresponding to the evaluation indicator.
[0163] Assessment module 970 is used to assess cybersecurity maturity based on a comprehensive weighted assessment of objectives. In one embodiment, the evaluation indicators are divided into three levels for the power grid sector. The first level includes cybersecurity strategy and governance, cybersecurity technology and protection, and cybersecurity effectiveness and assurance. The second level, corresponding to cybersecurity strategy and governance, includes cybersecurity strategy and management and organizational support. The second level, corresponding to cybersecurity technology and protection, includes basic security protection, advanced protection and detection, and emergency response and recovery. The second level, corresponding to cybersecurity effectiveness and assurance, includes safe operation efficiency, industry and ecosystem synergy, and continuous improvement and innovation. The third level, corresponding to cybersecurity strategy, includes top-level cybersecurity design and systems, and the alignment of cybersecurity strategy with business operations. The third level, corresponding to management and organizational support, includes the soundness of the cybersecurity organizational structure, the completeness of cybersecurity management systems, and the implementation and assessment of security responsibilities. The third-level indicators for basic security protection include network boundary security deployment rate, host and terminal security protection rate, and application and data security protection rate. The third-level indicators for advanced protection and detection include intrusion detection / threat awareness capabilities, situational awareness and monitoring coverage, and identity access control maturity. The third-level indicators for emergency response and recovery include emergency response capability index, incident handling closure rate, and backup and disaster recovery effectiveness. The third-level indicators for secure operation efficiency include security incident incidence rate, average security incident handling time, and system secure operation time. The third-level indicators for industry and ecosystem collaboration include the degree of collaboration with government / industry, information sharing and linkage capabilities. The third-level indicators for continuous improvement and innovation include the continuous improvement rate of security capabilities and the application of emerging technologies.
[0164] In one embodiment, the network security maturity assessment device 900 further includes: The fifth calculation module is used to calculate the consistency parameter based on the largest eigenvalue of the indicator judgment matrix and the number of evaluation indicators; the consistency parameter is used to reflect the degree to which the indicator judgment matrix deviates from complete consistency.
[0165] The determination module is used to determine multiple subjective weights as valid weights when the consistency parameter is less than a first preset value.
[0166] The execution module is used to repeatedly execute the steps of constructing the indicator judgment matrix and subsequent steps when the consistency parameter is greater than or equal to the first preset value, until multiple subjective weights are determined to be effective weights.
[0167] In one embodiment, the second calculation module 940 is further configured to: For any evaluation indicator, based on the first evaluation value of multiple first evaluation objects in the evaluation indicator, the indicator weight of each of the multiple first evaluation objects is calculated; the indicator weight is used to describe the relative contribution of the first evaluation object under the evaluation indicator; the entropy value of the evaluation indicator is calculated based on the multiple indicator weights.
[0168] In one embodiment, the second calculation module 940 is further configured to: Calculate the sum of the first evaluation values of multiple first evaluation objects under the evaluation indicators to obtain the comprehensive evaluation value; determine the maximum evaluation value among the first evaluation values of multiple first evaluation objects under the evaluation indicators; calculate the product of the comprehensive evaluation value and the maximum evaluation value; and determine the indicator weight of multiple first evaluation objects as the ratio of the first evaluation value and the product of the evaluation indicators.
[0169] In one embodiment, the second calculation module 940 is further configured to: The weights of multiple indicators are input into a preset information entropy calculation formula to obtain the entropy value of the evaluation indicators; the information entropy calculation formula is as follows: ; Where j represents the j-th evaluation index, Let m represent the entropy value of the j-th evaluation index, and m represent the number of objects in the first evaluation. This represents the weight of the x-th first evaluation object in the j-th evaluation indicator.
[0170] In one embodiment, the third computing module 950 is further used for For any evaluation indicator, calculate the difference between the preset standard value and the entropy value of the corresponding evaluation indicator to obtain the difference coefficient of the evaluation indicator; the difference coefficient is positively correlated with the evaluation ability of the evaluation indicator; calculate the sum of multiple difference coefficients; and determine the objective weight of the evaluation indicator by the ratio of the difference coefficient to the sum.
[0171] In one embodiment, the fourth calculation module 960 is further configured to: The product of the subjective weight and the first coefficient is summed with the product of the objective weight and the second coefficient to obtain the target comprehensive weight; the sum of the first coefficient and the second coefficient is 1.
[0172] In one embodiment, the network security maturity assessment device 900 further includes: The acquisition module is used to acquire the second evaluation value of the second evaluation object on multiple evaluation indicators.
[0173] The first weighting module is used to weight the second evaluation value based on the target comprehensive weight to obtain the actual cybersecurity maturity of the second evaluation object.
[0174] The sixth calculation module is used to calculate the maturity difference between the preset maturity level and the actual network security maturity level.
[0175] The adjustment module is used to adjust the first coefficient and the second coefficient based on the maturity difference if the absolute value of the maturity difference is greater than or equal to the second preset value.
[0176] The second weighting module is used to weight the objective weights and subjective weights based on the adjusted first and second coefficients to obtain a new target comprehensive weight.
[0177] In one embodiment, the adjustment module is further configured to: The target coefficient is determined based on the relative magnitude of the absolute value of the maturity difference and the third preset value; the target coefficient is determined when the absolute value of the maturity difference is greater than the third preset value, and the target coefficient is determined when the absolute value of the maturity difference is less than or equal to the third preset value; the product of the maturity difference, the preset coefficient, and the target coefficient is calculated to obtain the coefficient correction value; the difference between the first coefficient and the coefficient correction value is calculated to obtain the adjusted first coefficient, and the adjusted second coefficient is calculated based on the adjusted first coefficient.
[0178] When it is understood that, Figure 9 In the schematic diagram of the cybersecurity maturity assessment device shown, each module is used to perform... Figures 1 to 8 The steps in the corresponding embodiments, and for Figures 1 to 8 The steps in the corresponding embodiments have been explained in detail in the above embodiments. Please refer to them for details. Figures 1 to 8 as well as Figures 1 to 8 The relevant descriptions in the corresponding embodiments will not be repeated here.
[0179] Figure 10 This is a schematic diagram of the structure of an electronic device provided in one embodiment of this application. Figure 10 As shown, the electronic device 1000 of this embodiment includes: a processor 1010, a memory 1020, and a computer program 1030 stored in the memory 1020 and executable on the processor 1010, such as a program for a network security maturity assessment method. When the processor 1010 executes the computer program 1030, it implements the steps in the various embodiments of the network security maturity assessment methods described above, for example... Figure 1 S101 to S107 are shown. Alternatively, the processor 1010 implements the above when executing the computer program 1030. Figure 9 The functions of each module in the corresponding embodiments, for example, Figure 9 For details on the functions of each module shown, please refer to [link / reference]. Figure 9 The relevant descriptions in the corresponding embodiments.
[0180] For example, computer program 1030 can be divided into one or more modules, one or more of which are stored in memory 1020 and executed by processor 1010 to implement the network security maturity assessment method provided in this application embodiment. One or more modules can be a series of computer program instruction segments capable of performing specific functions, which describe the execution process of computer program 1030 in electronic device 1000. For example, computer program 1030 can implement the network security maturity assessment method provided in this application embodiment.
[0181] Electronic device 1000 may include, but is not limited to, processor 1010 and memory 1020. Those skilled in the art will understand that... Figure 10 This is merely an example of electronic device 1000 and does not constitute a limitation on electronic device 1000. It may include more or fewer components than shown, or combine certain components, or different components. For example, electronic device may also include input / output devices, network access devices, buses, etc.
[0182] The processor 1010 may be a central processing unit, or it may be other general-purpose processors, digital signal processors, application-specific integrated circuits, off-the-shelf programmable gate arrays or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor may be a microprocessor or any conventional processor, etc.
[0183] The memory 1020 can be an internal storage unit of the electronic device 1000, such as a hard disk or memory of the electronic device 1000. The memory 1020 can also be an external storage device of the electronic device 1000, such as a plug-in hard disk, smart memory card, flash memory card, etc. equipped on the electronic device 1000. Furthermore, the memory 1020 can include both internal storage units and external storage devices of the electronic device 1000.
[0184] This application provides a computer-readable storage medium, including a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the computer program, it implements the network security maturity assessment method as described in the above embodiments.
[0185] This application provides a computer program product that, when run on an electronic device, causes the electronic device to execute the network security maturity assessment method described in the above embodiments.
[0186] The above embodiments are only used to illustrate the technical solutions of this application, and are not intended to limit them. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features. Such modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application, and should all be included within the protection scope of this application.
Claims
1. A method for assessing cybersecurity maturity, characterized in that, The method includes: For multiple evaluation indicators at the same level used to assess cybersecurity maturity, an indicator judgment matrix is constructed based on the subjective relative importance of the evaluation indicators. The element in the i-th row and j-th column of the indicator judgment matrix is used to describe the subjective relative importance of the evaluation indicator corresponding to the i-th row relative to the evaluation indicator corresponding to the j-th column. The evaluation indicators are divided into multi-level power grid field evaluation indicators. Normalize the multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to the multiple evaluation indicators respectively; An initial evaluation matrix is constructed based on the first evaluation values of multiple first evaluation objects on multiple evaluation indicators; Based on multiple first evaluation values, the entropy values of multiple evaluation indicators are calculated respectively; the entropy values of the evaluation indicators are used to reflect the evaluation ability of the evaluation indicators to assess cybersecurity maturity. The objective weights of the multiple evaluation indicators are calculated based on their entropy values. For any of the evaluation indicators, the target comprehensive weight of the evaluation indicator is obtained based on the subjective weight and the objective weight corresponding to the evaluation indicator. The cybersecurity maturity level is assessed based on the comprehensive weight of the aforementioned objectives.
2. The method according to claim 1, characterized in that, The evaluation indicators are divided into three levels for the power grid sector. The first level includes cybersecurity strategy and governance, cybersecurity technology and protection, and cybersecurity effectiveness and assurance. The second level, corresponding to cybersecurity strategy and governance, includes cybersecurity strategy and management and organizational support. The second level, corresponding to cybersecurity technology and protection, includes basic security protection, advanced protection and detection, and emergency response and recovery. The second level, corresponding to cybersecurity effectiveness and assurance, includes safe operation efficiency, industry and ecosystem synergy, and continuous improvement and innovation. The third level, corresponding to cybersecurity strategy, includes top-level cybersecurity design and systems, and the alignment of cybersecurity strategy with business operations. The third level, corresponding to management and organizational support, includes the soundness of the cybersecurity organizational structure, the completeness of cybersecurity management systems, the implementation of security responsibilities and assessment mechanisms, and security budget and personnel investment. The third-level indicators corresponding to the basic security protection include network boundary security deployment rate, host and terminal security protection rate, and application and data security protection rate; the third-level indicators corresponding to the advanced protection and detection include intrusion detection / threat perception capability, situational awareness and monitoring coverage, and identity access control maturity; the third-level indicators corresponding to emergency response and recovery include emergency response capability index, incident handling closed-loop rate, and backup and disaster recovery effectiveness; the third-level indicators corresponding to security operation efficiency include security incident occurrence rate, average security incident handling time, and system secure operation time; the third-level indicators corresponding to industry and ecosystem collaboration include the degree of collaboration with government / industry, and information sharing and linkage capabilities; and the third-level indicators corresponding to continuous improvement and innovation include the continuous improvement rate of security capabilities and the application of emerging technologies.
3. The method according to claim 1, characterized in that, After performing eigenvalue normalization calculation on multiple elements in the indicator judgment matrix to obtain the subjective weights corresponding to the multiple evaluation indicators, the method further includes: Based on the largest eigenvalue of the indicator judgment matrix and the number of evaluation indicators, a consistency parameter is calculated; the consistency parameter is used to reflect the degree to which the indicator judgment matrix deviates from complete consistency. When the consistency parameter is less than a first preset value, multiple subjective weights are determined to be valid weights; When the consistency parameter is greater than or equal to the first preset value, the steps of constructing the indicator judgment matrix and subsequent steps are repeated until multiple subjective weights are determined to be effective weights.
4. The method according to claim 1, characterized in that, The step of calculating the entropy values of the evaluation indicators corresponding to the multiple evaluation indicators based on the multiple first evaluation values includes: For any of the evaluation indicators, based on the first evaluation values of multiple first evaluation objects under the evaluation indicator, the indicator weights of multiple first evaluation objects are calculated respectively; the indicator weights are used to describe the relative contribution of the first evaluation objects under the evaluation indicator. The entropy value of the evaluation index is calculated based on the weight of multiple indicators.
5. The method according to claim 4, characterized in that, The step of calculating the index weight of each of the first evaluation objects based on their first evaluation values on the evaluation index includes: Calculate the sum of the first evaluation values of multiple first evaluation objects under the evaluation indicators to obtain the comprehensive evaluation value; Determine the maximum evaluation value among the first evaluation values of multiple first evaluation objects under the evaluation index; Calculate the product of the comprehensive evaluation value and the maximum evaluation value; The ratio of the first evaluation value of each of the first evaluation objects to the product of the evaluation index is determined as the index weight of the first evaluation objects.
6. The method according to claim 4, characterized in that, The calculation of the entropy value of the evaluation index based on the weight of multiple indicators includes: The weights of the multiple indicators are input into a preset information entropy calculation formula to obtain the entropy value of the evaluation indicator; the information entropy calculation formula is: ; Where j represents the j-th evaluation index, Let m represent the entropy value of the j-th evaluation index, and m represent the number of the first evaluation objects. This indicates the weight of the x-th first evaluation object in the j-th evaluation indicator.
7. The method according to claim 1, characterized in that, The step of calculating the objective weights of the multiple evaluation indicators based on their entropy values includes: For any of the evaluation indicators, the difference between the preset standard value and the entropy value of the evaluation indicator corresponding to the evaluation indicator is calculated to obtain the difference coefficient of the evaluation indicator; the difference coefficient is positively correlated with the evaluation ability of the evaluation indicator. Calculate the sum of the multiple difference coefficients; The ratio of the difference coefficient to the sum is determined as the objective weight of the evaluation index.
8. The method according to claim 1, characterized in that, The process of obtaining the target comprehensive weight of the evaluation index based on the subjective weight and the objective weight corresponding to the evaluation index includes: The target comprehensive weight is obtained by multiplying the subjective weight and the first coefficient by the objective weight and the second coefficient; the sum of the first coefficient and the second coefficient is 1.
9. The method according to claim 8, characterized in that, After obtaining the target comprehensive weight of the evaluation index based on the subjective weight and the objective weight corresponding to the evaluation index, the method further includes: Obtain the second evaluation value of the second evaluation object on multiple evaluation indicators; The second evaluation value is weighted based on the target comprehensive weight to obtain the actual cybersecurity maturity of the second evaluation object; Calculate the maturity difference between the preset maturity level and the actual network security maturity level; If the absolute value of the maturity difference is greater than or equal to the second preset value, then the first coefficient and the second coefficient are adjusted based on the maturity difference; The objective weight and the subjective weight are weighted based on the adjusted first coefficient and second coefficient to obtain the new target comprehensive weight.
10. The method according to claim 9, characterized in that, If the maturity difference is greater than or equal to a second preset value, then the first coefficient and the second coefficient are adjusted based on the difference, including: The target coefficient is determined based on the relative magnitude of the absolute value of the maturity difference and the third preset value; the target coefficient is when the absolute value of the maturity difference is greater than the third preset value, and the target coefficient is when the absolute value of the maturity difference is less than or equal to the third preset value. Calculate the product of the maturity difference, the preset coefficient, and the target coefficient to obtain the coefficient correction value; The difference between the first coefficient and the coefficient correction value is calculated to obtain the adjusted first coefficient, and the adjusted second coefficient is calculated based on the adjusted first coefficient.