CN109167786B - Information security risk management system - Google Patents

Information security risk management system Download PDF

Info

Publication number
CN109167786B
CN109167786B CN201811023060.XA CN201811023060A CN109167786B CN 109167786 B CN109167786 B CN 109167786B CN 201811023060 A CN201811023060 A CN 201811023060A CN 109167786 B CN109167786 B CN 109167786B
Authority
CN
China
Prior art keywords
information
threat
risk
module
security risk
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811023060.XA
Other languages
Chinese (zh)
Other versions
CN109167786A (en
Inventor
刘威
罗杰雄
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Power Supply Bureau Co Ltd
Original Assignee
Shenzhen Power Supply Bureau Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Power Supply Bureau Co Ltd filed Critical Shenzhen Power Supply Bureau Co Ltd
Priority to CN201811023060.XA priority Critical patent/CN109167786B/en
Publication of CN109167786A publication Critical patent/CN109167786A/en
Application granted granted Critical
Publication of CN109167786B publication Critical patent/CN109167786B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • H04L41/147Network analysis or design for predicting network behaviour
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides an information security risk management system, which comprises an information acquisition module, an information analysis module, a risk evaluation module, a risk prediction module and a risk control module, the information acquisition module is used for acquiring basic information in an information network, the information analysis module is used for carrying out preliminary analysis on the acquired basic information, so as to complete the identification of the risk and send the analyzed data to a risk evaluation module, the risk evaluation module carries out information security risk evaluation on the information network to generate a historical information security risk evaluation result, the risk prediction module is used for analyzing the historical information security risk assessment result, finding out the time law of information security risk development, and predicting the future information security risk, wherein the risk control module carries out security precaution according to the prediction result obtained by the risk prediction module. Has the advantages that: the information security risk management system is provided, and effective prevention of information security risks is achieved.

Description

Information security risk management system
Technical Field
The invention relates to the technical field of information security, in particular to an information security risk management system.
Background
Since the internet came out, the economy, culture and life of human beings have changed over the ground. People can communicate with people in different regions at any time; the shopping cart can be delivered to the door without going out of the house, shopping, sitting and the like; people away from home can know everything in the house through remote monitoring; huge transnational enterprises can organize the globally distributed service backbones together to carry out conferences through video conferences; the business traffic between enterprises is always mouse-operated, and a mail is easy to make. The internet not only provides various conveniences to people, but also changes and promotes the development of the whole society.
The network brings an epoch-making revolution to the human society, and meanwhile, the brought risks are inevitable. One can do so only to minimize the risk and accept the risk to some extent. For this reason, risk management techniques have been developed.
Disclosure of Invention
In view of the above problems, the present invention is directed to an information security risk management system.
The purpose of the invention is realized by adopting the following technical scheme:
the information security risk management system comprises an information acquisition module, an information analysis module, a risk evaluation module, a risk prediction module and a risk control module, wherein the information acquisition module is used for acquiring basic information in an information network, the information analysis module is used for carrying out primary analysis on the acquired basic information so as to complete risk identification, and sending the analyzed data to the risk evaluation module, the risk evaluation module is used for carrying out information security risk evaluation on the information network to generate a historical information security risk evaluation result, the risk prediction module is used for analyzing the historical information security risk evaluation result, discovering the time law of information security risk development and predicting future information security risks, and the risk control module adjusts a security policy according to the prediction result obtained by the risk prediction module, and carrying out safety precaution.
The invention has the beneficial effects that: the information security risk management system is provided, and effective prevention of information security risks is achieved by obtaining historical information security risk assessment results and predicting future information security risks.
Drawings
The invention is further illustrated by means of the attached drawings, but the embodiments in the drawings do not constitute any limitation to the invention, and for a person skilled in the art, other drawings can be obtained on the basis of the following drawings without inventive effort.
FIG. 1 is a schematic structural view of the present invention;
reference numerals:
the system comprises an information acquisition module 1, an information analysis module 2, a risk assessment module 3, a risk prediction module 4 and a risk control module 5.
Detailed Description
The invention is further described with reference to the following examples.
Referring to fig. 1, an information security risk management system of this embodiment includes an information acquisition module 1, an information analysis module 2, a risk assessment module 3, a risk prediction module 4, and a risk control module 5, where the information acquisition module 1 is configured to acquire basic information in an information network, the information analysis module 2 is configured to perform preliminary analysis on the acquired basic information to complete risk identification, and send data obtained by the analysis to the risk assessment module 3, the risk assessment module 3 performs information security risk assessment on the information network to generate a historical information security risk assessment result, the risk prediction module 4 is configured to analyze a historical information security risk assessment result, find a time rule of information security risk development, and predict a future information security risk, and the risk control module 5 adjusts a security policy according to a prediction result obtained by the risk prediction module 4, and carrying out safety precaution.
The embodiment provides an information security risk management system, which realizes effective prevention of information security risks by acquiring historical information security risk assessment results and predicting future information security risks.
Preferably, the information analysis module 2 includes a threat identification module, a vulnerability identification module and an effectiveness identification module, the threat identification module is used for determining a threat source of the threat information network, the vulnerability identification module is used for determining a vulnerability of the information network, and the effectiveness identification module is used for determining the effectiveness of a security measure taken for the vulnerability;
the threat identification module is used for determining a threat source of the threat information network, and specifically comprises the following steps:
determining threat sources of the information network as data leakage, virus intrusion and unauthorized access;
determining a first security risk value from a threat source of the information network:
Figure GDA0003030326990000021
in the formula, F1Representing a first security risk value, i representing a certain threat of data leakage, virus intrusion and unauthorized access, biRepresenting the probability of the occurrence of the ith threat, ciIndicating the degree of impact of the ith threat on information security, diIndicating an uncontrollable degree of the ith threat;
b isiIs determined by the following formula: bi=ai1+ai2
In the formula, ai1An attack capability metric representing the ith threat, ai2The attack complexity measurement value of the ith threat is represented, the attack capability measurement value and the attack complexity measurement value of the ith threat are scores of the expert on the attack capability and the attack complexity of the ith threat, and the attack capability and the attack complexity increase along with the increase and the increase of the scores;
c is mentionediIs determined by the following formula: c. Ci=ai3+ai4
In the formula, ai3An integrity impact metric value, a, representing the ith threati2The integrity influence metric value and the availability influence metric value of the ith threat represent the scores of the integrity influence and the availability influence of the expert on the information network brought by the ith threat, and the higher the score is, the greater the influence of the threat on the integrity and the availability of the information network is represented;
d isiIs determined by the following formula: di=ai5+ai6
In the formula, ai5A measure of the covert detectability of the information network, a, representing the presence of the ith threati6The method comprises the steps that a defense capability metric value of an information network when the ith threat appears is represented, the concealment detection capability metric value and the defense capability metric value of the information network to the ith threat are scores of the concealment detection capability and the defense capability of an expert to the ith threat, and the higher the score is, the stronger the concealment detection capability and the defense capability of the information network are represented;
the vulnerability identification module is used for determining the vulnerability of the information network, and specifically comprises the following steps:
determining the vulnerabilities of the information network as technical vulnerabilities and management vulnerabilities;
determining a second security risk value according to the vulnerability of the information network:
F2=(p+q)2+2p+q
in the formula, F1Representing a second security risk value, p representing a metric of the severity of the technical vulnerability, q representing a metric of the severity of the management vulnerability, the metric of the severity of the technical vulnerability and the metric of the severity of the management vulnerability being obtained by expert scoring, the higher the score, the more severe the technical vulnerability and the management vulnerability are represented;
the validity identification module is used for determining validity of a security measure taken for the vulnerability, and specifically comprises the following steps:
determining a third security risk value based on the effectiveness of the security measures:
Figure GDA0003030326990000031
in the formula, F3Represents a third security risk value, k1Representing the effective times of the safety measures, and k representing the total times of taking the safety measures;
the preferred embodiment realizes the identification of the security risk of the information network, and particularly lays a foundation for subsequent risk assessment by determining the threat source threatening the information network, the loophole of the information network and the effectiveness of security measures taken aiming at the loophole and converting the threat source, the loophole and the effectiveness into corresponding security risk values.
Preferably, the risk assessment module 3 performs information security risk assessment on the information network to generate a historical information security risk assessment result, specifically:
determining a security risk assessment value according to the first security risk value, the second security risk value and the third security risk value:
G=2(F1+F2+F3)+ln(F1+F2+F3)
wherein G represents a safety risk assessment value; the larger the safety risk assessment value is, the larger the safety risk is; and taking the safety risk evaluation value as a historical safety evaluation result of the information network.
The preferred embodiment realizes the evaluation of historical security risk and lays a foundation for the subsequent security risk prediction.
From the above description of embodiments, it is clear for a person skilled in the art that the embodiments described herein can be implemented in hardware, software, firmware, middleware, code or any appropriate combination thereof. For a hardware implementation, a processor may be implemented in one or more of the following units: an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a processor, a controller, a microcontroller, a microprocessor, other electronic units designed to perform the functions described herein, or a combination thereof. For a software implementation, some or all of the procedures of an embodiment may be performed by a computer program instructing associated hardware. In practice, the program may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage media may be any available media that can be accessed by a computer. Computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
Finally, it should be noted that the above embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the protection scope of the present invention, although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions can be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.

Claims (1)

1. An information security risk management system is characterized by comprising an information acquisition module, an information analysis module, a risk assessment module, a risk prediction module and a risk control module, wherein the information acquisition module is used for acquiring basic information in an information network, the information analysis module is used for carrying out primary analysis on the basic information to complete risk identification and sending the analyzed data to the risk assessment module, the risk assessment module is used for carrying out information security risk assessment on the information network to generate historical information security risk assessment results, the risk prediction module is used for analyzing the historical information security risk assessment results, discovering the time law of information security risk development and predicting future information security risks, and the risk control module adjusts a security policy according to the prediction results obtained by the risk prediction module, carrying out safety precaution;
the information analysis module comprises a threat identification module, a vulnerability identification module and an effectiveness identification module, wherein the threat identification module is used for determining a threat source of a threat information network, the vulnerability identification module is used for determining a vulnerability of the information network, and the effectiveness identification module is used for determining the effectiveness of a safety measure taken aiming at the vulnerability;
the threat identification module is used for determining a threat source of the threat information network, and specifically comprises the following steps:
determining threat sources of the information network as data leakage, virus intrusion and unauthorized access;
determining a first security risk value from a threat source of the information network:
Figure FDA0003030326980000011
in the formula, F1Representing a first security risk value, i representing a certain threat of data leakage, virus intrusion and unauthorized access, biRepresenting the probability of the occurrence of the ith threat, ciIndicating the degree of impact of the ith threat on information security, diIndicating an uncontrollable degree of the ith threat;
b isiIs determined by the following formula: bi=ai1+ai2
In the formula, ai1An attack capability metric representing the ith threat, ai2The attack complexity measurement value of the ith threat is represented, the attack capability measurement value and the attack complexity measurement value of the ith threat are scores of the expert on the attack capability and the attack complexity of the ith threat, and the attack capability and the attack complexity increase along with the increase and the increase of the scores;
c is mentionediIs determined by the following formula: c. Ci=ai3+ai4
In the formula, ai3An integrity impact metric value, a, representing the ith threati4The integrity influence metric value and the availability influence metric value of the ith threat represent the scores of the integrity influence and the availability influence of the expert on the information network brought by the ith threat, and the higher the score is, the greater the influence of the threat on the integrity and the availability of the information network is represented;
d isiIs determined by the following formula: di=ai5+ai6
In the formula, ai5A measure of the covert detectability of the information network, a, representing the presence of the ith threati6The method comprises the steps that a defense capability metric value of an information network when the ith threat appears is represented, the concealment detection capability metric value and the defense capability metric value of the information network to the ith threat are scores of the concealment detection capability and the defense capability of an expert to the ith threat, and the higher the score is, the stronger the concealment detection capability and the defense capability of the information network are represented;
the vulnerability identification module is used for determining the vulnerability of the information network, and specifically comprises the following steps:
determining the vulnerabilities of the information network as technical vulnerabilities and management vulnerabilities;
determining a second security risk value according to the vulnerability of the information network:
F2=(p+q)2+2p+q
in the formula, F2Representing a second security risk value, p representing a measure of the severity of the technical vulnerability, qThe metric value representing the severity of the management vulnerability is obtained by expert scoring, and the metric value representing the severity of the technical vulnerability and the metric value representing the severity of the management vulnerability are obtained by expert scoring, wherein the higher the score is, the more severe the technical vulnerability and the management vulnerability are;
the validity identification module is used for determining validity of a security measure taken for the vulnerability, and specifically comprises the following steps:
determining a third security risk value based on the effectiveness of the security measures:
Figure FDA0003030326980000021
in the formula, F3Represents a third security risk value, k1Representing the effective times of the safety measures, and k representing the total times of taking the safety measures;
the risk assessment module carries out information security risk assessment on the information network to generate a historical information security risk assessment result, and the risk assessment module specifically comprises the following steps:
determining a security risk assessment value according to the first security risk value, the second security risk value and the third security risk value:
G=2(F1+F2+F3)+ln(F1+F2+F3)
wherein G represents a safety risk assessment value; the larger the safety risk assessment value is, the larger the safety risk is; and taking the safety risk evaluation value as a historical safety evaluation result of the information network.
CN201811023060.XA 2018-09-03 2018-09-03 Information security risk management system Active CN109167786B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811023060.XA CN109167786B (en) 2018-09-03 2018-09-03 Information security risk management system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811023060.XA CN109167786B (en) 2018-09-03 2018-09-03 Information security risk management system

Publications (2)

Publication Number Publication Date
CN109167786A CN109167786A (en) 2019-01-08
CN109167786B true CN109167786B (en) 2021-07-27

Family

ID=64893955

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811023060.XA Active CN109167786B (en) 2018-09-03 2018-09-03 Information security risk management system

Country Status (1)

Country Link
CN (1) CN109167786B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111582714A (en) * 2020-05-07 2020-08-25 南京风数智能科技有限公司 Method, device, equipment and storage medium for evaluating effectiveness of network security measures
CN112017059A (en) * 2020-07-14 2020-12-01 北京淇瑀信息科技有限公司 Hierarchical optimization risk control method and device and electronic equipment
US11546767B1 (en) 2021-01-21 2023-01-03 T-Mobile Usa, Inc. Cybersecurity system for edge protection of a wireless telecommunications network
US11431746B1 (en) 2021-01-21 2022-08-30 T-Mobile Usa, Inc. Cybersecurity system for common interface of service-based architecture of a wireless telecommunications network
CN112866278B (en) * 2021-02-04 2023-04-07 许昌学院 Computer network information safety protection system based on big data
CN112800437B (en) * 2021-04-08 2021-07-27 国家信息中心 Information security risk evaluation system
CN115225402A (en) * 2022-07-26 2022-10-21 华能山东发电有限公司 New energy information security risk management system and method based on ISMS model

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663530A (en) * 2012-05-25 2012-09-12 中国南方电网有限责任公司超高压输电公司 Safety early warning and evaluating system for high-voltage direct current transmission system
CN102890754A (en) * 2012-10-31 2013-01-23 中国科学院自动化研究所 Danger source monitoring system for mine
CN104965972A (en) * 2015-06-09 2015-10-07 南京联成科技发展有限公司 Information system safety risk evaluation and protection method based on artificial intelligence
CN108200067A (en) * 2018-01-05 2018-06-22 国网山东省电力公司聊城供电公司 Big data information network adaptive security guard system based on trust computing

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9749343B2 (en) * 2014-04-03 2017-08-29 Fireeye, Inc. System and method of cyber threat structure mapping and application to cyber threat mitigation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102663530A (en) * 2012-05-25 2012-09-12 中国南方电网有限责任公司超高压输电公司 Safety early warning and evaluating system for high-voltage direct current transmission system
CN102890754A (en) * 2012-10-31 2013-01-23 中国科学院自动化研究所 Danger source monitoring system for mine
CN104965972A (en) * 2015-06-09 2015-10-07 南京联成科技发展有限公司 Information system safety risk evaluation and protection method based on artificial intelligence
CN108200067A (en) * 2018-01-05 2018-06-22 国网山东省电力公司聊城供电公司 Big data information network adaptive security guard system based on trust computing

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"信息安全风险多维动态管理模型及相关评估方法研究";葛海慧;《中国博士学位论文全文数据库信息科技辑》;20150815;正文第20页、第21页第1段、第22页第3-5段、第34页、第41-44页 *

Also Published As

Publication number Publication date
CN109167786A (en) 2019-01-08

Similar Documents

Publication Publication Date Title
CN109167786B (en) Information security risk management system
US8141132B2 (en) Determining an invalid request
EP3461103B1 (en) Ip reputation
US10708290B2 (en) System and method for prediction of future threat actions
CA2763513A1 (en) Systems and methods for efficient detection of fingerprinted data and information
CN108496328A (en) The accurate real-time identification that malice BGP is kidnapped
CN102624696A (en) Network security situation evaluation method
CN113542279A (en) Network security risk assessment method, system and device
CN102546641B (en) Method and system for carrying out accurate risk detection in application security system
US20240106858A1 (en) Web site compromise detection
US11356469B2 (en) Method and apparatus for estimating monetary impact of cyber attacks
CN109167832B (en) Electronic commerce system based on cloud computing
Al-Mousa Analyzing cyber-attack intention for digital forensics using case-based reasoning
Protrka Cybercrime
CN109040655B (en) Video conference system based on information network
Mehta Need for Better Metrics on Cybercrime
Watney Law Enforcement Use of Artificial Intelligence for Domestic Security: Challenges and Risks
KR20120056719A (en) Apparatus and method for total management of computating risk monitoring personal information
US20230188542A1 (en) Enhancing hybrid traditional neural networks with liquid neural network units for cyber security and offense protection
Alotaibi Ransomware Attacks as a Cybercrime in the United States: An Exploratory Study
Roycroft et al. Nikola Protrka
Aashmi et al. Detecting and Preventing of Attacks in Cloud Computing Using Hybrid Algorithm.
Kumari et al. Investigating Supervised Machine Learning Methodologies for Preventing Phishing Attacks on SCADA Server
Kumari et al. Enhancing Trust and Privacy in E-Commerce Platforms by Preventing DNS Heavyweight Attacks
Alswailim Security and Privacy Challenges of Participatory Sensing in Natural Disaster Management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Liu Wei

Inventor after: Luo Jiexiong

Inventor before: Luo Jiexiong

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210628

Address after: 518001 electric power dispatching and communication building, 4020 Shennan East Road, Luohu District, Shenzhen, Guangdong

Applicant after: SHENZHEN POWER SUPPLY BUREAU Co.,Ltd.

Address before: 512000 room 902, South Building, 98 Huimin South Road, Wujiang District, Shaoguan City, Guangdong Province

Applicant before: Luo Jiexiong

GR01 Patent grant
GR01 Patent grant