CN103581155B - Information security Situation analysis method and system - Google Patents
Information security Situation analysis method and system Download PDFInfo
- Publication number
- CN103581155B CN103581155B CN201210282254.8A CN201210282254A CN103581155B CN 103581155 B CN103581155 B CN 103581155B CN 201210282254 A CN201210282254 A CN 201210282254A CN 103581155 B CN103581155 B CN 103581155B
- Authority
- CN
- China
- Prior art keywords
- index
- critical evaluation
- rate
- grades
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of information security Situation analysis method and system.Relate to Networks and information security technical field; Solve the problem of effectively carrying out information security management.The method comprises: according to KPI method determination one-level, secondary and three grades of critical evaluation indexs; The weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs is determined according to AHP method; According to the weight of described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system; Image data, according to described critical evaluation index system, analytical information security postures.Technical scheme provided by the invention is applicable to the network information security, achieves the analysis management to information security information.
Description
Technical field
The present invention relates to Networks and information security technical field, be specifically related to a kind of information security Situation analysis method in TCP/IP network and system.
Background technology
At present, along with the fast development of Internet and network application, network becomes people's indispensable part in work, living and studying gradually, simultaneously, be on the rise because network security problem becomes, people are more and more urgent and strong to the security requirement of information in network.Current, on Market of Information Safety Product, although the safety information products such as fire compartment wall, intrusion detection and anti-virus can provide certain security assurance information, but the confidence do not brought information security usefulness, in order to solve the two problems of information security that people are concerned about: information system whether safety.The safe coefficient of information system is how many.
In order to effectively carry out information security management, there has been proposed information security tolerance, security measure is by the security effectiveness of persistent collection measurand within a period of time, A+E is carried out according to assessment indicator system, with the consistent degree verifying the security strategy implemented and Security Target, the security effectiveness rank that can reach, and take measures on customs clearance Continual Improvement is carried out to information security.
Summary of the invention
The invention provides a kind of information security Situation analysis method and system, solve the problem of effectively carrying out information security management.
A kind of information security Situation analysis method, comprising:
One-level, secondary and three grades of critical evaluation indexs are determined according to KPI Key Performance Indicator method (KPI method);
The weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs is determined according to Hierarchy Analysis Method (AHP method);
According to the weight of described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system;
Image data, according to described critical evaluation index system, analytical information security postures.
Preferably, describedly to comprise according to KPI method determination one-level, secondary and three grades of critical evaluation indexs:
Total security postures index is chosen as one-level critical evaluation index according to KPI method;
Decompose described total security postures index, choose network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index as secondary critical evaluation index;
Secondary critical evaluation index described in decomposition, obtains three grades of critical evaluation indexs;
Described one-level, secondary and three grades of critical evaluation indexs are audited respectively according to KPI method;
Revise when needs are revised described one-level, secondary and three grades of critical evaluation indexs, not needing exporting described one-level, secondary and three grades of critical evaluation indexs when revising.
Preferably, the secondary critical evaluation index described in described decomposition, obtains three grades of critical evaluation indexs and comprises:
Choose the following sub-critical evaluation index of described network safety situation index as three grades of critical evaluation indexs:
Network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation attack blocking-up rate; With,
Choose the following sub-critical evaluation index of described Host Security situation index as three grades of critical evaluation indexs:
Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rates; With,
Choose the following sub-critical evaluation index of described terminal security situation index as three grades of critical evaluation indexs:
Terminal management software installation rate, terminal illegally access index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus cannot clearance rate, terminal patches upgrade compliance rate, terminal Trojan back door activity recall rate; With,
Choose the following sub-critical evaluation index of described application safety situation index as three grades of critical evaluation indexs:
PKIX (PKI) system registry rate, electronic document encryption software installation rate; With
Choose this sub-critical evaluation index of violation content recall rate of described data security situation index as three grades of critical evaluation indexs.
Preferably, the information of described one-level critical evaluation index and secondary critical evaluation index comprises: index name, index describe, unit of measurement, tolerance frequency, index weights, index value and computing time.
Preferably, describedly determine that the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs comprises according to AHP method:
The weight determining the total security postures of one-level critical evaluation index is 100 points;
According to the relative importance between AHP Measures compare secondary critical evaluation index, and determine the weight of each secondary critical evaluation index, the weight of described secondary critical evaluation index is as follows:
The weight of described network safety situation index is 20%, the weight of described Host Security situation index is 30%, the weight of described terminal security situation index is 30%, and the weight of described application safety situation index is 10%, and the weight of described data security situation index is 10%;
According to the relative importance between AHP Measures compare three grades of critical evaluation indexs, and determine the weight of each three grades of critical evaluation indexs, the weight of described three grades of critical evaluation indexs is as follows:
The weight of described network equipment security monitoring coverage rate is 25 points, the weight of described network equipment security baseline coincidence rate is 25 points, the weight of described network equipment excessive risk leak recall rate is 25 points, the weight that described Internet exportation attacks blocking-up rate is 25 points, the weight of described Host Security monitoring coverage percentage is 20 points, described host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot the weight of clearance rate be 10 points, the weight of described main frame excessive risk leak recall rate is 15 points, the weight of described main frame open service port leak recall rate is 10 points, the weight of described main frame wooden horse back door activity recall rate is 15 points, the weight of described terminal management software installation rate is 20 points, the initial weight that described terminal illegally accesses index is 10 points, the weight of described terminal anti-virus software installation rate is 20 points, the weight of described terminal virus base turnover rate is 15 points, described terminal virus cannot the weight of clearance rate be 10 points, the weight that described terminal patches upgrades compliance rate is 10 points, the weight of described terminal Trojan back door activity recall rate is 15 points, described PKI system registers the weight of rate as 50 points, the weight of described electronic document encryption software installation rate is 50 points, the weight of described violation content recall rate is 100 points, wherein, the weight that described terminal illegally accesses desired value can reduce 2 until being kept to till 0 when appearance terminal illegally accesses,
Audit the weight of each one-level, secondary and three grades of critical evaluation indexs according to AHP in accordance with the law, revise when needs are revised, not needing exporting described one-level, secondary and three grades of critical evaluation index weights when revising.
Preferably, the described weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, builds critical evaluation index system and comprises:
Determine the computational methods of each three grades of critical evaluation desired values, described computational methods are as follows:
The Data Source of described network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described network equipment excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described Internet exportation attack blocking-up rate index is the network log of the safety protection equipment being deployed in Internet exportation, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, are that the attack invasion class of public network IP and information are spied and calculated according to following formula with the cumulative number of malicious code class security incident according to source address
The Data Source of described Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Described Windows main frame virus cannot the Data Source of clearance rate index be Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season, year, and linear module is percentage, and its computational methods are within the statistics fixed time
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame wooden horse back door activity recall rate index is the daily record of IDS or IPS being deployed in Intranet Backbone Core switch, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, be Intranet terminal address section destination address be outer net address style according to source address be that information is spied and the worm of malicious code class/malicious code class/spyware event number, calculate according to following formula
The Data Source of described terminal management software installation rate index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source that described terminal illegally accesses index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is number of times, and its computational methods are within the statistics fixed time, the cumulative number of illegal access Intranet event.
The Data Source of described terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described terminal virus base turnover rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Described terminal virus cannot the Data Source of clearance rate index be Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source that described terminal patches upgrades compliance rate index is Terminal Security Management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described terminal Trojan back door activity recall rate index is the daily record of IDS or IPS being deployed in Intranet Backbone Core switch, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, be Intranet terminal address section destination address be outer net address style according to source address be that information spies the terminal quantity with the worm of malicious code class/malicious code class/spyware event, calculate according to following formula
The Data Source of described PKI system registration rate index is PKI management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described electronic document encryption software installation rate index is electronic document encryption system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described violation content recall rate index is internet behavior auditing system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Determine the relation of each three grades of critical evaluation indexs and each secondary critical evaluation index, the relation of described each three grades of critical evaluation desired values and each secondary critical evaluation desired value is as follows:
The relation of described network safety situation index and three grades of critical evaluation indexs is as following formula
Network safety situation index (100 points)=network equipment security monitoring coverage rate × 25 point+network equipment security baseline coincidence rate × 25 point+(1-network equipment excessive risk leak recall rate) × 25 points+Internet exportation attacks blocking-up rate × 25 point
The relation of described Host Security situation index and three grades of critical evaluation indexs is as following formula
Host Security situation index (100 points)=Host Security monitoring coverage percentage × 20 point+host antivirus software software installation rate × 20 point+main frame virus base turnover rate × 15 point+(1-main frame virus cannot clearance rate) × 10 points+(1-main frame excessive risk leak recall rate) × 15 points+(1-main frame open service port leak recall rate) × 10 points+(1-main frame wooden horse back door activity recall rate) × 15 points
The relation of described terminal security situation index and three grades of critical evaluation indexs is as following formula
Terminal security situation index (100 points)=terminal management software installation rate × 20 point+(terminal illegally accesses index and occurs buckleing 2 points 1 time, total score 10 points, till having detained)+terminal anti-virus software installation rate × 20 point+terminal virus base turnover rate × 15 point+terminal virus cannot upgrade compliance rate × 10 point+(1-terminal Trojan back door activity recall rate) × 15 points by clearance rate × 10 point+terminal patches
The relation of described application safety situation index and three grades of critical evaluation indexs is as following formula
Application safety situation index (100 points)=PKI system registration rate × 50 point+electronic document encryption software installation rate × 50 point,
The relation of described data security situation index and three grades of critical evaluation indexs is as following formula
Data security situation index (100 points)=violation content recall rate × 100 point;
Determine the relation of each secondary critical evaluation desired value and one-level critical evaluation desired value, this relation is as following formula:
Overall safety situation index (100 points)=network safety situation index × 20%+ Host Security situation index × 30%+ terminal security situation index × 30%+ application safety situation index × 10%+ data security situation index × 10%.
Preferably, described image data, according to described critical evaluation index system, after the step of analytical information security postures, also comprises:
The result of analytical information security postures is exported by external display device.
Present invention also offers a kind of information security Study on Trend system, comprising:
Selecting index module, for according to KPI method determination one-level, secondary and three grades of critical evaluation indexs;
Weight computation module, for determining the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs according to AHP method;
System management module, for the weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, builds critical evaluation index system;
Analysis evaluation module, for image data, according to the critical evaluation index system of described system management module structure, analytical information security postures.
Preferably, above-mentioned information security Study on Trend system also comprises:
Security postures display module, for exporting the result of analytical information security postures.
The invention provides a kind of information security Situation analysis method and system, according to KPI method determination one-level, secondary and three grades of critical evaluation indexs, described one-level is determined again according to AHP method, the weight of each critical evaluation index in secondary and three grades of critical evaluation indexs, then according to described one-level, the weight of secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system, like this, just can when this work of system image data, according to described critical evaluation index system, analytical information security postures, considering the parameter relating to information security while comprehensively, influence degree difference with reference to each parameter obtains the weight of each parameter, comprehensively comprehensively consider information security situation, solve the problem of effectively carrying out information security management.
Accompanying drawing explanation
Fig. 1 is the networking schematic diagram of information security situation evaluation system in TCP/IP network in embodiments of the invention;
Fig. 2 is the flow process of a kind of information security Situation analysis method that embodiments of the invention one provide;
Fig. 3 is the flow chart that in embodiments of the invention one, step 201 carries out information security situation critical evaluation selecting index;
Fig. 4 is that in embodiments of the invention one, step 202 carries out the flow chart that information security situation critical evaluation index weights determines;
Fig. 5 is the schematic diagram that in embodiments of the invention one, step 203 carries out information security situation critical evaluation index system establishment;
Fig. 6 is a kind of information security situation evaluation system structural representation that embodiments of the invention two provide;
Fig. 7 is the workflow diagram of embodiments of the invention two information security situation evaluation system;
Fig. 8 is the structural representation of a kind of information security Study on Trend system that embodiments of the invention three provide.
Embodiment
In order to effectively carry out information security management, The embodiment provides a kind of information security Situation analysis method and system.Hereinafter will be described in detail to embodiments of the invention by reference to the accompanying drawings.It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combination in any mutually.
In order to better, the technical scheme that embodiments of the invention provide is described, first KPI Key Performance Indicator method (KeyPerformanceIndicator, KPI) and AHP method is introduced.
KPI is that corporate strategy realizes the basis with performance management, that the strategic objective of enterprise is decomposed into can the instrument of operational objective, be undertaken arranging by the input of a certain flow process of enterprises, the key parameter of output, sample, calculate, analyze, weigh a kind of target formula weight management method of flow process performance.KPI emphasizes " key ", and it is it is emphasised that successfully have the aspect of material impact to enterprise, and reflection effectively can affect the Key driving factors of Value Creation.KPI index is set and must follows two principles, be i.e. SMART principle and " sixteen " principle.SMART principle is requirement performance indicators must be clear and definite (Specific), measurable (Measurable), attainable (Attainable), correlation (Relevant) and have (Time-bound) in time limit." sixteen " principle, namely in the process of producing value of an enterprise, also exists the rule of " 20/80 ", and namely the backbone cabal of 20% creates the value of enterprise 80%; And each employee with it " sixteen principles " applicable equally, namely the task of 80% is completed by the critical behavior of 20%.Therefore, the critical behavior of 20% must be caught, it is analyzed and weighs, so just can catch the emphasis of performance appraisal.
After KPI index is set up, the significance level of each index can not be identical, and the impact difference produced real work is comparatively large, and this just needs to utilize rational method to give each index corresponding weight, reflects performance appraisal result with more scientific.Analytic hierarchy process (AHP) (AnalyticHierarchyProcess, AHP) be a kind of common method of setting target weight, it is a kind of easy, flexible and practical criteria decision-making method qualitative question being carried out to quantitative analysis, its basic thought is judged to change into carry out " comparing between two " these elements the entirety of multiple element weights of composition challenge, to determine the relative importance of factors in level, and then transfer to and sequence is carried out to the overall weight of these elements judge, final weight of establishing each element.
The information security situation critical evaluation index using KPI and AHP method to determine and weight thereof can be consistent with Security Target, objective, accurate, and percentage value or score value linear module can be used to measure.The evaluation system that corresponding critical evaluation index system realizes can truly reflect information security situation, and effectively can promote the improvement of safety guarantee work.
Below in conjunction with accompanying drawing, embodiments of the invention one are described.
The embodiment provides a kind of information security Situation analysis method, the critical evaluation index of information security situation is chosen according to KPI method, according to AHP method determination critical evaluation index weights, synthesis critical evaluation index system, management critical evaluation index system, image data, analyzes, evaluates and show security postures, and in audit of information security platform, achieve the evaluation system of information security situation, make it possible to objective, accurate, automatically and continuously evaluation information security postures.
In TCP/IP, the networking structure of information security situation evaluation system as shown in Figure 1.Wherein,
Local area network (LAN), comprises all collected object-based devices, wherein has the network equipment, Network Security Device, main frame and terminal.The network equipment comprises router and switch; Network Security Device comprises fire compartment wall, VPN, Network anti-virus system and intruding detection system etc.; Main frame comprises Web server, mail server and file server etc.; Terminal comprises personal computer and self-aided terminal.
Information security situation evaluation system, for the information security situation in assay local area network (LAN), for local area network (LAN) provides the information security situation of quantisation metric.Wherein critical evaluation index system management equipment completes the setting of critical evaluation index and weight and the structure of critical evaluation index system, data acquisition equipment completes the collection of data, the A+E that assay equipment hits the target, situation presentation device completes information security situation to be shown, information bank equipment completes the storage of critical evaluation index system information and image data;
Internet, comprises router, can transmit and routing network traffic.
Embodiments provide a kind of information security Situation analysis method, use the method to complete the flow process of information security Study on Trend as shown in Figure 2, comprising:
Step 201, according to KPI method determination one-level, secondary and three grades of critical evaluation indexs;
Be described in further detail with reference to the flow process of choosing of the flow chart shown in Fig. 3 to information security situation critical evaluation index, comprise the following steps:
Step 301, formulate clear and definite information security evaluation objective for quantitative and automated manner evaluation information security postures;
Step 302, based on this target, evaluation index type is defined as technical security supportability index, and evaluation index type comprises technical security supportability index and Administrative Security supportability index;
Step 303, choose total security postures index as one-level critical evaluation index according to KPI method;
Step 304, decompose total security postures index, choosing network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index is secondary critical evaluation index;
Step 305, decomposition secondary safety situation index, choose secondary critical evaluation index and be respectively:
Choose network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation attack the sub-critical evaluation index that blocking-up rate is network safety situation index;
Choose Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rate be the sub-critical evaluation index of Host Security situation index;
Choose terminal management software installation rate, terminal illegally accesses index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus clearance rate, terminal patches cannot upgrade the sub-critical evaluation index that compliance rate, terminal Trojan back door activity recall rate are terminal security situation index;
Choose PKI system and register rate, electronic document encryption software installation rate as the sub-critical evaluation index of application safety situation index;
Choosing content recall rate is in violation of rules and regulations the sub-critical evaluation index of data security situation index;
Step 306, audit one-level, secondary and three grades of critical evaluation indexs respectively according to KPI method, if desired revise, revise corresponding critical evaluation index, revise if do not need, terminate.
Step 202, determine the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs according to AHP method;
With reference to the flow chart shown in Fig. 4 to determining that the flow process of critical evaluation index weights is described in further detail.Comprise the following steps:
Step 401, the weight determining the total security postures of one-level critical evaluation index are 100 points;
Step 402, according to the relative importance between AHP Measures compare secondary critical evaluation index, and determine weight, can show that secondary critical evaluation index weights is for as listed in table 1.
Table 1 secondary critical evaluation index weights
| Index name | Index value | Index name | Index value 8--> |
| Network safety situation | 20% | Application safety situation | 10% |
| Host Security situation | 30% | Data security situation | 10% |
| Terminal security situation | 30% |
Step 403, according to the relative importance between AHP Measures compare three grades of critical evaluation indexs, and determine weight, can be derived as listed in table 2.
Table 2 three grades of critical evaluation index weights
Step 404, audit each critical evaluation index weights according to AHP method, if desired revise, revise corresponding critical evaluation index weights, revise if do not need, terminate.
Step 203, weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system;
With reference to Fig. 5, information security situation critical evaluation index system in the embodiment of the present invention is elaborated:
Fig. 5 has carried out determining to the information security situation critical evaluation index in the embodiment of the present invention and weight thereof and has synthesized critical evaluation index system according to incidence relation.Wherein define the relation of the relation of one-level and secondary critical evaluation index, secondary and three grades of critical evaluation indexs and the acquisition methods of three grades of critical evaluation indexs.Specific as follows:
1, the relation of one-level and secondary critical evaluation index:
Overall safety situation index (100 points)=network safety situation index × 20%+ Host Security situation index × 30%+ terminal security situation index × 30%+ application safety situation index × 10%+ data security situation index × 10%.
2, the relation of secondary critical evaluation index and three grades of critical evaluation indexs:
Network safety situation index (100 points)=network equipment security monitoring coverage rate × 25 point+network equipment security baseline coincidence rate × 25 point+(1-network equipment excessive risk leak recall rate) × 25 points+Internet exportation attacks blocking-up rate × 25 point;
Host Security situation index (100 points)=Host Security monitoring coverage percentage × 20 point+host antivirus software software installation rate × 20 point+main frame virus base turnover rate × 15 point+(1-main frame virus cannot clearance rate) × 10 points+(1-main frame excessive risk leak recall rate) × 15 points+(1-main frame open service port leak recall rate) × 10 points+(1-main frame wooden horse back door activity recall rate) × 15 points
Terminal security situation index (100 points)=terminal management software installation rate × 20 point+(terminal illegally accesses index and occurs buckleing 2 points 1 time, total score 10 points, till having detained)+terminal anti-virus software installation rate × 20 point+terminal virus base turnover rate × 15 point+terminal virus cannot upgrade compliance rate × 10 point+(1-terminal Trojan back door activity recall rate) × 15 points by clearance rate × 10 point+terminal patches;
Application safety situation index (100 points)=PKI system registration rate × 50 point+electronic document encryption software installation rate × 50 point;
Data security situation index (100 points)=violation content recall rate × 100 point.
3, the computational methods of three grades of critical evaluation indexs:
The Data Source of network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of network equipment excessive risk leak recall rate index is vulnerability scanning system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of Internet exportation attack blocking-up rate index is the network log (fire compartment wall, IPS etc.) of the safety protection equipment being deployed in Internet exportation, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, its computational methods are within the statistics fixed time, source address is that class is invaded in the attack of public network IP and information is spied and malicious code class security incident cumulative number, calculates according to following formula:
The Data Source of Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
Main frame virus cannot the Data Source of clearance rate index be Network anti-virus system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of main frame wooden horse back door activity recall rate index is the daily record of IDS or IPS being deployed in Intranet Backbone Core switch, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address be Intranet terminal address section, destination address is outer net address, type is that information spies the host number with the worm of malicious code class/malicious code class/spyware event, calculate according to following formula:
The Data Source of terminal management software installation rate index is terminal management system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source that terminal illegally accesses index is terminal management system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is number of times, and its computational methods are within the statistics fixed time, the cumulative number of illegal access Intranet event;
The Data Source of terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of terminal virus base turnover rate index is Network anti-virus system and terminal management system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
Terminal virus cannot the Data Source of clearance rate index be Network anti-virus system and terminal management system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source that terminal patches upgrades compliance rate index is Terminal Security Management system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of terminal Trojan back door activity recall rate index is the daily record of IDS or IPS being deployed in Intranet Backbone Core switch, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address be Intranet terminal address section, destination address is outer net address, type is that information spies the terminal quantity with the worm of malicious code class/malicious code class/spyware event, calculate according to following formula:
The Data Source of PKI system registration rate index is PKI management system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of electronic document encryption software installation rate index is electronic document encryption system, tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
The Data Source of content recall rate index is internet behavior auditing system in violation of rules and regulations, and tolerance frequency is defaulted as the moon, can according to being adjusted to season, year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time:
Step 204, image data, according to described critical evaluation index system, analytical information security postures;
Step 205, exported the result of analytical information security postures by external display device;
In this step, export the result of analytical information security postures by the equipment such as display or printer, this result is supplied to user.
Main frame involved in the embodiment of the present invention can be but be not limited to Windows main frame.
Below in conjunction with accompanying drawing, embodiments of the invention two are described.
Embodiments provide a kind of information security situation evaluation system, Fig. 6 is explained in detail information security situation evaluation system structure in the embodiment of the present invention:
Information security situation evaluation system comprises critical evaluation index system administration module, data acquisition module, analysis evaluation module, security postures display module and information bank.
Information bank comprises critical evaluation index system information bank, image data information bank;
Critical evaluation index system administration module comprises critical evaluation setup measures module, critical evaluation index weights arranges module and critical evaluation index system synthesis module.
In order to make those skilled in the art person understand the present invention better, below in conjunction with the flow chart shown in Fig. 7, the present invention is described in further detail.Comprise the following steps:
Step 701, configuration information security postures critical evaluation index system, be specially: in critical evaluation index system administration module, arrange the information of critical evaluation index and synthesize critical evaluation index system, the information of critical evaluation index comprises index name, index description, unit of measurement, tolerance frequency, index weights, index value and computing time;
Step 702, in data acquisition module according to setting data collection cycle, periodically gather the daily record and the scanning information that comprise network security, Host Security, terminal security, application safety and data security, image data comprises image data title, image data description, image data numerical value, image data source and acquisition time;
Step 703, in A+E module, A+E is carried out to information security situation;
Step 704, in display module with figure and numeric form real-time exhibition, or show user after generating report forms.
Be described further below by the above-mentioned flow process of an application example to Fig. 7.
Such as:
Each achievement data in critical evaluation index system is as the explanation of Fig. 4, and the data collected in 1 month are as listed by table 4.
The data list collected in table 41 month
Show that three grades of critical evaluation refer to that target value is for listed by such as table 5 according to computational methods.
Table 5 three grades of critical evaluation desired values
According to critical evaluation index system, can show that secondary and one-level critical evaluation refer to that target value is as shown in table 6.
Table 6 secondary and one-level evaluation index value
| Index name | Desired value | Index name | Desired value |
| Network safety situation | 89.5 points | Terminal security situation | 61 points |
| Host Security situation | 93.75 points | Application safety situation | 40 points |
| Data security situation | 75 points | Total security postures | 75.8 points |
If total security postures to be divided into 4 grades, be respectively normal (85-100), mile abnormality (70-85), moderate abnormal (55-70), Height Anomalies (< 55), evaluation system assay then through information security situation shows that the total information security postures within this month is mile abnormality, by the form summary of panel board, block diagram, list or form and can show user in detail.
Below in conjunction with accompanying drawing, embodiments of the invention three are described.
Embodiments provide a kind of information security Study on Trend system, can combine with a kind of information security Situation analysis method that embodiments of the invention one provide, jointly complete effective information security management, this system configuration as shown in Figure 8, comprising:
Selecting index module 801, for according to KPI method determination one-level, secondary and three grades of critical evaluation indexs;
Weight computation module 802, for determining the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs according to AHP method;
System management module 803, for the weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, builds critical evaluation index system;
Analysis evaluation module 804, for image data, according to the critical evaluation index system that described system management module 803 constructs, analytical information security postures.
Preferably, this system also comprises security postures display module 805, for exporting the result of analytical information security postures.
The embodiment provides a kind of information situation safety method and system, according to KPI method determination one-level, secondary and three grades of critical evaluation indexs, described one-level is determined again according to AHP method, the weight of each critical evaluation index in secondary and three grades of critical evaluation indexs, then according to described one-level, the weight of secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system, like this, just can when this work of system image data, according to described critical evaluation index system, analytical information security postures, considering the parameter relating to information security while comprehensively, influence degree difference with reference to each parameter obtains the weight of each parameter, comprehensively comprehensively consider information security situation, solve the problem of effectively carrying out information security management.
One of ordinary skill in the art will appreciate that all or part of step of above-described embodiment can use computer program flow process to realize, described computer program can be stored in a computer-readable recording medium, described computer program (as system, unit, device etc.) on corresponding hardware platform performs, when performing, step comprising embodiment of the method one or a combination set of.
Alternatively, all or part of step of above-described embodiment also can use integrated circuit to realize, and these steps can be made into integrated circuit modules one by one respectively, or the multiple module in them or step are made into single integrated circuit module to realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Each device/functional module/functional unit in above-described embodiment can adopt general calculation element to realize, and they can concentrate on single calculation element, also can be distributed on network that multiple calculation element forms.
Each device/functional module/functional unit in above-described embodiment using the form of software function module realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.The above-mentioned computer read/write memory medium mentioned can be read-only memory, disk or CD etc.
Anyly be familiar with those skilled in the art in the technical scope that the present invention discloses, change can be expected easily or replace, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range described in claim.
Claims (8)
1. an information security Situation analysis method, is characterized in that, comprising:
According to KPI Key Performance Indicator KPI method determination one-level, secondary and three grades of critical evaluation indexs;
The weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs is determined according to step analysis AHP method;
According to the weight of described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, build critical evaluation index system;
Image data, according to described critical evaluation index system, analytical information security postures;
Describedly to comprise according to KPI method determination one-level, secondary and three grades of critical evaluation indexs:
Total security postures index is chosen as one-level critical evaluation index according to KPI method;
Decompose described total security postures index, choose network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index as secondary critical evaluation index;
Secondary critical evaluation index described in decomposition, obtains three grades of critical evaluation indexs;
Described one-level, secondary and three grades of critical evaluation indexs are audited respectively according to KPI method;
Revising when needs are revised described one-level, secondary and three grades of critical evaluation indexs, exporting described one-level, secondary and three grades of critical evaluation indexs when not needing to revise.
2. information security Situation analysis method according to claim 1, is characterized in that, the secondary critical evaluation index described in described decomposition, obtains three grades of critical evaluation indexs and comprises:
Choose the following sub-critical evaluation index of described network safety situation index as three grades of critical evaluation indexs:
Network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation attack blocking-up rate; With,
Choose the following sub-critical evaluation index of described Host Security situation index as three grades of critical evaluation indexs:
Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rates; With,
Choose the following sub-critical evaluation index of described terminal security situation index as three grades of critical evaluation indexs:
Terminal management software installation rate, terminal illegally access index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus cannot clearance rate, terminal patches upgrade compliance rate, terminal Trojan back door activity recall rate; With,
Choose the following sub-critical evaluation index of described application safety situation index as three grades of critical evaluation indexs:
PKIX PKI system registration rate, electronic document encryption software installation rate; With
Choose this sub-critical evaluation index of violation content recall rate of described data security situation index as three grades of critical evaluation indexs.
3. information security Situation analysis method according to claim 2, it is characterized in that, the information of described one-level critical evaluation index and secondary critical evaluation index comprises: index name, index describe, unit of measurement, tolerance frequency, index weights, index value and computing time.
4. information security Situation analysis method according to claim 2, is characterized in that, describedly determines that the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs comprises according to AHP method:
The weight determining the total security postures of one-level critical evaluation index is 100 points;
According to the relative importance between AHP Measures compare secondary critical evaluation index, and determine the weight of each secondary critical evaluation index, the weight of described secondary critical evaluation index is as follows:
The weight of described network safety situation index is 20%, the weight of described Host Security situation index is 30%, the weight of described terminal security situation index is 30%, and the weight of described application safety situation index is 10%, and the weight of described data security situation index is 10%;
According to the relative importance between AHP Measures compare three grades of critical evaluation indexs, and determine the weight of each three grades of critical evaluation indexs, the weight of described three grades of critical evaluation indexs is as follows:
The weight of described network equipment security monitoring coverage rate is 25 points, the weight of described network equipment security baseline coincidence rate is 25 points, the weight of described network equipment excessive risk leak recall rate is 25 points, the weight that described Internet exportation attacks blocking-up rate is 25 points, the weight of described terminal management software installation rate is 20 points, the initial weight that described terminal illegally accesses index is 10 points, the weight of described terminal anti-virus software installation rate is 20 points, the weight of described terminal virus base turnover rate is 15 points, described terminal virus cannot the weight of clearance rate be 10 points, the weight that described terminal patches upgrades compliance rate is 10 points, the weight of described terminal Trojan back door activity recall rate is 15 points, described PKI system registers the weight of rate as 50 points, the weight of described electronic document encryption software installation rate is 50 points, the weight of described violation content recall rate is 100 points, wherein, the weight that described terminal illegally accesses desired value can reduce 2 until being kept to till 0 when appearance terminal illegally accesses,
Auditing the weight of each one-level, secondary and three grades of critical evaluation indexs according to AHP method, revise when needs are revised, exporting described one-level, secondary and three grades of critical evaluation index weights when not needing to revise.
5. information security Situation analysis method according to claim 4, is characterized in that, the described weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, builds critical evaluation index system and comprises:
Determine the computational methods of each three grades of critical evaluation desired values, described computational methods are as follows:
The Data Source of described network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described network equipment excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described Internet exportation attack blocking-up rate index is the network log of the safety protection equipment being deployed in Internet exportation, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, are that the attack invasion class of public network IP and information are spied and calculated according to following formula with the cumulative number of malicious code class security incident according to source address
The Data Source of described Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Described main frame virus cannot the Data Source of clearance rate index be Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season, year, and linear module is percentage, and its computational methods are within the statistics fixed time
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, and tolerance frequency is defaulted as the moon, can according to being adjusted to season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described main frame wooden horse back door activity recall rate index is deployed in the intruding detection system IDS of Intranet Backbone Core switch or the daily record of intrusion prevention system IPS, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, be Intranet terminal address section destination address be outer net address style according to source address be that information is spied and the worm of malicious code class/malicious code class/spyware event number, calculate according to following formula
The Data Source of described terminal management software installation rate index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source that described terminal illegally accesses index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is number of times, and its computational methods are within the statistics fixed time, the cumulative number of illegal access Intranet event,
The Data Source of described terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described terminal virus base turnover rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Described terminal virus cannot the Data Source of clearance rate index be Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source that described terminal patches upgrades compliance rate index is Terminal Security Management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described terminal Trojan back door activity recall rate index is the daily record of IDS or IPS being deployed in Intranet Backbone Core switch, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, be Intranet terminal address section destination address be outer net address style according to source address be that information spies the terminal quantity with the worm of malicious code class/malicious code class/spyware event, calculate according to following formula
The Data Source of described PKI system registration rate index is PKI management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described electronic document encryption software installation rate index is electronic document encryption system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
The Data Source of described violation content recall rate index is internet behavior auditing system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods calculate according to following formula within the statistics fixed time
Determine the relation of each three grades of critical evaluation indexs and each secondary critical evaluation index, the relation of described each three grades of critical evaluation desired values and each secondary critical evaluation desired value is as follows:
The relation of described network safety situation index and three grades of critical evaluation indexs is as following formula
Network safety situation index (100 points)=network equipment security monitoring coverage rate × 25 point+network equipment security baseline coincidence rate × 25 point+(1-network equipment excessive risk leak recall rate) × 25 points+Internet exportation attacks blocking-up rate × 25 point
The relation of described terminal security situation index and three grades of critical evaluation indexs is as following formula
Terminal security situation index (100 points)=terminal management software installation rate × 20 point+(terminal illegally accesses index and occurs buckleing 2 points 1 time, total score 10 points, till having detained)+terminal anti-virus software installation rate × 20 point+terminal virus base turnover rate × 15 point+terminal virus cannot upgrade compliance rate × 10 point+(1-terminal Trojan back door activity recall rate) × 15 points by clearance rate × 10 point+terminal patches
The relation of described application safety situation index and three grades of critical evaluation indexs is as following formula
Application safety situation index (100 points)=PKI system registration rate × 50 point+electronic document encryption software installation rate × 50 point,
The relation of described data security situation index and three grades of critical evaluation indexs is as following formula
Data security situation index (100 points)=violation content recall rate × 100 point;
Determine the relation of each secondary critical evaluation desired value and one-level critical evaluation desired value, this relation is as following formula:
Overall safety situation index (100 points)=network safety situation index × 20%+ Host Security situation index × 30%+ terminal security situation index × 30%+ application safety situation index × 10%+ data security situation index × 10%.
6. information security Situation analysis method according to claim 1, is characterized in that, described image data, according to described critical evaluation index system, after the step of analytical information security postures, also comprises:
The result of analytical information security postures is exported by external display device.
7. an information security Study on Trend system, is characterized in that, comprising:
Selecting index module, for according to KPI Key Performance Indicator KPI method determination one-level, secondary and three grades of critical evaluation indexs;
Weight computation module, for determining the weight of each critical evaluation index in described one-level, secondary and three grades of critical evaluation indexs according to step analysis AHP method;
System management module, for the weight according to described one-level, secondary and three grades of critical evaluation indexs and each critical evaluation index, builds critical evaluation index system;
Analysis evaluation module, for image data, according to the critical evaluation index system of described system management module structure, analytical information security postures;
Describedly to comprise according to KPI method determination one-level, secondary and three grades of critical evaluation indexs:
Total security postures index is chosen as one-level critical evaluation index according to KPI method;
Decompose described total security postures index, choose network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index as secondary critical evaluation index;
Secondary critical evaluation index described in decomposition, obtains three grades of critical evaluation indexs;
Described one-level, secondary and three grades of critical evaluation indexs are audited respectively according to KPI method;
Revising when needs are revised described one-level, secondary and three grades of critical evaluation indexs, exporting described one-level, secondary and three grades of critical evaluation indexs when not needing to revise.
8. information security Study on Trend system according to claim 7, it is characterized in that, this system also comprises:
Security postures display module, for exporting the result of analytical information security postures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210282254.8A CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210282254.8A CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103581155A CN103581155A (en) | 2014-02-12 |
| CN103581155B true CN103581155B (en) | 2016-04-27 |
Family
ID=50052090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210282254.8A Active CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103581155B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9288221B2 (en) * | 2014-01-14 | 2016-03-15 | Pfu Limited | Information processing apparatus, method for determining unauthorized activity and computer-readable medium |
| CN104243478A (en) * | 2014-09-19 | 2014-12-24 | 中国联合网络通信集团有限公司 | Safety protection capability assessment method and equipment of network equipment |
| CN104270372B (en) * | 2014-10-11 | 2017-07-14 | 国家电网公司 | A kind of network safety situation quantitative estimation method of parameter adaptive |
| CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
| CN106713233B (en) * | 2015-11-13 | 2020-04-14 | 国网智能电网研究院 | Network security state judging and protecting method |
| CN105260963A (en) * | 2015-11-13 | 2016-01-20 | 苏州中科知图信息科技有限公司 | Subject accomplishment evaluation system |
| CN106295356A (en) * | 2016-08-24 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Host Security rank statistical method based on SSR product |
| CN107508789B (en) * | 2017-06-29 | 2020-04-07 | 北京北信源软件股份有限公司 | Abnormal data identification method and device |
| CN107454105B (en) * | 2017-09-15 | 2020-09-08 | 北京理工大学 | Multidimensional network security assessment method based on AHP and grey correlation |
| CN108449345B (en) * | 2018-03-22 | 2022-01-18 | 深信服科技股份有限公司 | Network asset continuous safety monitoring method, system, equipment and storage medium |
| CN108802331A (en) * | 2018-05-29 | 2018-11-13 | 深圳源广安智能科技有限公司 | Soil quality safety monitoring system |
| CN108881179A (en) * | 2018-05-29 | 2018-11-23 | 深圳大图科创技术开发有限公司 | Transmission line of electricity applied to smart grid reliably monitors system |
| CN109117449B (en) * | 2018-07-27 | 2022-04-15 | 武汉文网亿联科技有限公司 | Method for measuring and calculating Internet bar installation rate based on nonlinear least square model |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109547242A (en) * | 2018-11-15 | 2019-03-29 | 北京计算机技术及应用研究所 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
| CN110365706A (en) * | 2019-08-01 | 2019-10-22 | 杭州安恒信息技术股份有限公司 | Multi-judgement identity network safety method, apparatus and system |
| CN110796382A (en) * | 2019-11-01 | 2020-02-14 | 浙江省人民医院 | Assessment analysis method and system applied to nursing subject |
| CN111262734A (en) * | 2020-01-13 | 2020-06-09 | 北京工业大学 | Network security event emergency processing method |
| CN113518059B (en) * | 2020-04-10 | 2023-04-28 | 广州亚信技术有限公司 | Network License start-stop control method and device |
| CN113992337B (en) * | 2020-07-09 | 2024-01-26 | 台众计算机股份有限公司 | Information security management system of multi-information security software |
| CN113127882B (en) * | 2021-04-23 | 2023-06-09 | 杭州安恒信息安全技术有限公司 | Terminal safety protection method, device, equipment and readable storage medium |
| CN115664695B (en) * | 2022-08-26 | 2023-11-17 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method for network space security situation based on two-dimensional code reflection |
| CN116962093B (en) * | 2023-09-21 | 2023-12-15 | 江苏天创科技有限公司 | Information transmission security monitoring method and system based on cloud computing |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620701A (en) * | 2009-05-14 | 2010-01-06 | 北京东方文骏软件科技有限责任公司 | Application of KPI analysis in income guarantee system of telecommunication industry based on stratification method |
-
2012
- 2012-08-08 CN CN201210282254.8A patent/CN103581155B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620701A (en) * | 2009-05-14 | 2010-01-06 | 北京东方文骏软件科技有限责任公司 | Application of KPI analysis in income guarantee system of telecommunication industry based on stratification method |
Non-Patent Citations (3)
| Title |
|---|
| 信息系统规划阶段风险评估模型;刘楠;《中国优秀硕士学位论文全文数据库 经济与管理科学辑》;20070430(第4期);摘要,第47页,第53页,第55页 * |
| 基于模糊综合评判理论的电力信息系统安全风险评估模型及应用;梁丁相等;《电力系统保护与控制》;20090301;第37卷(第5期);第61-64页 * |
| 开放可伸缩的信息安全管理测量评价体系;郭锡泉等;《计算机工程与设计》;20120430;第33卷(第4期);第1275-1279页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103581155A (en) | 2014-02-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103581155B (en) | Information security Situation analysis method and system | |
| Kumar et al. | Adversarial machine learning-industry perspectives | |
| Karie et al. | A review of security standards and frameworks for IoT-based smart environments | |
| US20160119373A1 (en) | System and method for automatic calculation of cyber-risk in business-critical applications | |
| Ransbotham et al. | Choice and chance: A conceptual model of paths to information security compromise | |
| Floyd et al. | Mining hospital data breach records: Cyber threats to us hospitals | |
| Mellado et al. | A comparison of software design security metrics | |
| US11973788B2 (en) | Continuous scoring of security controls and dynamic tuning of security policies | |
| US20190222598A1 (en) | Digital auditing system and method for detecting unauthorized activities on websites | |
| CN116074843B (en) | Zero trust security trusted audit method for 5G dual-domain private network | |
| Wang | Statistical techniques for network security: modern statistically-based intrusion detection and protection: modern statistically-based intrusion detection and protection | |
| Spring et al. | Towards improving CVSS | |
| Tok et al. | Identifying threats, cybercrime and digital forensic opportunities in Smart City Infrastructure via threat modeling | |
| Vache | Vulnerability analysis for a quantitative security evaluation | |
| Breier | Security evaluation model based on the score of security mechanisms | |
| Brancik | Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks | |
| Aime et al. | AMBRA: automated model-based risk analysis | |
| István | Basic of cybersecurity penetration test | |
| Qi et al. | Dynamic Assessment and VaR-Based Quantification of Information Security Risk | |
| AlSadhan et al. | Leveraging information security continuous monitoring for cyber defense | |
| Okul et al. | A review on cyber risk management | |
| Ambika | Precise risk assessment and management | |
| Barik et al. | Analysis and forecasting of cybercrime incident in India | |
| Prins | The measurement of cybersecurity awareness in an industrial control systems company | |
| Rao et al. | Cross-Site Request Forgery as an Example of Machine Learning for Web Vulnerability Detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |