CN111881456A - Security risk management and control method, device, equipment and medium - Google Patents
Security risk management and control method, device, equipment and medium Download PDFInfo
- Publication number
- CN111881456A CN111881456A CN202010745811.XA CN202010745811A CN111881456A CN 111881456 A CN111881456 A CN 111881456A CN 202010745811 A CN202010745811 A CN 202010745811A CN 111881456 A CN111881456 A CN 111881456A
- Authority
- CN
- China
- Prior art keywords
- task
- detection
- execution
- security risk
- risk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000001514 detection method Methods 0.000 claims abstract description 147
- 230000008439 repair process Effects 0.000 claims abstract description 58
- 238000013102 re-test Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 17
- 238000007689 inspection Methods 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 12
- 238000002790 cross-validation Methods 0.000 claims description 9
- 238000009826 distribution Methods 0.000 claims description 6
- 230000000737 periodic effect Effects 0.000 claims description 6
- 238000003860 storage Methods 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 238000007726 management method Methods 0.000 description 36
- 238000004891 communication Methods 0.000 description 10
- 230000006870 function Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000012550 audit Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 3
- 238000012827 research and development Methods 0.000 description 3
- 230000002776 aggregation Effects 0.000 description 2
- 238000004220 aggregation Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000007619 statistical method Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008713 feedback mechanism Effects 0.000 description 1
- 235000021384 green leafy vegetables Nutrition 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Abstract
The invention provides a method, a device, equipment and a medium for managing and controlling security risks, which comprise the following steps: one or more missed-scanning engines associated with the established risk detection task are called, the risk detection task is executed through the associated one or more missed-scanning engines, and an execution result is obtained; checking the execution result according to the role authority, and acquiring a repair task according to the check result to repair the detected risk; the role authority of the invention tracks and inspects the loopholes to form risk closed-loop management, which can effectively ensure the orderly execution of risk monitoring and improve the efficiency.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to a method, an apparatus, a device, and a medium for managing and controlling security risk.
Background
Vulnerabilities, also known as vulnerabilities, are deficiencies and flaws in the design and implementation of hardware, software, protocols, or system security policies of a computer system. Vulnerabilities have become a significant factor affecting computer system security. According to the statistical data of the national information security vulnerability library (CNNVD), 1479 new security vulnerabilities of the information system are increased in 11 months in 2019, the overall increasing trend of the number of the vulnerabilities is still continuous, the information security environment is still complex, the security situation is still severe, and the security challenge is endless. Based on the current situation, various missed-scanning tools are released by each well-known security manufacturer, potential risks of the system are found in advance, the system is repaired and avoided, and the operational risk of the production environment service is reduced. However, the conventional under-sweeping tool has the following limitations: 1. the scanning function is single, and the scanning function of each mainstream missed scanning tool in the current market is single, and basically only one type of application missed scanning, system missed scanning and code scanning can be covered, but the two types cannot be covered simultaneously. If the inside scanning tool of different grade type of use of enterprise, need switch operation on the instrument of difference, efficiency receives the influence, and the result data of scanning on all kinds of instruments can't carry out automatic aggregation statistics simultaneously, can only form the platform account after the data of each instrument of manual statistics, and inefficiency and platform account are difficult to the persistence storage, can't reflect the security quality of each product line in the inside enterprise in real time. 2. The loopholes are not managed in an effective closed loop mode, all leakage scanning tools can only discover the loopholes generally, and an automatic mode is not available for effectively tracking and managing the loopholes. Need spend a large amount of manpowers and time to put in order the loophole standing book when enterprise's inside uses, go to trail through the off-line mode, it is efficient and trail with high costs. 3. The roles of the execution of the missing scanning and the audit are not distinguished, the current missing scanning tool does not have the operation of result audit under the common condition, and part of the tools have the audit function, but do not determine which role is executed and which role is audited. However, in most of the enterprises at present, the professional security engineers are not equipped enough, and the ordinary research and development personnel have weak security skill base and generally do not have the capability of audit, but can execute the missing scanning operation. If the execution of the missing scanning and the auditing authority are not strictly distinguished, the daily missing scanning work cannot be normally carried out.
Disclosure of Invention
In view of the problems in the prior art, the invention provides a security risk management and control method, device, equipment and medium, and mainly solves the problems that the traditional mode is lack of automatic vulnerability management, and the manual management cost is high and the efficiency is low.
In order to achieve the above and other objects, the present invention adopts the following technical solutions.
A security risk management and control method is characterized by comprising the following steps:
one or more missed-scanning engines associated with the established risk detection task are called, the risk detection task is executed through the associated one or more missed-scanning engines, and an execution result is obtained;
and checking the execution result according to the role authority, and acquiring a repair task according to the check result to repair the detected risk.
Optionally, the method further comprises: and configuring risk detection parameters for the risk detection task when the risk detection task is established.
Optionally, the risk detection parameter comprises at least one of: detection level, detection target, detection strategy and execution mode.
Optionally, the execution results of the plurality of risk detection tasks are counted according to business requirements to obtain a multi-dimensional statistical result.
Optionally, the multi-dimensional statistics at least include: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
Optionally, the detection hierarchy includes at least system detection, application detection, code detection.
Optionally, the execution mode includes at least one of: immediate execution, timed execution, periodic execution.
Optionally, each detection level includes one or more missing scan engines, and the execution result of the corresponding risk detection task is obtained through cross validation by the one or more missing scan engines.
Optionally, before the execution result is put into a library, the execution result is subjected to deduplication processing.
Optionally, when the risk detection task is executed, the execution progress of the current task is obtained in a task polling manner.
Optionally, the execution result is pushed to a role with verification authority.
Optionally, the pushing mode at least includes an email, a short message, and an application message reminder.
Optionally, when the execution result is judged to be misjudged or not reach the set risk level through inspection, the execution result is ignored;
and when the execution result is judged to reach the set risk level through inspection, a repair task is created.
Optionally, the repair task is output to a role with repair authority to execute a corresponding repair task.
Optionally, outputting the execution result of the repair task to a role with a verification authority for retesting, and if the retesting is passed, ending the task; and if the retest fails, re-executing the repair task until the retest passes.
Optionally, invoking, by the security platform, one or more missed-scan engines associated with the created risk detection task; wherein the false scan engine is integrated in the secure platform.
A security risk management and control apparatus, comprising:
the task management module is used for calling one or more missed-scanning engines associated with the established risk detection task, executing the risk detection task through the associated one or more missed-scanning engines and acquiring an execution result;
and the auditing module is used for checking the execution result according to the role authority and acquiring a repairing task according to the checking result to repair the detected risk.
Optionally, the system further comprises a parameter configuration module, configured to configure risk detection parameters for the risk detection task when the risk detection task is created.
Optionally, the risk detection parameter comprises at least one of: detection level, detection target, detection strategy and execution mode.
Optionally, the system includes a data statistics module, configured to perform statistics on execution results of the multiple risk detection tasks according to business requirements to obtain a multi-dimensional statistical result.
Optionally, the multi-dimensional statistics at least include: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
Optionally, the detection hierarchy includes at least system detection, application detection, code detection.
Optionally, the execution mode includes at least one of: immediate execution, timed execution, periodic execution.
Optionally, a cross validation module is included, where each detection level includes one or more missing scan engines, and the execution result of the corresponding risk detection task is obtained through cross validation by the one or more missing scan engines.
Optionally, the system includes a deduplication module, configured to perform deduplication processing on the execution result before the execution result is put into the library.
Optionally, the risk detection system includes a progress query module, configured to acquire an execution progress of a current task in a task polling manner when executing the risk detection task.
Optionally, the system includes an information pushing module, configured to push the execution result to a role with verification authority.
Optionally, the pushing mode at least includes an email, a short message, and an application message reminder.
Optionally, the system comprises a result classification module, configured to ignore the execution result when the execution result is judged to be misjudged or does not reach a set risk level through inspection;
and when the execution result is judged to reach the set risk level through inspection, a repair task is created.
Optionally, the system includes a repair task allocation module, configured to output the repair task to a designated role to execute a corresponding repair task according to a risk type corresponding to the execution result.
Optionally, the system comprises a retest module, configured to output an execution result of the repair task to a role with a verification authority for retest, and if the retest passes, end the task; and if the retest fails, re-executing the repair task until the retest passes.
Optionally, a security platform is included, by which one or more of the missed-scan engines associated with the created risk detection task are invoked; wherein the false scan engine is integrated in the secure platform.
An apparatus, comprising:
one or more processors; and
one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the device to perform the security risk management method.
One or more machine readable media having instructions stored thereon that, when executed by one or more processors, cause an apparatus to perform the security risk management methods described herein.
As described above, the security risk management and control method, apparatus, device and medium of the present invention have the following advantages.
According to the configuration of the risk detection parameters, the risk monitoring task is executed, the corresponding detection tasks can be executed according to different detection levels, and the problem that the scanning function of the conventional missed scanning tool is single is effectively solved; and the task is strictly divided according to the role, so that the orderly development of the risk management and control work can be effectively ensured.
Drawings
Fig. 1 is a flowchart of a security risk management and control method according to an embodiment of the present invention.
Fig. 2 is a block diagram of a security risk management apparatus according to an embodiment of the present invention.
Fig. 3 is a schematic structural diagram of a terminal device in an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a terminal device in another embodiment of the present invention.
Fig. 5 is a flowchart illustrating a process of performing a risk detection task according to an embodiment of the present invention.
Fig. 6 is a schematic diagram illustrating a procedure of checking a bug result according to an embodiment of the present invention.
Fig. 7 is a schematic structural framework diagram of a security risk management and control device according to another embodiment of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
Referring to fig. 1, the present invention provides a security risk management method, including steps S01-S02.
In step S01, one or more missing scan engines associated with the created risk detection task are called, and the risk detection task is executed through the associated one or more missing scan engines, and an execution result is obtained:
in one embodiment, when a risk detection task is created, risk detection parameters are configured for the risk detection task; the risk detection parameters at least comprise a detection level, a detection target, a detection strategy and an execution mode.
In one embodiment, the risk detection may be divided into at least three detection levels, system detection, application detection, and code detection. Aiming at each detection level, various corresponding vulnerability scanning engines can be respectively integrated, for example, a system detection can be integrated with a system missing scanning engine: nessus, sky-light, Greens alliance RSAS, etc.; application detection may integrate an application-miss-scan engine: appscan, AWVS, green alliance RSAS, etc.; code detection may integrate a code-missing-scan engine: fortify, Checkmarx, Codepecker, and the like. In another embodiment, a security platform may be provided, the missing scan engines corresponding to each level are integrated in the security platform, and one or more of the missing scan engines associated with the risk detection task are invoked by the security platform for executing the corresponding task.
Referring to FIG. 5, in one embodiment, an enterprise developer may create a risk detection task based on project development progress or business requirements. As the current project relates to the research and development work of a system architecture, risk detection is required to be carried out on vulnerabilities at a system level. A system-level risk detection task may be created and configured with corresponding risk detection parameters.
In an embodiment, the risk detection task execution mode may include one of immediate execution, timed execution, periodic execution, and the like.
In an embodiment, the detection policy may be a task execution policy for different detection levels preset by a developer. Taking application detection as an example, priorities of different applications can be set according to the use frequency of the applications and the like, application detection is performed according to the priorities, and a specific detection strategy can be adjusted according to actual application scenes or requirements.
In an embodiment, when the missing scan engine of each detection level in the security platform calls a risk detection task, the missing scan engine can analyze risk detection parameters, match detection levels, call the risk detection task through the specified detection level, and execute the risk detection task. In another embodiment, the under-scan engine and the risk detection task may be respectively disposed on different application management platforms, and the reading of the task or the transmission of data is performed between the platforms in a manner of interface call. For example, the security platform may be a server side, the missing scan engine may be integrated on the server side, and the risk detection task may be set through a client, a web page, or other terminal device. The terminal equipment can call various missed-scanning engines of the server end through the API interface to execute the risk detection task.
In one embodiment, each detection level comprises one or more leaky scan engines as detection tools, the same risk detection task can be executed by the one or more leaky scan engines, and the results are cross-validated, so that the coverage rate and the depth of detection are guaranteed.
In an embodiment, in the process of executing the risk detection task, the execution progress of the current task may be obtained in a task polling manner. Specifically, the processor sends inquiry information at regular time, inquires about the task execution condition of one of the missed-scan engines in sequence, and continuously inquires about the next missed-scan engine if the execution is completed, so as to obtain the task execution progress.
Referring to fig. 5, in an embodiment, after the risk detection task is completed, the execution result is put into a library. And because repeated detection results exist in the cross-validation of a plurality of missed scan engines, the task execution results are deduplicated before the warehousing operation is executed. Specifically, duplicate checking can be performed according to information such as the vulnerability number in the execution result, and the same vulnerability information can be screened out. Optionally, the execution result may include information about the details of the vulnerability, such as the name of the vulnerability, the address of the vulnerability, the name of the task, the discovery time, the risk level, the status of the vulnerability, and the like. And carrying out statistical analysis on the execution result to generate a missing scanning report. Vulnerability information can be displayed in the missed scanning report in a key word, key character and other modes, and the subsequent checking and positioning of the root cause of the problem are facilitated. When the missing scanning report is generated, statistical analysis can be carried out from multiple dimensions, and a multi-dimensional statistical result is obtained. The statistical dimensions may include at least: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
In an embodiment, when the current risk detection task is executed, the historical tasks can be quickly rescanned, the historical repair situation of the bug is verified, and then information such as the repair proportion is counted.
Furthermore, the multidimensional statistical result can be output through a visual interface and can be displayed in a timing or real-time manner. The safety quality of each product line can be clearly shown and described.
In step S02, the execution result is checked according to the role authority, and a repair task is obtained according to the check result to repair the detected risk.
In one embodiment, to avoid false scannings, a verification mechanism is introduced. And triggering push information according to the execution result of warehousing, and pushing the newly warehoused risk detection result to the role with the inspection authority. Alternatively, the role with verification authority may be a full-time security engineer or other highly experienced security manager. The push can be carried out in the modes of mail, short message and terminal application message reminding. Alternatively, the safety engineer may also periodically and actively acquire the latest detection information from the information in storage for inspection.
Specifically, please refer to fig. 6, the vulnerability status obtained by executing the risk detection task may be set as "new". If the security engineer analyzes and judges that the corresponding vulnerability risk level is higher than the preset risk level and the possibility of being utilized by an attacker exists, the vulnerability state can be changed from newly established to confirmed; if the security engineer analyzes and judges that the detected vulnerability risk level does not reach the preset level, and the system has corresponding protection measures and controllable risk, the vulnerability state can be changed from newly built to neglected; if the security engineer analyzes and judges that the vulnerability cannot reappear and is caused by the false alarm of the missed scanning engine, the vulnerability state can be changed from 'newly built' to 'false alarm'.
If the vulnerability state is neglected or misinformed, the execution result of the vulnerability is neglected, the problem is closed, and the vulnerability state does not need to be tracked subsequently.
And if the bug state is 'confirmed', establishing a repair task, and outputting the repair task to a designated responsible person to execute the repair task according to the risk type (such as system bug, application bug, code bug and the like). The corresponding bug responsible person can be reminded by mails, short messages and the like to execute the repair task. After the corresponding responsible person mainly repairs the corresponding bug, the bug state can be changed from 'confirmed' to 'solved'. Optionally, the bug solutions output by the bug fix responsible persons are stored, and the corresponding solutions can be directly called to fix the same bugs next time.
In one embodiment, when the bug whose bug state is 'solved' is sent to a role (such as a security engineer) with a checking authority again for retesting, if the retesting is passed, the bug is closed; and if the corresponding bug passes the retest, activating the repair task again, and repairing the bug by a repair responsible person with authority until the corresponding bug passes the retest.
In an embodiment, after the bug is closed, the bug state is synchronously updated to a database storing the execution result so as to be used for correcting the multidimensional statistical result, such as bug fixing rate and the like.
Please refer to fig. 2, which also provides a security risk management and control apparatus for executing the security risk management and control method in the foregoing method embodiments. Since the technical principle of the embodiment of the apparatus is similar to that of the embodiment of the method, repeated description of the same technical details is omitted.
In an embodiment, the security risk management and control apparatus includes a task management module 10 and an auditing module 12, where the task management module 10 is configured to assist in performing step S01 described in the foregoing method embodiment; the auditing module 12 is used to assist in performing step S02 described in the previous method embodiments.
Optionally, the system further comprises a parameter configuration module, configured to configure risk detection parameters for the risk detection task when the risk detection task is created.
Optionally, the risk detection parameter comprises at least one of: detection level, detection target, detection strategy and execution mode.
Optionally, the system includes a data statistics module, configured to perform statistics on execution results of the multiple risk detection tasks according to business requirements to obtain a multi-dimensional statistical result.
Optionally, the multi-dimensional statistics at least include: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
Optionally, the detection hierarchy includes at least system detection, application detection, code detection.
Optionally, the execution mode includes at least one of: immediate execution, timed execution, periodic execution.
Optionally, a cross validation module is included, where each detection level includes one or more missing scan engines, and the execution result of the corresponding risk detection task is obtained through cross validation by the one or more missing scan engines.
Optionally, the system includes a deduplication module, configured to perform deduplication processing on the execution result before the execution result is put into the library.
Optionally, the risk detection system includes a progress query module, configured to acquire an execution progress of a current task in a task polling manner when executing the risk detection task.
Optionally, the system includes an information pushing module, configured to push the execution result to a role with verification authority.
Optionally, the pushing mode at least includes an email, a short message, and an application message reminder.
Optionally, the system comprises a result classification module, configured to ignore the execution result when the execution result is judged to be misjudged or does not reach a set risk level through inspection;
and when the execution result is judged to reach the set risk level through inspection, a repair task is created.
Optionally, the system includes a repair task allocation module, configured to output the repair task to a designated role to execute a corresponding repair task according to a risk type corresponding to the execution result.
Optionally, the system comprises a retest module, configured to output an execution result of the repair task to a role with a verification authority for retest, and if the retest passes, end the task; and if the retest fails, re-executing the repair task until the retest passes.
Referring to FIG. 7, optionally, a security platform 13 is included, through which one or more of the missing scan engines associated with the created risk detection task are invoked; wherein the false scan engine is integrated in the secure platform. Optionally, a risk detection task may be created through a client APP, a website visual interface, and the like, and vulnerability management and task management may be performed. Specifically, the task management may include setting task priority, obtaining task progress, and the like; vulnerability management can be divided into application vulnerability management, system vulnerability management, code vulnerability management, and the like according to vulnerability hierarchy. And after calling a corresponding missed-scanning engine in the security platform through the API (application programming interface), carrying out statistical management on the quantity, the execution result, the repair proportion and the like of the loopholes. Further, the vulnerability information can be output to personnel with corresponding authorities for processing according to the vulnerability execution result, such as checking and retesting through a security engineer, and vulnerability repair through a repair strategy formulated by a research and development engineer.
An embodiment of the present application further provides an apparatus, which may include: one or more processors; and one or more machine readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method of fig. 1. In practical applications, the device may be used as a terminal device, and may also be used as a server, where examples of the terminal device may include: the mobile terminal includes a smart phone, a tablet computer, an electronic book reader, an MP3 (Moving Picture Experts Group Audio Layer III) player, an MP4 (Moving Picture Experts Group Audio Layer IV) player, a laptop, a vehicle-mounted computer, a desktop computer, a set-top box, an intelligent television, a wearable device, and the like.
The embodiment of the present application further provides a non-volatile readable storage medium, where one or more modules (programs) are stored in the storage medium, and when the one or more modules are applied to a device, the device may execute instructions (instructions) of steps included in the security risk management and control method in fig. 1 according to the embodiment of the present application.
Fig. 6 is a schematic diagram of a hardware structure of a terminal device according to an embodiment of the present application. As shown, the terminal device may include: an input device 1100, a first processor 1101, an output device 1102, a first memory 1103, and at least one communication bus 1104. The communication bus 1104 is used to implement communication connections between the elements. The first memory 1103 may include a high-speed RAM memory, and may also include a non-volatile storage NVM, such as at least one disk memory, and the first memory 1103 may store various programs for performing various processing functions and implementing the method steps of the present embodiment.
Alternatively, the first processor 1101 may be, for example, a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP), a Digital Signal Processing Device (DSPD), a Programmable Logic Device (PLD), a Field Programmable Gate Array (FPGA), a controller, a microcontroller, a microprocessor, or other electronic components, and the processor 1101 is coupled to the input device 1100 and the output device 1102 through a wired or wireless connection.
Optionally, the input device 1100 may include a variety of input devices, such as at least one of a user-oriented user interface, a device-oriented device interface, a software programmable interface, a camera, and a sensor. Optionally, the device interface facing the device may be a wired interface for data transmission between devices, or may be a hardware plug-in interface (e.g., a USB interface, a serial port, etc.) for data transmission between devices; optionally, the user-facing user interface may be, for example, a user-facing control key, a voice input device for receiving voice input, and a touch sensing device (e.g., a touch screen with a touch sensing function, a touch pad, etc.) for receiving user touch input; optionally, the programmable interface of the software may be, for example, an entry for a user to edit or modify a program, such as an input pin interface or an input interface of a chip; the output devices 1102 may include output devices such as a display, audio, and the like.
In this embodiment, the processor of the terminal device includes a function for executing each module of the speech recognition apparatus in each device, and specific functions and technical effects may refer to the above embodiments, which are not described herein again.
Fig. 7 is a schematic hardware structure diagram of a terminal device according to another embodiment of the present application. FIG. 7 is a specific embodiment of the implementation of FIG. 6. As shown, the terminal device of the present embodiment may include a second processor 1201 and a second memory 1202.
The second processor 1201 executes the computer program code stored in the second memory 1202 to implement the method described in fig. 1 in the above embodiment.
The second memory 1202 is configured to store various types of data to support operations at the terminal device. Examples of such data include instructions for any application or method operating on the terminal device, such as messages, pictures, videos, and so forth. The second memory 1202 may include a Random Access Memory (RAM) and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.
Optionally, the first processor 1201 is provided in the processing assembly 1200. The terminal device may further include: communication component 1203, power component 1204, multimedia component 1205, speech component 1206, input/output interfaces 1207, and/or sensor component 1208. The specific components included in the terminal device are set according to actual requirements, which is not limited in this embodiment.
The processing component 1200 generally controls the overall operation of the terminal device. The processing assembly 1200 may include one or more second processors 1201 to execute instructions to perform all or part of the steps of the method illustrated in fig. 1 described above. Further, the processing component 1200 can include one or more modules that facilitate interaction between the processing component 1200 and other components. For example, the processing component 1200 can include a multimedia module to facilitate interaction between the multimedia component 1205 and the processing component 1200.
The power supply component 1204 provides power to the various components of the terminal device. The power components 1204 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the terminal device.
The multimedia components 1205 include a display screen that provides an output interface between the terminal device and the user. In some embodiments, the display screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the display screen includes a touch panel, the display screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation.
The voice component 1206 is configured to output and/or input voice signals. For example, the voice component 1206 includes a Microphone (MIC) configured to receive external voice signals when the terminal device is in an operational mode, such as a voice recognition mode. The received speech signal may further be stored in the second memory 1202 or transmitted via the communication component 1203. In some embodiments, the speech component 1206 further comprises a speaker for outputting speech signals.
The input/output interface 1207 provides an interface between the processing component 1200 and peripheral interface modules, which may be click wheels, buttons, etc. These buttons may include, but are not limited to: a volume button, a start button, and a lock button.
The sensor component 1208 includes one or more sensors for providing various aspects of status assessment for the terminal device. For example, the sensor component 1208 may detect an open/closed state of the terminal device, relative positioning of the components, presence or absence of user contact with the terminal device. The sensor assembly 1208 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact, including detecting the distance between the user and the terminal device. In some embodiments, the sensor assembly 1208 may also include a camera or the like.
The communication component 1203 is configured to facilitate communications between the terminal device and other devices in a wired or wireless manner. The terminal device may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In one embodiment, the terminal device may include a SIM card slot therein for inserting a SIM card therein, so that the terminal device may log onto a GPRS network to establish communication with the server via the internet.
As can be seen from the above, the communication component 1203, the voice component 1206, the input/output interface 1207 and the sensor component 1208 referred to in the embodiment of fig. 4 can be implemented as the input device in the embodiment of fig. 3.
In summary, according to the security risk management and control method, device, equipment and medium provided by the invention, through integrating the large mature missing scan engines in the industry, the missing scan capability of each dimension is provided, various types of vulnerabilities are effectively covered, data of all scan tasks are aggregated and analyzed, a detailed data report is generated, by butting the internal defect management platform of an enterprise, vulnerabilities are efficiently tracked and managed, a set of vulnerability tracking rectification and feedback mechanism is established, and in addition, through strictly distinguishing the specific roles of two types of operations of repairing task execution and result audit, risk detection can be better executed in enterprises of different scales; the system breaks through the single coverage of various existing missed-scanning tools, application vulnerabilities cannot be simultaneously covered, system vulnerabilities and code vulnerabilities, automatic aggregation analysis is carried out on result data of various missed-scanning engines, reports are formed, enterprise security managers can quickly pay attention to the security quality of various products conveniently, an internal enterprise defect management platform is fully utilized, the discovered vulnerabilities are subjected to full-life-cycle management and control, closed-loop management on various security vulnerabilities is formed, specific roles of execution and result inspection through strict distinction are given, the advantages of various internal enterprise personnel can be given out, the missed-scanning work is enabled to continue, and effective operation becomes feasible. Therefore, the invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (34)
1. A security risk management and control method is characterized by comprising the following steps:
one or more missed-scanning engines associated with the established risk detection task are called, the risk detection task is executed through the associated one or more missed-scanning engines, and an execution result is obtained;
and checking the execution result according to the role authority, and acquiring a repair task according to the check result to repair the detected risk.
2. The security risk management and control method according to claim 1, further comprising: and configuring risk detection parameters for the risk detection task when the risk detection task is established.
3. The security risk management and control method according to claim 1, wherein the risk detection parameters include at least one of: detection level, detection target, detection strategy and execution mode.
4. The security risk management and control method according to claim 1, wherein the execution results of the plurality of risk detection tasks are counted according to business requirements to obtain a multidimensional statistical result.
5. The security risk management and control method according to claim 4, wherein the multidimensional statistics at least include: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
6. The security risk management and control method according to claim 3, wherein the detection hierarchy at least includes system detection, application detection, and code detection.
7. The security risk management and control method according to claim 3, wherein the execution mode includes at least one of: immediate execution, timed execution, periodic execution.
8. The security risk management and control method according to claim 6, wherein each detection level includes one or more missing scan engines, and the execution result of the corresponding risk detection task is obtained through cross validation by the one or more missing scan engines.
9. The security risk management and control method according to claim 1, wherein before the execution result is put into the database, the execution result is subjected to deduplication processing.
10. The security risk management and control method according to claim 1, wherein when the risk detection task is executed, an execution progress of a current task is obtained in a task polling manner.
11. The security risk management and control method according to claim 1, wherein the execution result is pushed to a role with verification authority.
12. The security risk management and control method according to claim 11, wherein the pushing manner at least includes a mail, a short message, and an application message reminder.
13. The method according to claim 1, wherein if the execution result is determined to be misjudged or not reach the set risk level through inspection, the execution result is ignored;
and when the execution result is judged to reach the set risk level through inspection, a repair task is created.
14. The security risk management and control method according to claim 13, wherein the repair task is output to a role having a repair authority to execute a corresponding repair task.
15. The security risk management and control method according to claim 14, wherein the execution result of the repair task is output to a role having a verification authority for retesting, and if the retesting is passed, the task is ended; and if the retest fails, re-executing the repair task until the retest passes.
16. The security risk management and control method according to claim 1, wherein one or more of the missing scan engines associated with the created risk detection task are invoked by the security platform; wherein the false scan engine is integrated in the secure platform.
17. A security risk management and control device, comprising:
the task management module is used for calling one or more missed-scanning engines associated with the established risk detection task, executing the risk detection task through the associated one or more missed-scanning engines and acquiring an execution result;
and the auditing module is used for checking the execution result according to the role authority and acquiring a repairing task according to the checking result to repair the detected risk.
18. The security risk management and control device according to claim 17, further comprising a parameter configuration module, configured to configure risk detection parameters for the risk detection task when creating the risk detection task.
19. The security risk management and control apparatus according to claim 17, wherein the risk detection parameters include at least one of: detection level, detection target, detection strategy and execution mode.
20. The security risk management and control device according to claim 17, comprising a data statistics module, configured to perform statistics on execution results of the plurality of risk detection tasks according to business requirements to obtain a multidimensional statistical result.
21. The security risk management and control apparatus according to claim 20, wherein the multidimensional statistics at least include: the number of vulnerabilities, vulnerability distribution, vulnerability types, vulnerability variation trends and vulnerability repair proportions.
22. The security risk management and control apparatus according to claim 19, wherein the detection hierarchy includes at least system detection, application detection, and code detection.
23. The security risk management and control apparatus of claim 19, wherein the execution manner comprises at least one of: immediate execution, timed execution, periodic execution.
24. The security risk management and control apparatus according to claim 22, comprising a cross validation module, configured to include one or more under-scan engines for each detection level, and perform cross validation through the one or more under-scan engines to obtain an execution result of the corresponding risk detection task.
25. The security risk management and control device according to claim 17, comprising a deduplication module configured to perform deduplication processing on the execution result before the execution result is put into storage.
26. The security risk management and control device according to claim 17, comprising a progress query module, configured to obtain an execution progress of a current task in a task polling manner when the risk detection task is executed.
27. The security risk management and control device according to claim 17, comprising an information pushing module configured to push the execution result to a role having a verification authority.
28. The security risk management and control device according to claim 27, wherein the pushing manner at least includes a mail, a short message, and an application message reminder.
29. The security risk management and control apparatus according to claim 17, comprising a result classification module, configured to ignore the execution result when the execution result is determined to be misjudged or does not reach the set risk level through inspection;
and when the execution result is judged to reach the set risk level through inspection, a repair task is created.
30. The security risk management and control device according to claim 29, comprising a repair task allocation module, configured to output the repair task to a designated role to execute a corresponding repair task according to a risk type corresponding to the execution result.
31. The security risk management and control device according to claim 30, comprising a retest module, configured to output an execution result of the repair task to a role having a verification authority for retest, and if the retest passes, end the task; and if the retest fails, re-executing the repair task until the retest passes.
32. The security risk management and control apparatus according to claim 1, comprising a security platform, through which one or more of the under-scan engines associated with the created risk detection task are invoked; wherein the false scan engine is integrated in the secure platform.
33. An apparatus, comprising:
one or more processors; and
one or more machine-readable media having instructions stored thereon that, when executed by the one or more processors, cause the apparatus to perform the method recited by one or more of claims 1-16.
34. One or more machine-readable media having instructions stored thereon, which when executed by one or more processors, cause an apparatus to perform the method recited by one or more of claims 1-16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010745811.XA CN111881456A (en) | 2020-07-29 | 2020-07-29 | Security risk management and control method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010745811.XA CN111881456A (en) | 2020-07-29 | 2020-07-29 | Security risk management and control method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111881456A true CN111881456A (en) | 2020-11-03 |
Family
ID=73201089
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010745811.XA Pending CN111881456A (en) | 2020-07-29 | 2020-07-29 | Security risk management and control method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111881456A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106997437A (en) * | 2017-03-02 | 2017-08-01 | 北京理工大学 | A kind of system vulnerability means of defence and device |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN108494727A (en) * | 2018-02-06 | 2018-09-04 | 成都清华永新网络科技有限公司 | A kind of security incident closed-loop process method for network security management |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110532780A (en) * | 2019-07-25 | 2019-12-03 | 安徽永顺信息科技有限公司 | A kind of vulnerability scanning system and its operation method based on vulnerability scan |
| CN111008376A (en) * | 2019-12-09 | 2020-04-14 | 国网山东省电力公司电力科学研究院 | Mobile application source code safety audit system based on code dynamic analysis |
| CN111193719A (en) * | 2019-12-14 | 2020-05-22 | 贵州电网有限责任公司 | Network intrusion protection system |
| CN111199042A (en) * | 2019-12-17 | 2020-05-26 | 中国南方电网有限责任公司超高压输电公司 | Safe and efficient vulnerability management system |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
-
2020
- 2020-07-29 CN CN202010745811.XA patent/CN111881456A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106997437A (en) * | 2017-03-02 | 2017-08-01 | 北京理工大学 | A kind of system vulnerability means of defence and device |
| CN107437029A (en) * | 2017-08-23 | 2017-12-05 | 北京奇虎科技有限公司 | Leak restorative procedure, leak prosthetic device and server |
| CN108494727A (en) * | 2018-02-06 | 2018-09-04 | 成都清华永新网络科技有限公司 | A kind of security incident closed-loop process method for network security management |
| CN108737425A (en) * | 2018-05-24 | 2018-11-02 | 北京凌云信安科技有限公司 | Fragility based on multi engine vulnerability scanning association analysis manages system |
| CN109302380A (en) * | 2018-08-15 | 2019-02-01 | 全球能源互联网研究院有限公司 | A kind of safety protection equipment linkage defense strategy Intelligent Decision-making Method and system |
| CN110532780A (en) * | 2019-07-25 | 2019-12-03 | 安徽永顺信息科技有限公司 | A kind of vulnerability scanning system and its operation method based on vulnerability scan |
| CN111008376A (en) * | 2019-12-09 | 2020-04-14 | 国网山东省电力公司电力科学研究院 | Mobile application source code safety audit system based on code dynamic analysis |
| CN111193719A (en) * | 2019-12-14 | 2020-05-22 | 贵州电网有限责任公司 | Network intrusion protection system |
| CN111199042A (en) * | 2019-12-17 | 2020-05-26 | 中国南方电网有限责任公司超高压输电公司 | Safe and efficient vulnerability management system |
| CN111240994A (en) * | 2020-01-20 | 2020-06-05 | 北京国舜科技股份有限公司 | Vulnerability processing method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109828903B (en) | Automatic testing method and device, computer device and storage medium | |
| EP3053123B1 (en) | Metering user behaviour and engagement with user interface in terminal devices | |
| CN105956474B (en) | Android platform software unusual checking system | |
| CN110826071B (en) | Software vulnerability risk prediction method, device, equipment and storage medium | |
| CN109376078A (en) | Test method, terminal device and the medium of mobile application | |
| CN107145782A (en) | A kind of recognition methods, mobile terminal and the server of abnormal application program | |
| CN104182681A (en) | Hook-based iOS (iPhone operating system) key behavior detection device and detection method thereof | |
| CN113268260A (en) | Routing method and device for web front end | |
| CN112671609A (en) | Asset census and safety detection method and device and terminal equipment | |
| CN110347565B (en) | Application program abnormity analysis method and device and electronic equipment | |
| CN107679423A (en) | Partition integrity inspection method and device | |
| CN110674123B (en) | Data preprocessing method, device, equipment and medium | |
| US20120124428A1 (en) | Method and system for testing software on programmable devices | |
| CN111815433A (en) | Loan risk assessment method and device, machine-readable medium and equipment | |
| CN109426960A (en) | Account authentication method, mobile device, account authentication equipment and readable storage medium storing program for executing | |
| CN112380478A (en) | Webpage screenshot method and device, computer equipment and computer-readable storage medium | |
| CN111881456A (en) | Security risk management and control method, device, equipment and medium | |
| CN115600261A (en) | Data security protection method, device, equipment and medium | |
| CN110838929A (en) | System error checking method and system error checking device | |
| CN115600213A (en) | Vulnerability management method, device, medium and equipment based on application program | |
| CN115509913A (en) | Software automation test method, device, machine readable medium and equipment | |
| CN114637685A (en) | Performance test method, device, equipment and medium of application program in bank system | |
| CN114462030A (en) | Privacy policy processing and evidence obtaining method, device, equipment and storage medium | |
| CN114896625A (en) | File leakage prevention method and device, electronic equipment and storage medium | |
| CN111626369B (en) | Face recognition algorithm effect evaluation method and device, machine readable medium and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201103 |