CN103366244A - Method and system for acquiring network risk value in real time - Google Patents
Method and system for acquiring network risk value in real time Download PDFInfo
- Publication number
- CN103366244A CN103366244A CN2013102433332A CN201310243333A CN103366244A CN 103366244 A CN103366244 A CN 103366244A CN 2013102433332 A CN2013102433332 A CN 2013102433332A CN 201310243333 A CN201310243333 A CN 201310243333A CN 103366244 A CN103366244 A CN 103366244A
- Authority
- CN
- China
- Prior art keywords
- risk
- value
- real
- probability
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a system for acquiring a network risk value in real time. According to the method and the system, data values under real-time risk analysis indexes in a risk control field selected by a user are acquired in real time, and the risk value to be subjected to risk value computation in the risk control field can be finally obtained by potential threat probability analysis, vulnerability probability analysis and asset value computation. The problems that only the risk value between a service and asset in a network system can be regularly computed in the conventional risk analysis process, and dependence on an expert is necessary are solved, so that the workload of risk assessment can be greatly reduced, and a result more objective than that obtained by the conventional risk value computation can be obtained.
Description
Technical field
The present invention relates to information security field, in particular a kind of method and system of Real-time Obtaining network risks value.
Background technology
Traditional risk assessment process can be divided into following several stages:
Phase one: determine scope of assessment and asset identification stage, flow process and the running environment of investigation and understanding user network system business are determined the border of scope of assessment and the all-network system in the scope; Identification and appraisal are that all assets in the scope of assessment are identified, and the impact size that may cause after the investigation assets destruction, according to the size of impact assets are carried out relative assignment.
Subordinate phase: security threat/vulnerability assessment phase.Every kind of possibility that threatens generation that appraise assets faces; Fragility inspection, particularly technical elements that vulnerability assessment is then carried out from technology, management, tactful aspect are carried out system scan and the manually assessment of selective examination with long-range and local dual mode.This assessment is carried out for all assets.
Phase III: the analysis phase of risk.By the data of assessing above analyzing, carry out value-at-risk and calculate, distinguish and the affirmation high risk factor.
Quadravalence section: the management phase of risk.This one-phase mainly is to sum up whole risk assessment process, formulates the relevant risk control strategy, sets up Risk Assessment Report, implements some urgent risk control measure.
The risk assessment process is not to finish once just to be over, and according to the PDCA circulation, the risk assessment meeting continues repeatedly to carry out.
Each risk assessment, all need asset identification, for assets impend, the identification of fragility, existing control measure.
Constituent parts is generally followed traditional methods of risk assessment opinion in Security Construction and management process, by engaging the mode of external experts, the operation system of our unit is carried out risk assessment, general annual 1-2 time.But mainly there are some problems in traditional methods of risk assessment opinion, mainly comprises:
1, workload is large, and assessment cycle is long.The tradition risk assessment be one time-consuming, the expense manpower process, wherein the most time-consuming be exactly asset identification, to identification assets carry out fragility and threat identification.
2, expert's dependence is high.The tradition risk assessment is carried out the judgement of assets assignment, fragility, risk probability mainly based on knowledge base by the expert, and often different appraisers larger difference occurs to the judgement of same risk.
3, risk assessment is inaccurate.The tradition risk assessment is to come the calculation risk value by the probability that threatens generation, but in the actual conditions, often the smaller threat of some probability causes business risk; Traditional risk assessment is often ignored for the smaller risk of value-at-risk, but in actual conditions, often owing to the accumulation of some little risks can not in time be found dynamically, causes business is impacted.
4, risk assessment is untimely.The variation of the assets such as business, flow process, assets, management and personnel causes the variation of risk, can not in time find the impact on risk; The application of new technique causes managing and operation flow changes the risk of bringing and can not in time identify and process; The unknown threat is because the generation of new attack mode and new threat causes in time finding risk.
4, the profound level of operation system and IT assets relation can't embody.The direct relation of operation system and IT assets is mainly described in the tradition risk assessment, but can't be described for the IT assets dependence between operation system, implication relation etc.Be that traditional risk assessment is mainly analyzed by the linear relationship of operation system and IT assets, and can't analyze the network relation between operation system group and IT assets.
Therefore, prior art has yet to be improved and developed.
Summary of the invention
The technical problem to be solved in the present invention is, defects for prior art, a kind of method and system of Real-time Obtaining network risks value are provided, it can carry out value-at-risk according to the data that collect in real time and calculate, greatly reduce when obtaining the value-at-risk workload, obtain than the more objective result of obtaining of traditional value-at-risk.
The technical scheme that technical solution problem of the present invention adopts is as follows:
A kind of method of Real-time Obtaining network risks value wherein, comprises the following methods step:
The data value under the real-time venture analysis index is obtained in the corresponding risk control of the described instruction territory in A, the instruction of sending according to the user;
Venture analysis achievement data value when in B, the real-time venture analysis achievement data value that will obtain and this risk control territory alarm/event occuring is compared, and calculates the potential threat probability that exists in the network system;
The fragility probability that the data value that adopts in C, the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting is compared and calculated this network system;
D, utilize assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value to calculate;
E, the potential threat probability that calculates and the fragility probable value that calculates network system multiplied each other obtain the possibility probability that occurs loss in this network system, the data value that fragility probability and assets value are calculated multiplies each other and obtains the probability that loses in the network system; The probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.
The method of described Real-time Obtaining network risks value wherein, also comprises step:
F, with the value-at-risk of obtaining, calculate real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
The method of described Real-time Obtaining network risks value, wherein, described method also comprises:
G. carry out the risk real-time early warning according to the size of value-at-risk, adopt different colors that the risk class that calculates is showed.
The method of described Real-time Obtaining network risks value, wherein, the mutual relationship between described owner's element, operation flow element, application element, hardware elements, system element and the architecture element is:
Annexation, dependence, ATM layer relationsATM, set relations, sequence relation and spatial relationship.
A kind of system of Real-time Obtaining network risks value wherein, comprising:
Data acquisition module is used for obtaining real-time venture analysis achievement data value under the corresponding risk control of the described instruction territory according to the instruction that the user sends;
The threat probabilities analysis module, the venture analysis achievement data value when the real-time venture analysis achievement data value that is used for obtaining with this risk control territory alarm/event occurs is compared, and calculates the potential threat probability that exists in this network system;
Fragility probability analysis module is used for the fragility probability that the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting combine and calculate this network system;
The assets value computing module is used for utilizing the assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value and calculates;
The value-at-risk acquisition module, being used for the potential threat probability that will calculate multiplies each other with the fragility probable value that calculates and obtains the possibility probability that loss appears in this network system, the data value that fragility probability and assets value are calculated multiplies each other and obtains the probability that loses in the network system, and the probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.
The system of described Real-time Obtaining network risks value, wherein, described system also comprises:
Risk class is divided module, is used for the value-at-risk of obtaining, and calculates real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
The system of described Real-time Obtaining network risks value, wherein, described system also comprises the risk class display module, is used for carrying out the risk real-time early warning according to the size of value-at-risk, adopts different colors that the risk class that calculates is showed.
The method and system of a kind of Real-time Obtaining network risks value provided by the present invention, the data value of risk analysis indexes under the risk control territory that this Real-time Obtaining user of system selectes, this data value information and the threat identification model of foundation, described fragility calculated and described asset valuation model combines and carries out value-at-risk and calculate, draw the result of value-at-risk.Therefore the data variation in the real-time venture analysis index in the risk control territory that risk analysis method provided by the invention can be real-time goes out in selected to the user combines to carry out venture analysis with described model, and provide the result of value-at-risk, therefore, can overcome in the prior art dependence to the expert, provide more objectively value-at-risk, for the assessment of professional and IT assets is provided convenience.
Description of drawings
Fig. 1 is the method step process flow diagram of a kind of Real-time Obtaining network risks value provided by the invention.
Fig. 2 is the real-time routine synoptic diagram of concrete application of the method for a kind of Real-time Obtaining network risks value provided by the invention.
Fig. 3 is the principle assumption diagram of the system of a kind of Real-time Obtaining network risks value provided by the invention.
Embodiment
The method and system of a kind of Real-time Obtaining network risks value provided by the present invention, clearer, clear and definite for making purpose of the present invention, technical scheme and advantage, developing simultaneously referring to accompanying drawing, the present invention is described in more detail for embodiment.Should be appreciated that specific embodiment described herein only in order to explain the present invention, is not intended to limit the present invention.
Be illustrated in figure 1 as the block diagram of a kind of network risk assessment method provided by the invention, as shown in the figure, described step comprises:
The data value under the real-time venture analysis index is obtained in the corresponding risk control of the described instruction territory in S1, the instruction of sending according to the user;
The user presets out the risk control territory of concern and the real-time venture analysis index under this risk control territory according to their business needs.
Concrete, described risk control territory mainly comprises: network risks, IT assets baseline be risk in violation of rules and regulations, the leak risk, organize manpower risk and user behavior risk etc., the user can be set as outline according to the selected some or several risk controls territory of the needs of oneself.
Described real-time venture analysis index is the index that can reflect in the risk control territory that the key factor relevant with risk is relevant, marks out the possibility that risk occurs.For example the venture analysis index can comprise in real time: in real time abnormal flow, in real time abnormal behaviour, in real time attack etc.
Gather the data under the described real-time venture analysis index.In concrete real-time process, by JDBC, ODBC, SNMP, TCP, FTP, Syslog, the modes such as File, Agent, corresponding IT assets are carried out real-time data acquisition.Take network risks as example, dock or flow analysis system by modes such as JDBC, obtain the events such as real-time exception flow of network, abnormal behaviour, attack, in conjunction with to source IP, purpose IP, MAC Address analysis etc., judge risk mainly will affect which operation system, which operation flow etc.
Venture analysis achievement data value when in S2, the real-time venture analysis achievement data value that will obtain and this risk control territory alarm/event occuring is compared, and calculates the potential threat probability that exists in the network system.
The pre-stored priming the pump analysis indexes data that generation alarm/event in this risk control territory is arranged in system, with the venture analysis achievement data value obtained in the above-mentioned steps therewith priming the pump analysis indexes data compare, according to difference between the two, analyze the size that has the potential threat probability in this risk control territory.To exceed this priming the pump analysis indexes more when the data of obtaining, and are judged as then that to occur the probability that threatens in this risk control territory just larger.
The data value that adopts in S3, the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting is compared, and calculates the fragility probability of this network system.
Default one for the risk baseline of guaranteeing security of system in the network that will assess, with the real-time venture analysis achievement data value obtained therewith in the risk baseline data value during selected security implementation compare, draw the fragility probability of this network system.
S4, utilize assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value to calculate.
Concrete, what pre-stored assets assessment model can be in several assets assessment models commonly used in the prior art is a kind of.
By the assets assessment model assets in the risk control territory of user selection are carried out assets value and calculate, draw the close value of assets in this risk control territory.
S5, will comment the potential threat probability that calculates and the fragility probable value that calculates network system to multiply each other to obtain the possibility probability that occurs loss in this network system, the fragility probable value that calculates and the data value that calculates assets value multiplied each other obtain the probability that loses in the network system, and the probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.
The data value that calculates among the above-mentioned steps S2-S4 is carried out analyzing and processing, finally obtain corresponding value-at-risk under the user-selected risk control territory.
As shown in Figure 2, the concrete application implementation process flow diagram of Real-time Obtaining network risks value among the present invention, to collect to such an extent that the in real time identification that impends of the data under the risk control territory is calculated, carrying out system vulnerability according to the risk baseline calculates, according to the relation of each key element between business and the assets, carry out the calculating of assets value.Combined by the probability of the threat identification that calculates and fragility probability and to obtain the probability of loss possibility, the calculated value of fragility probability and assets value is combined obtain the loss value, will lose the possibility probability and combine with the loss value, obtain final value-at-risk.
Preferably, above-described embodiment can also be made the optimization of following aspect:
1, with the value-at-risk of obtaining, calculates real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
This system object relational model draws according to the guidance of OBASHI methodology, in the relation of operation system and IT assets, relate to 6 essential elements, be respectively: owner's element, operation flow element, application element, hardware elements, system element and architecture element, mutual relationship between above-mentioned 6 elements, therefore namely reflect the relation between operation system and the IT assets, going out to send to set up relational model between operation system and the IT assets with the relation between above-mentioned 6 elements in this step.
Concrete, the relation of above-mentioned 6 elements can be divided into following several types:
1) annexation, namely two-way relation interconnects between elements A and the element B, and the change of elements A has influence on element B, and element B changes and has influence on elements A.
2) dependence, i.e. unidirectional relationship, the change of Elements C relies on the change of other element or a plurality of elements.
3) ATM layer relationsATM, namely 2 elements or a plurality of element are placed on same layer, then have ATM layer relationsATM.
4) set relations, element can be placed in the set, and an element can belong to one or more set.
5) sequence relation, i.e. the tabulation of element, adjacent element may be annexation or dependence in the tabulation.
6) spatial relationship, the i.e. relation of physical location between element.
By between 6 elements, setting up above-mentioned relation, just can carry out modeling to the relation of business and IT assets from a plurality of dimensions.
2. carry out the risk real-time early warning according to the size of value-at-risk, adopt different colors that the risk class that calculates is showed.
Concrete, adopt different colors that the risk class that calculates is showed in the above-mentioned Object Relational Model figure that designs with calculating real-time risk class.
The method of a kind of Real-time Obtaining network risks value provided by the invention is because adopt the instruction of sending according to the user to obtain the data value under the real-time venture analysis index in the corresponding risk control of the described instruction territory; The data value that the potential threat probability that calculates, the fragility probable value that calculates network system and assets value are calculated combines and obtains the value-at-risk that exists in the network system, for processing based on automatic data collection and data, finally assess out the value-at-risk in the network system, thereby realized in real time system being carried out value-at-risk calculating and having avoided because carry out the larger subjectivity that risk assessment brings by the expert, therefore for realizing that more intelligentized Network Risk Assessment provides convenience.
The present invention also provides a kind of system of Real-time Obtaining network risks value, and as shown in Figure 3, described system comprises:
Threat probabilities analysis module 20, the venture analysis achievement data value when the real-time venture analysis achievement data value that is used for obtaining with this risk control territory alarm/event occurs is compared, and calculates the potential threat probability that exists in this network system; Its function is identical with said method step S2.
Fragility probability analysis module 30 is used for the fragility probability that the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting combine and assess out this network system; Its function is identical with said method step S3.
Assets value computing module 40 is used for utilizing the assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value and calculates; Its function is identical with said method step S4.
Value-at-risk acquisition module 50, being used for the potential threat probability that will assess out multiplies each other with the fragility probable value that calculates and obtains the possibility probability that loss appears in this network system, and the data value that the fragility probable value that calculates and assets value are calculated multiplied each other obtain the probability that loses in the network system, and the probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.Its function is identical with said method step S5.
On the basis of above-mentioned module, described system can also comprise:
Risk class is divided module, is used for the assessed value of obtaining, and calculates real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
The risk class display module is used for carrying out the risk real-time early warning according to the size of value-at-risk, adopts different colors that the risk class that calculates is showed.
The method and system of a kind of Real-time Obtaining network risks value provided by the invention, because the data value under the lower real-time venture analysis index in the risk control territory of in real time user being selected gathers, and carry out assets value by potential threat probability analysis, fragility probability analysis and assets and calculate, thereby the value-at-risk under the final risk control territory that obtains to carry out value-at-risk calculating that is to say described network risks value.Method and system provided by the invention has overcome in traditional Risk Analysis Process and can only calculate the value-at-risk that exists between the business in the network system and the assets regularly its, and must rely on expert's problem, described method and system are the workload of reduce the risk value greatly not only, and can be in real time carry out value-at-risk to network and calculate, adopt the expert to assess more objective value-at-risk result in obtaining when calculating than traditional value-at-risk.
Should be understood that application of the present invention is not limited to above-mentioned giving an example, for those of ordinary skills, can be improved according to the above description or conversion that all these improvement and conversion all should belong to the protection domain of claims of the present invention.
Claims (7)
1. the method for a Real-time Obtaining network risks value is characterized in that, comprises the following methods step:
The data value under the real-time venture analysis index is obtained in the corresponding risk control of the described instruction territory in A, the instruction of sending according to the user;
Venture analysis achievement data value when in B, the real-time venture analysis achievement data value that will obtain and this risk control territory alarm/event occuring is compared, and calculates the potential threat probability that exists in the network system;
The fragility probability that the data value that adopts in C, the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting is compared and calculated this network system;
D, utilize assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value to calculate;
E, the potential threat probability that calculates and the fragility probable value that calculates network system multiplied each other obtain the possibility probability that occurs loss in this network system, the data value that fragility probability and assets value are calculated multiplies each other and obtains the probability that loses in the network system; The probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.
2. the method for described Real-time Obtaining network risks value according to claim 1 is characterized in that, also comprises step F:
F, with the value-at-risk of obtaining, calculate real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
3. the method for described Real-time Obtaining network risks value according to claim 2 is characterized in that described method also comprises:
G. carry out the risk real-time early warning according to the size of value-at-risk, adopt different colors that the risk class that calculates is showed.
4. the method for described Real-time Obtaining network risks value according to claim 2 is characterized in that the mutual relationship between described owner's element, operation flow element, application element, hardware elements, system element and the architecture element is:
Annexation, dependence, ATM layer relationsATM, set relations, sequence relation and spatial relationship.
5. the system of a Real-time Obtaining network risks value is characterized in that, comprising:
Data acquisition module is used for obtaining real-time venture analysis achievement data value under the corresponding risk control of the described instruction territory according to the instruction that the user sends;
The threat probabilities analysis module, the venture analysis achievement data value when the real-time venture analysis achievement data value that is used for obtaining with this risk control territory alarm/event occurs is compared, and calculates the potential threat probability that exists in this network system;
Fragility probability analysis module is used for the fragility probability that the real-time venture analysis achievement data value that will obtain and the risk baseline of presetting combine and calculate this network system;
The assets value computing module is used for utilizing the assets in the corresponding risk control of the instruction territory that pre-stored assets assessment model sends the user to carry out assets value and calculates;
The value-at-risk acquisition module, being used for the potential threat probability that will calculate multiplies each other with the fragility probable value that calculates and obtains the possibility probability that loss appears in this network system, the data value that fragility probability and assets value are calculated multiplies each other and obtains the probability that loses in the network system, and the probability multiplication that occurs in the network system losing in the possibility probability of loss and the network system is obtained value-at-risk.
6. the system of described Real-time Obtaining network risks value according to claim 5 is characterized in that described system also comprises:
Risk class is divided module, is used for the value-at-risk of obtaining, and calculates real-time risk class according to the data area of preserving in the pre-stored described system object relational model; Described system object relational model is 6 essential elements in this network system: the relational model of owner's element, operation flow element, application element, hardware elements, system element and architecture element.
7. the system of described Real-time Obtaining network risks value according to claim 5, it is characterized in that, described system also comprises the risk class display module, is used for carrying out the risk real-time early warning according to the size of value-at-risk, adopts different colors that the risk class that calculates is showed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102433332A CN103366244A (en) | 2013-06-19 | 2013-06-19 | Method and system for acquiring network risk value in real time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102433332A CN103366244A (en) | 2013-06-19 | 2013-06-19 | Method and system for acquiring network risk value in real time |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103366244A true CN103366244A (en) | 2013-10-23 |
Family
ID=49367536
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102433332A Pending CN103366244A (en) | 2013-06-19 | 2013-06-19 | Method and system for acquiring network risk value in real time |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103366244A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103619012A (en) * | 2013-12-02 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN106156627A (en) * | 2015-04-15 | 2016-11-23 | 中芯国际集成电路制造(上海)有限公司 | The treating method and apparatus of automatic information system leak risk |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN107239905A (en) * | 2017-06-08 | 2017-10-10 | 中国民航大学 | Onboard networks safety risk estimating method based on advanced AHP GCM |
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN108092985A (en) * | 2017-12-26 | 2018-05-29 | 厦门服云信息科技有限公司 | Network safety situation analysis method, device, equipment and computer storage media |
| CN110417772A (en) * | 2019-07-25 | 2019-11-05 | 浙江大华技术股份有限公司 | The analysis method and device of attack, storage medium, electronic device |
| CN110598959A (en) * | 2018-05-23 | 2019-12-20 | 中国移动通信集团浙江有限公司 | Asset risk assessment method and device, electronic equipment and storage medium |
| CN111567076A (en) * | 2018-01-12 | 2020-08-21 | 三星电子株式会社 | User terminal device, electronic device, system including the same, and control method |
| CN112749394A (en) * | 2020-12-11 | 2021-05-04 | 苏宁消费金融有限公司 | Consumption financial assessment method based on network risk value |
| CN112801453A (en) * | 2020-12-30 | 2021-05-14 | 哈尔滨工大天创电子有限公司 | Risk assessment method, device, terminal and storage medium |
| CN112862526A (en) * | 2021-02-04 | 2021-05-28 | 深圳迅策科技有限公司 | Big data financial asset real-time valuation method, device and readable medium |
| CN112905982A (en) * | 2021-01-19 | 2021-06-04 | 青岛至心传媒有限公司 | Internet-based E-commerce platform intrusion detection method and monitoring system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
| CN102930175A (en) * | 2012-03-28 | 2013-02-13 | 河海大学 | Assessment method for vulnerability of smart distribution network based on dynamic probability trend |
| CN103095730A (en) * | 2013-02-21 | 2013-05-08 | 健雄职业技术学院 | Information security risk assessment method based on fault tree and system thereof |
| CN103095485A (en) * | 2012-10-26 | 2013-05-08 | 中国航天科工集团第二研究院七〇六所 | Network risk assessment method based on combination of Bayesian algorithm and matrix method |
-
2013
- 2013-06-19 CN CN2013102433332A patent/CN103366244A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110214157A1 (en) * | 2000-09-25 | 2011-09-01 | Yevgeny Korsunsky | Securing a network with data flow processing |
| US20120185945A1 (en) * | 2004-03-31 | 2012-07-19 | Mcafee, Inc. | System and method of managing network security risks |
| CN102930175A (en) * | 2012-03-28 | 2013-02-13 | 河海大学 | Assessment method for vulnerability of smart distribution network based on dynamic probability trend |
| CN103095485A (en) * | 2012-10-26 | 2013-05-08 | 中国航天科工集团第二研究院七〇六所 | Network risk assessment method based on combination of Bayesian algorithm and matrix method |
| CN103095730A (en) * | 2013-02-21 | 2013-05-08 | 健雄职业技术学院 | Information security risk assessment method based on fault tree and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| APMG-INTERNATIONAL: "《OBASHI方法论》", 28 November 2012, article "元素和层" * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103619012A (en) * | 2013-12-02 | 2014-03-05 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN103619012B (en) * | 2013-12-02 | 2017-04-12 | 中国联合网络通信集团有限公司 | Method and system for security assessment of mobile internet |
| CN106576052B (en) * | 2014-08-13 | 2020-09-29 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in an industrial control environment |
| CN106576052A (en) * | 2014-08-13 | 2017-04-19 | 霍尼韦尔国际公司 | Analyzing cyber-security risks in industrial control environment |
| CN105844169A (en) * | 2015-01-15 | 2016-08-10 | 中国移动通信集团安徽有限公司 | Method and device for information safety metrics |
| CN106156627B (en) * | 2015-04-15 | 2019-12-03 | 中芯国际集成电路制造(上海)有限公司 | The treating method and apparatus of automatic information system loophole risk |
| CN106156627A (en) * | 2015-04-15 | 2016-11-23 | 中芯国际集成电路制造(上海)有限公司 | The treating method and apparatus of automatic information system leak risk |
| CN107239707A (en) * | 2017-06-06 | 2017-10-10 | 国家电投集团河南电力有限公司技术信息中心 | A kind of threat data processing method for information system |
| CN107239707B (en) * | 2017-06-06 | 2020-09-29 | 国家电投集团河南电力有限公司 | Threat data processing method for information system |
| CN107239905A (en) * | 2017-06-08 | 2017-10-10 | 中国民航大学 | Onboard networks safety risk estimating method based on advanced AHP GCM |
| CN108092985A (en) * | 2017-12-26 | 2018-05-29 | 厦门服云信息科技有限公司 | Network safety situation analysis method, device, equipment and computer storage media |
| CN108092985B (en) * | 2017-12-26 | 2021-04-06 | 厦门服云信息科技有限公司 | Network security situation analysis method, device, equipment and computer storage medium |
| CN111567076B (en) * | 2018-01-12 | 2024-05-10 | 三星电子株式会社 | User terminal device, electronic device, system including the same, and control method |
| CN111567076A (en) * | 2018-01-12 | 2020-08-21 | 三星电子株式会社 | User terminal device, electronic device, system including the same, and control method |
| CN110598959A (en) * | 2018-05-23 | 2019-12-20 | 中国移动通信集团浙江有限公司 | Asset risk assessment method and device, electronic equipment and storage medium |
| CN110417772A (en) * | 2019-07-25 | 2019-11-05 | 浙江大华技术股份有限公司 | The analysis method and device of attack, storage medium, electronic device |
| CN112749394A (en) * | 2020-12-11 | 2021-05-04 | 苏宁消费金融有限公司 | Consumption financial assessment method based on network risk value |
| CN112749394B (en) * | 2020-12-11 | 2022-08-02 | 苏宁消费金融有限公司 | Consumption financial assessment method based on network risk value |
| CN112801453A (en) * | 2020-12-30 | 2021-05-14 | 哈尔滨工大天创电子有限公司 | Risk assessment method, device, terminal and storage medium |
| CN112905982A (en) * | 2021-01-19 | 2021-06-04 | 青岛至心传媒有限公司 | Internet-based E-commerce platform intrusion detection method and monitoring system |
| CN112862526A (en) * | 2021-02-04 | 2021-05-28 | 深圳迅策科技有限公司 | Big data financial asset real-time valuation method, device and readable medium |
| CN112862526B (en) * | 2021-02-04 | 2024-01-12 | 深圳迅策科技有限公司 | Real-time valuation method, device and readable medium for big data financial assets |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103366244A (en) | Method and system for acquiring network risk value in real time | |
| US8700415B2 (en) | Method and system for determining effectiveness of a compliance program | |
| Setiyawati | The effect of internal accountants’ competence, managers’ commitment to organizations and the implementation of the internal control system on the quality of financial reporting | |
| Zhang et al. | Value of information analysis in civil and infrastructure engineering: a review | |
| Wood | EIA in plan making | |
| Kamal et al. | Risk factors influencing the building projects in Pakistan: from perspective of contractors, clients and consultants | |
| US9183527B1 (en) | Analyzing infrastructure data | |
| CN105868888A (en) | Software testing quality evaluation method | |
| JP2013092954A (en) | Management task support device, management task support method, and management task support system | |
| CN115034600A (en) | Early warning method and system for geological disaster monitoring | |
| Moreto et al. | Law enforcement monitoring in Uganda: The utility of official data and time/distance-based ranger efficiency measures | |
| Storesund et al. | Novel methodologies for analysing critical infrastructure resilience | |
| Alverbro et al. | Methods for risk analysis | |
| Ahmad et al. | Critical factors influencing the project success in Pakistan | |
| Egusquiza et al. | Multiscale information management for sustainable districts rehabilitation EFFESUS and FASUDIR projects | |
| CN115170993A (en) | AR acquisition and analysis-based on-site inspection method and system for waste gas treatment equipment | |
| Fowler | Measuring organization: Performance in environmental agencies | |
| Curt et al. | Approach to improving the quality of data used to analyse dams–illustrations by two methods | |
| Ferretti et al. | Quality assurance in international forest monitoring in Europe | |
| Tepavicharova | BENCHMARKING AS A TOOL TO INCREASE EFFICIENCY AND COMPETITIVENESS OF THE ORGANISATIONS | |
| Oliveira et al. | A composite indicator for supply chain performance measurement: a case study in a manufacturing company | |
| Zalatar et al. | Constructing a Composite Indicator for Manufacturing Companies Using Lean Metrics and Analytic Hierarchy Process | |
| Van Cauter | Government-to-government Information system failure in Flanders: an in-depth study | |
| Carriço et al. | The challenge of the digitalization of the water sector | |
| Sorbello et al. | Applications for intelligent water network systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Chi Xiaoning Inventor after: Wu Shenshui Inventor before: Wu Shenshui |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: WU SHENSHUI TO: CHI XIAONING WU SHENSHUI |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131023 |