Disclosure of Invention
In view of the above, there is a need to provide an efficient information system asset security risk assessment method, apparatus, computer device and storage medium for solving the above technical problems.
An information system asset security risk assessment method is characterized by comprising the following steps:
acquiring asset safety risk data in a safety domain;
analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset;
constructing a risk matrix according to the risk possibility and the influence of the assets;
and carrying out asset safety risk assessment according to the risk matrix.
In one embodiment, performing asset security risk assessment according to a risk matrix comprises:
according to the risk matrix, obtaining value dimension data, fragile dimension data and threat dimension data corresponding to the assets;
calculating an asset security risk value according to value dimension data, fragile dimension data and threat dimension data corresponding to the asset;
and carrying out asset safety risk assessment according to the asset safety risk value.
In one embodiment, calculating the asset security risk value according to the value dimension data, the vulnerability dimension data and the threat dimension data corresponding to the asset comprises:
analyzing and acquiring a value grade, a weak point value, a threat severity grade and a threat frequency corresponding to the asset according to the value dimension data, the weak dimension data and the threat dimension data corresponding to the asset;
and calculating the product of the value grade, the weak point value, the threat severity grade and the threat frequency corresponding to the asset to obtain the asset security risk value.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
acquiring a preset value grade division table;
and obtaining the value grade corresponding to the asset according to the preset value grade division table and the value corresponding to the asset.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
according to the vulnerability corresponding to the asset, extracting the total vulnerability number of the asset and the severity level of each vulnerability, and counting the vulnerability number corresponding to the vulnerability severity level;
and calculating a weighted average value of the vulnerability severity levels to obtain a vulnerability value, wherein the weighted value of the vulnerability severity levels is positively correlated with the number of vulnerabilities corresponding to the vulnerability severity levels.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
extracting the total number of threats of the assets and the threat influence level corresponding to each threat according to the threats corresponding to the assets, and counting the number of threats corresponding to each threat influence level;
and calculating a weighted average value of the threat influence levels to obtain a threat severity level, wherein the weighted value of the threat influence levels is positively correlated with the number of threats corresponding to the threat influence levels.
In one embodiment, after the asset security risk assessment is performed according to the risk matrix, the method further includes:
importing the asset risk assessment result into a preset risk assessment report template to generate a risk assessment report;
and pushing a risk assessment report.
An information system asset security risk assessment device, the device comprising:
the data acquisition module is used for acquiring asset safety risk data in a safety domain;
the analysis module is used for analyzing the asset security risk data and acquiring the risk possibility and the influence of the asset;
the matrix construction module is used for constructing a risk matrix according to the risk possibility and the influence of the assets;
and the evaluation module is used for carrying out asset safety risk evaluation according to the risk matrix.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
acquiring asset safety risk data in a safety domain;
analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset;
constructing a risk matrix according to the risk possibility and the influence of the assets;
and carrying out asset safety risk assessment according to the risk matrix.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
acquiring asset safety risk data in a safety domain;
analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset;
constructing a risk matrix according to the risk possibility and the influence of the assets;
and carrying out asset safety risk assessment according to the risk matrix.
According to the asset security risk assessment method, device, computer equipment and storage medium of the information system, asset security risk data in the whole security domain are obtained, the data are analyzed to obtain corresponding risk possibility and influence, a risk matrix is constructed based on the risk possibility and the influence, and then asset security risk assessment is carried out according to the risk matrix. In the whole process, the risk possibility and the influence of the asset safety risk data in the whole safety domain are automatically acquired and analyzed, multiple items of data do not need to be manually acquired and input, the asset safety risk assessment is carried out by the constructed risk matrix, the influence of manual experience and subjective consciousness on the final risk assessment is reduced, and the accuracy of the risk assessment is improved.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The information system asset security risk assessment method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. A plurality of terminals 102 and a server 104 are based on the same security protection requirement and mutually trusted logic areas. The server 104 acquires asset security risk data of the whole security domain in the operation process; analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset; constructing a risk matrix according to the risk possibility and the influence of the assets; and carrying out asset safety risk assessment according to the risk matrix. The server 104 may send the security risk assessment results to the administrator terminal or push them directly to the administrator. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 104 may be implemented by an independent server or a server cluster formed by a plurality of servers.
In practical applications, after the complete asset table is formed by completing the identification of assets, in order to clearly protect the assets and to subsequently calculate the risk values, it is necessary to evaluate the value of the assets, and the value size not only takes into account the value itself but also the relevance of the business and the potential value under certain conditions. Asset value is often measured in terms of potential business impact generated when security events occur that result in loss of asset confidentiality, integrity and availability and thus loss of corporate funds, market share, corporate image. For consistency and accuracy of asset valuation, a set of valuation criteria for asset value is established, and a value can be assigned to each asset and to each possible loss, such as loss of confidentiality, integrity and availability. However, it is difficult to assign value to assets in an accurate manner, and generally, the value of the assets is divided into different grades according to the value evaluation standard of the assets in a qualitative manner, and after the assets are identified and valued, an organization further determines the key assets to be protected according to the value of the assets. In the evaluation process, in order to ensure that no asset is ignored or leaked, the information security system range should be determined firstly, the simplest way of evaluating the asset by establishing the evaluation boundary of the asset is to list all assets with values in the security management system range in the business organization process, then a certain value is given to the asset, the value reflects the importance of the asset on business organization operation, and the value is expressed by the potential influence degree on the business. For example, the greater the asset value, the greater the potential impact on the organizational business due to security events such as leaks, modifications, damage, unavailability, etc. The identification and valuation of assets based on the needs of an organization business is an important step in establishing an information security system and determining risks.
Based on the above technical background, the present application provides an information system asset security risk assessment method as shown in fig. 2, which is described by taking the application of the method to the server in fig. 1 as an example, and includes the following steps:
s200: asset security risk data within a secure domain is obtained.
A security domain is a logical area consisting of a set of systems with the same security protection requirements and trust each other. The security domain can specifically adopt a multi-level tree type security domain structure, so that the complex organization architecture and network architecture of a user can be supported conveniently. The security domain also supports operations of adding, editing and deleting; assets can be moved in and out of the secure domain in batches. Asset security risk data includes risk data for asset CIA (confidentiality, integrity, availability) attributes, security events, vulnerabilities. These data are recorded throughout the normal operation of the secure domain and can be extracted from the log of the system in the secure domain.
S400: and analyzing the asset safety risk data, and acquiring the risk possibility and the influence of the asset.
The asset security risk data in the security domain are analyzed, the value, the weakness, the risk value, the threat value and the risk trend of the asset can be analyzed for statistical analysis, and then parameters of the asset in two aspects of risk possibility and influence are obtained by adopting a built-in risk calculation model. The built-in risk calculation model may employ a conventional risk assessment model. The risk possibility mainly comprises the possibility of occurrence of a security event, the possibility of bringing risks to the system in the whole security domain after the security event occurs, and the like, and is mainly obtained by analyzing the risk value, the weakness, the risk trend and the like of the asset. The influential effect mainly refers to the influence on the whole security domain after a security event occurs, and is mainly obtained by analyzing the value, the weakness, the threat value, the risk trend and the like of the asset. Optionally, the risk calculation model may be used to periodically calculate the risk potential and impact of the asset based on the asset security risk data.
S600: and constructing a risk matrix according to the risk possibility and the influence of the assets.
A risk matrix is constructed by the risk potential and impact of the asset. It is understood that asset risk of the networking system (including terminals and servers) within the current security domain can be characterized by the risk matrix.
S800: and carrying out asset safety risk assessment according to the risk matrix.
And after S600, obtaining a risk matrix, namely collecting and organizing data of multiple dimensions into specific data in a matrix form, and further calculating to obtain an asset security risk assessment result of the information system on the basis of the risk matrix. And if not, specifically calculating an asset security risk value through a built-in risk calculation model, and obtaining a specific risk level as a final asset security risk assessment result based on the risk value and a preset risk value-risk level corresponding relation.
According to the asset security risk assessment method for the information system, asset security risk data in the whole security domain are obtained, the data are analyzed to obtain corresponding risk possibility and influence, a risk matrix is constructed based on the risk possibility and the influence, and then asset security risk assessment is carried out according to the risk matrix. In the whole process, the risk possibility and the influence of the asset safety risk data in the whole safety domain are automatically acquired and analyzed, multiple items of data do not need to be manually acquired and input, the asset safety risk assessment is carried out by the constructed risk matrix, the influence of manual experience and subjective consciousness on the final risk assessment is reduced, and the accuracy of the risk assessment is improved.
As shown in fig. 3, in one embodiment, S800 includes:
s820: according to the risk matrix, obtaining value dimension data, fragile dimension data and threat dimension data corresponding to the assets;
s840: calculating an asset security risk value according to value dimension data, fragile dimension data and threat dimension data corresponding to the asset;
s860: and carrying out asset safety risk assessment according to the asset safety risk value.
And (4) stripping and analyzing data of the value, the fragility and the threat dimension corresponding to the assets according to the risk matrix. The value refers to a value amount corresponding to the asset, and it can be understood that the greater the value amount is, the greater the sensitivity of the value amount to risks is, that is, the greater the level of protection is required to be. The value dimension data may be specific value data or a value level. The fragile dimensional data refers to the defense of the information system against attacks and dangerous events and the situation of loss in suffering from dangerous events. Threat dimension data refers to the degree of security threat to the entire information system upon the occurrence of a security event. Threat dimension data may be characterized by threat severity (threat level) and threat frequency. An asset security risk value is computed from the value dimension, the vulnerability dimension, and the threat dimension triggers. And if not, calculating the safety risk value of the asset according to the value dimension data, the vulnerability dimension data and the threat dimension data corresponding to the asset by using the risk calculation model. And (3) performing asset safety risk assessment by taking the asset safety risk value as an assessment basis, specifically, grading based on the asset safety risk value to finally obtain asset right risk assessment grades, wherein the grades specifically comprise 5 grades including extremely high, medium and low, and qualitatively assess the asset safety risk of the information system.
In order to further describe the content of the asset security risk assessment of the information system of the present application in detail, a description will be made below for the value dimension data, the vulnerability dimension data, and the threat dimension data, respectively.
Value dimension: the asset value may be divided into 5 levels (as shown in table 1 below in particular), with each level corresponding to a respective score. Wherein, the levels 1, 3 and 5 are use levels, the levels 2 and 4 are reserved levels, the grading result can be protected according to the security level of the information system, and the user can define the asset value in the configuration interface according to the security level.
Table 1 shows the correspondence table of asset value assignments
The vulnerability dimension: the vulnerability dimension data can be vulnerability grades, the vulnerability grades can be divided into 5 grades in total, namely, the high grade, the medium grade, the low grade and the medium grade, and the high grade means that if the vulnerability is utilized by a threat, the asset is damaged completely; high means that if utilized by a threat, significant damage will be done to the asset; medium refers to general damage to the asset if utilized by a threat; medium-low means that if utilized by a threat, the asset will be less damaged; low means that if utilized by a threat, the damage that would be done to the asset is negligible. The vulnerability rank and definition in the vulnerability dimension data can be seen in table 2 below.
Table 2 is a table of vulnerability severity
The threat dimension mainly includes two aspects of threat types and threat frequency, the threat types can be roughly divided into hardware types (caused by constituting hardware in the information system) and software types (caused by software installed in the information system), and specific threat classifications can be seen in the following table 3.
TABLE 3 threat Classification sheet
In one embodiment, calculating the asset security risk value according to the value dimension data, the vulnerability dimension data and the threat dimension data corresponding to the asset comprises: analyzing and acquiring a value grade, a weak point value, a threat severity grade and a threat frequency corresponding to the asset according to the value dimension data, the weak dimension data and the threat dimension data corresponding to the asset; and calculating the product of the value grade, the weak point value, the threat severity grade and the threat frequency corresponding to the asset to obtain the asset security risk value.
The detailed contents of the value dimension, the vulnerability dimension and the threat dimension are described in detail in the above, and are not repeated herein. Analyzing and proposing corresponding value grade, weak point value, threat severity grade and threat frequency from the three dimensional data, wherein the medium grade and the threat severity grade can be divided and set based on a preset corresponding grade division table to obtain the score of the corresponding grade, the weak point value and the threat frequency can obtain specific quantity in a statistical analysis mode, and the asset safety risk value is calculated and obtained based on the 4 values. Specifically, the product of the 4 values can be calculated through a preset risk calculation model to obtain an asset safety risk value.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
acquiring a preset value grade division table; and obtaining the value grade corresponding to the asset according to the preset value grade division table and the value corresponding to the asset.
The preset value ranking list is a preset table, and the asset value ranking list is shown in table 1 above. And dividing the value grades corresponding to the assets in a preset value grade division table form.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
according to the vulnerability corresponding to the asset, extracting the total vulnerability number of the asset and the severity level of each vulnerability, and counting the vulnerability number corresponding to the vulnerability severity level; and calculating a weighted average value of the vulnerability severity levels to obtain a vulnerability value, wherein the weighted value of the vulnerability severity levels is positively correlated with the number of vulnerabilities corresponding to the vulnerability severity levels.
For the vulnerability, the vulnerability severity rating is as shown in table 2 above. The total vulnerability number of the asset and the severity level of each vulnerability are obtained by adopting a statistical analysis mode, a final vulnerability value is obtained by adopting a weighting calculation mode, and the weighting value of the vulnerability severity is positively correlated with the corresponding vulnerability number in the weighting calculation process. Specifically, the following equation is shown:
wherein N is the total vulnerability of the assets and the Severity grade of the Severity vulnerability of the security, the value range is 1-5, and NiThe number of vulnerabilities for each severity level. The calculation of the vulnerability value is a weighted average of the vulnerability severity levels. If the asset does not introduce over-vulnerability, the vulnerability is 1 in severity.
In one embodiment, the above method for evaluating asset security risk of an information system further includes:
extracting the total number of threats of the assets and the threat influence level corresponding to each threat according to the threats corresponding to the assets, and counting the number of threats corresponding to each threat influence level; and calculating a weighted average value of the threat influence levels to obtain a threat severity level, wherein the weighted value of the threat influence levels is positively correlated with the number of threats corresponding to the threat influence levels.
The total number of threats of the assets and the threat influence level of each threat are obtained by adopting a statistical analysis mode, the threat severity level is obtained by adopting a weighted calculation mode, and the weighted value of the threat influence level is positively correlated with the corresponding threat number in the weighted calculation process. Specifically, the following equation is shown:
wherein M is the total threat number of the assets, Impact is the influence level of the threat, the value range is 1-5, and M isiThe number of threats for each impact level. The calculation of threat severity is a weighted average of threat impact levels.
In one embodiment, after the asset security risk assessment is performed according to the risk matrix, the method further includes:
importing the asset risk assessment result into a preset risk assessment report template to generate a risk assessment report; and pushing a risk assessment report.
And aiming at the finally obtained asset risk assessment result, the finally obtained asset risk assessment result can be imported into a preset risk assessment report template, and the final result is displayed to a manager in a report template mode.
It should be understood that, although the steps in the flowcharts are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in each of the flowcharts described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of performing the steps or stages is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a part of the steps or stages in other steps.
As shown in fig. 4, the present application further provides an information system asset security risk assessment apparatus, which includes:
a data obtaining module 200, configured to obtain asset security risk data in a security domain;
an analysis module 400, configured to analyze asset security risk data and obtain risk probability and influence of an asset;
a matrix construction module 600 for constructing a risk matrix according to the risk potential and impact of the asset;
and the evaluation module 800 is used for performing asset security risk evaluation according to the risk matrix.
The asset safety risk assessment device of the information system acquires asset safety risk data in the whole safety domain, analyzes the data to acquire corresponding risk possibility and influence, constructs a risk matrix based on the risk possibility and the influence, and then performs asset safety risk assessment according to the risk matrix. In the whole process, the risk possibility and the influence of the asset safety risk data in the whole safety domain are automatically acquired and analyzed, multiple items of data do not need to be manually acquired and input, the asset safety risk assessment is carried out by the constructed risk matrix, the influence of manual experience and subjective consciousness on the final risk assessment is reduced, and the accuracy of the risk assessment is improved.
In one embodiment, the evaluation module 800 is further configured to obtain value dimension data, vulnerability dimension data, and threat dimension data corresponding to the asset according to the risk matrix; calculating an asset security risk value according to value dimension data, fragile dimension data and threat dimension data corresponding to the asset; and carrying out asset safety risk assessment according to the asset safety risk value.
In one embodiment, the evaluation module 800 is further configured to analyze and obtain a value grade, a weak point value, a threat severity grade, and a threat frequency corresponding to the asset according to the value dimension data, the weak dimension data, and the threat dimension data corresponding to the asset; and calculating the product of the value grade, the weak point value, the threat severity grade and the threat frequency corresponding to the asset to obtain the asset security risk value.
In one embodiment, the evaluation module 800 is further configured to obtain a preset value grade division table; and obtaining the value grade corresponding to the asset according to the preset value grade division table and the value corresponding to the asset.
In one embodiment, the assessment module 800 is further configured to extract the total number of vulnerabilities of the asset and the severity level of each vulnerability according to the vulnerability corresponding to the asset, and count the number of vulnerabilities corresponding to the vulnerability severity level; and calculating a weighted average value of the vulnerability severity levels to obtain a vulnerability value, wherein the weighted value of the vulnerability severity levels is positively correlated with the number of vulnerabilities corresponding to the vulnerability severity levels.
In one embodiment, the evaluation module 800 is further configured to extract, according to the threats corresponding to the assets, the total number of threats of the assets and the threat influence level corresponding to each threat, and count the number of threats corresponding to each threat influence level; and calculating a weighted average value of the threat influence levels to obtain a threat severity level, wherein the weighted value of the threat influence levels is positively correlated with the number of threats corresponding to the threat influence levels.
In one embodiment, the asset security risk assessment device of the information system further includes a pushing module, configured to import an asset risk assessment result into a preset risk assessment report template, and generate a risk assessment report; and pushing a risk assessment report.
For specific limitations of the information system asset security risk assessment device, reference may be made to the above limitations of the information system asset security risk assessment method, which are not described herein again. The modules in the information system asset security risk assessment device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 5. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer equipment is used for storing data such as a preset division table, a built-in risk calculation model and the like. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement an information system asset security risk assessment device method.
Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
acquiring asset safety risk data in a safety domain;
analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset;
constructing a risk matrix according to the risk possibility and the influence of the assets;
and carrying out asset safety risk assessment according to the risk matrix.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
according to the risk matrix, obtaining value dimension data, fragile dimension data and threat dimension data corresponding to the assets; calculating an asset security risk value according to value dimension data, fragile dimension data and threat dimension data corresponding to the asset; and carrying out asset safety risk assessment according to the asset safety risk value.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
analyzing and acquiring a value grade, a weak point value, a threat severity grade and a threat frequency corresponding to the asset according to the value dimension data, the weak dimension data and the threat dimension data corresponding to the asset; and calculating the product of the value grade, the weak point value, the threat severity grade and the threat frequency corresponding to the asset to obtain the asset security risk value.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
acquiring a preset value grade division table; and obtaining the value grade corresponding to the asset according to the preset value grade division table and the value corresponding to the asset.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
according to the vulnerability corresponding to the asset, extracting the total vulnerability number of the asset and the severity level of each vulnerability, and counting the vulnerability number corresponding to the vulnerability severity level; and calculating a weighted average value of the vulnerability severity levels to obtain a vulnerability value, wherein the weighted value of the vulnerability severity levels is positively correlated with the number of vulnerabilities corresponding to the vulnerability severity levels.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
extracting the total number of threats of the assets and the threat influence level corresponding to each threat according to the threats corresponding to the assets, and counting the number of threats corresponding to each threat influence level; and calculating a weighted average value of the threat influence levels to obtain a threat severity level, wherein the weighted value of the threat influence levels is positively correlated with the number of threats corresponding to the threat influence levels.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
importing the asset risk assessment result into a preset risk assessment report template to generate a risk assessment report; and pushing a risk assessment report.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring asset safety risk data in a safety domain;
analyzing asset safety risk data, and acquiring the risk possibility and influence of the asset;
constructing a risk matrix according to the risk possibility and the influence of the assets;
and carrying out asset safety risk assessment according to the risk matrix.
In one embodiment, the computer program when executed by the processor further performs the steps of:
according to the risk matrix, obtaining value dimension data, fragile dimension data and threat dimension data corresponding to the assets; calculating an asset security risk value according to value dimension data, fragile dimension data and threat dimension data corresponding to the asset; and carrying out asset safety risk assessment according to the asset safety risk value.
In one embodiment, the computer program when executed by the processor further performs the steps of:
analyzing and acquiring a value grade, a weak point value, a threat severity grade and a threat frequency corresponding to the asset according to the value dimension data, the weak dimension data and the threat dimension data corresponding to the asset; and calculating the product of the value grade, the weak point value, the threat severity grade and the threat frequency corresponding to the asset to obtain the asset security risk value.
In one embodiment, the computer program when executed by the processor further performs the steps of:
acquiring a preset value grade division table; and obtaining the value grade corresponding to the asset according to the preset value grade division table and the value corresponding to the asset.
In one embodiment, the computer program when executed by the processor further performs the steps of:
according to the vulnerability corresponding to the asset, extracting the total vulnerability number of the asset and the severity level of each vulnerability, and counting the vulnerability number corresponding to the vulnerability severity level; and calculating a weighted average value of the vulnerability severity levels to obtain a vulnerability value, wherein the weighted value of the vulnerability severity levels is positively correlated with the number of vulnerabilities corresponding to the vulnerability severity levels.
In one embodiment, the computer program when executed by the processor further performs the steps of:
extracting the total number of threats of the assets and the threat influence level corresponding to each threat according to the threats corresponding to the assets, and counting the number of threats corresponding to each threat influence level; and calculating a weighted average value of the threat influence levels to obtain a threat severity level, wherein the weighted value of the threat influence levels is positively correlated with the number of threats corresponding to the threat influence levels.
In one embodiment, the computer program when executed by the processor further performs the steps of:
importing the asset risk assessment result into a preset risk assessment report template to generate a risk assessment report; and pushing a risk assessment report.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.