TW201913440A - Method, system, computer program product and computer-readable recording medium of information security joint defense mechanism - Google Patents

Method, system, computer program product and computer-readable recording medium of information security joint defense mechanism Download PDF

Info

Publication number
TW201913440A
TW201913440A TW106130323A TW106130323A TW201913440A TW 201913440 A TW201913440 A TW 201913440A TW 106130323 A TW106130323 A TW 106130323A TW 106130323 A TW106130323 A TW 106130323A TW 201913440 A TW201913440 A TW 201913440A
Authority
TW
Taiwan
Prior art keywords
security
server
information
risk
joint
Prior art date
Application number
TW106130323A
Other languages
Chinese (zh)
Other versions
TWI667589B (en
Inventor
許建隆
史素珍
彭威陽
Original Assignee
關貿網路股份有限公司
許建隆
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 關貿網路股份有限公司, 許建隆 filed Critical 關貿網路股份有限公司
Priority to TW106130323A priority Critical patent/TWI667589B/en
Publication of TW201913440A publication Critical patent/TW201913440A/en
Application granted granted Critical
Publication of TWI667589B publication Critical patent/TWI667589B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method, system, computer program product and computer-readable recording medium of an information security joint defense mechanism connecting to at least one client server in which a security information collecting program is installed. The system includes at least one joint-defense server, an insurance server and an information security management server. The joint-defense server includes an alert and surveillance server and/or a notification and response server. The information security management server is configured to selectively exchange a piece of security information collected by the security information collecting program with the joint-defense server and the insurance server, in order to offer at least two of the following services to the client servers: the information security alert and surveillance service, information security notification and response service, and information security and privacy insurance service.

Description

資安聯防方法、系統、電腦程式產品及電腦可讀取紀錄媒體Guardian security methods, systems, computer program products and computer readable recording media

本發明係涉及資訊安全技術,尤指資安聯防方法、系統、電腦程式產品及電腦可讀取紀錄媒體。The invention relates to information security technology, in particular to a security joint prevention method, a system, a computer program product and a computer readable recording medium.

隨著網際網路技術的迅速發展,越來越多資訊是需要透過網路進行傳遞,也因此網路安全的問題更顯重要。特別是,提供電子交易、行動支付等服務之銀行或商家的電子商務系統,或是大型企業、公家機關等必須進行機密文件傳遞者,這些機構若被駭客攻擊或有心人士滲透,便可能造成鉅額損失。With the rapid development of Internet technology, more and more information needs to be transmitted through the Internet, so the issue of network security is even more important. In particular, e-commerce systems for banks or businesses that provide services such as electronic transactions and mobile payments, or large enterprises, public agencies, etc., must pass confidential documents. If these organizations are attacked by hackers or infiltrated by people, they may cause Huge losses.

對此,目前大型機構(如企業、公家機關、銀行等),大多會自行建置網路安全監控中心(Security Operation Center,SOC)進行防護。但自行建置網路安全監控中心除了成本高昂之外,也力有未逮,難以提供較佳的防護效果。例如可能因為人力配置不足,而難以長時間進行監控,發生較大規模的攻擊時,也難以充分應對。再者,資安資源也較為封閉、更新較慢,而難以應對快速改變的網路攻擊型態。In this regard, at present, large organizations (such as enterprises, public institutions, banks, etc.) will mostly build their own Security Operation Center (SOC) for protection. However, in addition to the high cost, the self-built network security monitoring center is also unsuccessful and it is difficult to provide better protection. For example, it may be difficult to monitor for a long time because of insufficient manpower allocation, and it is difficult to fully cope with a large-scale attack. Moreover, the resource security resources are also relatively closed and slow to update, and it is difficult to cope with the rapidly changing network attack patterns.

針對上述問題,有業者研發如中華民國發明專利公開第201122895號之「安全監控即時通訊系統與其聯防系統以及聯防方法」、中華民國發明專利公開第201141155號之「結盟型態之分散式網路入侵防禦系統及其方法」,主要是可將多個系統成員整合進行聯防,以改善獨立建置網路安全監控中心無法相互協助、交流、共享資源的問題。但這些前案仍僅提供一般資安服務,並無法彌補已遭受攻擊的損失。In response to the above problems, some companies have developed the "Security Monitoring Instant Messaging System and Its Joint Defense System and Joint Prevention Method" of the Republic of China Invention Patent Disclosure No. 201122895, and the "Distributed Network Intrusion of the Alliance Type" of the Republic of China Invention Patent Publication No. 201141155 The defense system and its methods are mainly to integrate and prevent multiple system members to improve the problem that independent network security monitoring centers cannot assist each other, exchange and share resources. However, these prior cases still only provide general security services and cannot compensate for the losses that have been attacked.

雖目前有業者研發關於電子交易的保險機制,如美國發明專利公開第US 20030046115 A1號之「Insurance method, insurance system, transaction monitoring method, transaction monitoring system, and program」、日本發明專利特開第2000-207453號之「電子商取引システム」。但這些前案僅提供事後彌補的理賠保險,對資安防護效果的提升並無太大實質幫助。Although there are currently practitioners developing insurance mechanisms for electronic transactions, such as "Insurance method, insurance system, transaction monitoring method, transaction monitoring system, and program", US Patent Publication No. US 20030046115 A1, Japanese Invention Patent Special 2000- 207453 "Electronic Commerce Guide". However, these prior cases only provide claims insurance that is compensated afterwards, and there is not much substantial help in improving the effectiveness of security protection.

爰此,本發明人為提供更佳的資安防護機制,而提出一種資安聯防方法,包含下列步驟:一環境建置步驟、一聯防建置步驟及一提供服務步驟。該環境建置步驟係建置一資安管控伺服端。該聯防建置步驟:於一客戶伺服端安裝一資安訊息收集物件,且該資安訊息收集物件透過一網路連接該資安管控伺服端,並使該資安管控伺服端訊號連接至少一聯防伺服端及一保險伺服端,前述聯防伺服端包含一預警與監控伺服端或/及一通報與應變伺服端。該提供服務步驟:使該資安管控伺服端選擇性地與前述聯防伺服端及該保險伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供一聯防服務及一保險服務。Therefore, in order to provide a better security protection mechanism, the present inventors propose a method for joint security prevention, comprising the following steps: an environmental construction step, a joint prevention step, and a service step. The environment construction step is to establish a security control server. The joint defense step: installing a security message collection object on a client server, and the security information collection object is connected to the security control server through a network, and the security control server signal is connected to at least one The joint defense servo end and the insurance servo end, the aforementioned joint defense servo end includes an early warning and monitoring servo end or/and a notification and strain servo end. Providing the service step: causing the security controller to selectively exchange the security message with the security server and the insurance server to obtain a security message to provide a joint defense service to the client server and An insurance service.

進一步,更包含一資安風險評估步驟:以一風險評估模組依據該資安訊息運算一資安風險特徵模型,並依據該資安風險特徵模型計算一資安風險值。Further, a risk assessment step is included: a risk assessment module calculates a security risk model based on the security information, and calculates a security risk value according to the security risk feature model.

進一步,該資安訊息包含一資安日誌(log),該資安風險特徵模型包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。Further, the security information includes a log of a security risk profile including a management risk value, a base security risk value, an information management security value, and an external threat value. .

進一步,更包括一存證步驟:以一存證模組將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端及前述聯防伺服端讀取。Further, the method further includes a depositing step of converting each of the security information into a block of data, the block data being stored in a private blockchain and a public blockchain, the private zone The block chain is used for interfacing with a digital identification system to read the block data. The public blockchain is used to provide the foregoing block data to the client server and the joint defense server for reading.

本發明也是一種資安聯防方法,包含下列步驟:一環境建置步驟、一聯防建置步驟及一提供服務步驟。該環境建置步驟:建置一資安管控伺服端。該聯防建置步驟:於一客戶伺服端安裝一資安訊息收集物件,且該資安訊息收集物件透過一網路連接該資安管控伺服端,並使該資安管控伺服端訊號連接複數聯防伺服端,前述聯防伺服端包含一預警與監控伺服端及一通報與應變伺服端。該提供服務步驟:使該資安管控伺服端選擇性地與前述聯防伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供一聯防服務,該聯防服務包含一資安預警與監控服務及一資安通報與應變服務。The invention is also a method for joint security prevention, comprising the following steps: an environmental construction step, a joint prevention step and a service step. The environment construction step: build a security control server. The joint defense step: installing a security message collection object on a client server, and the security information collection object is connected to the security control server through a network, and the security controller is connected to the server. The servo end, the aforementioned joint defense servo end includes an early warning and monitoring servo end and a notification and strain servo end. Providing the service step: causing the security controller to selectively exchange the security message with the aforementioned anti-server to obtain a security message to provide a joint defense service to the client server, and the defense service includes a Security security and monitoring services and a security notification and response services.

本發明亦為一種資安聯防系統,用於連接至少一客戶伺服端,前述客戶伺服端安裝一資安訊息收集物件,該資安聯防系統包含:至少一聯防伺服端、一保險伺服端及一資安管控伺服端。前述聯防伺服端包含一預警與監控伺服端或/及一通報與應變伺服端。該資安管控伺服端訊號連接前述聯防伺服端及該保險伺服端,並訊號聯接該資安訊息收集物件,該資安管控伺服端用以選擇性地與前述聯防伺服端及該保險伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供下列至少任二服務:一資安預警與監控服務、一資安通報與應變服務、一資安損害保險服務。The invention is also a security security defense system, which is used for connecting at least one client server, and the client server installs a security information collection object, the security security system includes: at least one anti-server, one insurance server and one The security control server. The aforementioned joint defense server includes an early warning and monitoring servo terminal or/and a notification and strain servo terminal. The security control server signal is connected to the joint defense server and the insurance server, and the signal is connected to the security information collection object, and the security control server is used for selectively exchanging with the joint defense server and the insurance server. The security information collection object obtains a security information to provide at least two of the following services to the aforementioned client server: a security warning and monitoring service, a security notification and response service, and a security damage insurance service.

進一步,前述預警與監控伺服端包含一資訊分享與分析中心(ISAC)、一資安監控中心(SOC)、一資安工具提供單位、一電信服務中心、一資安風險評估單位、一資安檢測團隊之任一或組合。Further, the foregoing early warning and monitoring server includes an information sharing and analysis center (ISAC), a security monitoring center (SOC), a security tool providing unit, a telecommunications service center, a security risk assessment unit, and a security Test any or combination of teams.

進一步,前述通報與應變伺服端包含一政府資安資訊分享與分析中心(G-ISAC)、一金融資安中心(F-ISAC)、一資安調查鑑識單位、一資安應變團隊之任一或組合。Further, the aforementioned notification and response server includes a government-funded information sharing and analysis center (G-ISAC), a financial support center (F-ISAC), a funded security investigation and identification unit, and a funded security team. Or a combination.

進一步,更包含一風險評估模組,訊號連接該資安管控伺服端,該風險評估模組用以依據該資安訊息運算一資安風險特徵模型,並依據該資安風險特徵模型計算一資安風險值。Further, a risk assessment module is further included, and the signal is connected to the security control server, and the risk assessment module is configured to calculate a security risk feature model according to the security information, and calculate a capital according to the security risk feature model. Security risk value.

進一步,該資安訊息包含一資安日誌(log),該資安風險特徵模型包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。Further, the security information includes a log of a security risk profile including a management risk value, a base security risk value, an information management security value, and an external threat value. .

進一步,更包含一存證模組,訊號連接該資安管控伺服端,該存證模組用以將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端及前述聯防伺服端讀取。Further, a card storage module is connected to the controller, and the card storage module is configured to convert each of the security messages into a block of data, and the block data is stored in a private block. a chain and a public blockchain, wherein the private blockchain is used for interfacing by a digital identification system to read the block data, and the public blockchain is used to provide the foregoing client data to the client server and the foregoing joint defense The server reads.

本發明可以是一種電腦程式產品,內儲一程式,當電腦載入該程式並執行後,可完成如前述之資安聯防方法。The invention can be a computer program product, which stores a program, and when the computer loads the program and executes it, the following method can be completed.

本發明也可以是一種電腦可讀取紀錄媒體,內儲一程式,當電腦載入該程式並執行後,可完成如前述之資安聯防方法。The invention can also be a computer readable recording medium, which stores a program. When the computer loads the program and executes it, the method can be completed as described above.

根據上述技術特徵可達成以下功效:According to the above technical features, the following effects can be achieved:

1.資安管控伺服端可整合聯防伺服端,而得以提供客戶伺服端較為完善的保護。以改善獨立建置網路安全監控中心無法相互協助、交流、共享資源的問題。1. The security control server can integrate the anti-server, and provide better protection for the client's servo. To improve the independent establishment of network security monitoring centers can not help each other, exchange, and share resources.

2.可提供用於事前預防之資安預警與監控服務、用於應對事件之資安通報與應變服務、用於彌補事件損失之資安損害保險服務之任二以上服務,以提供較完整的資安防護效果。2. Providing more than two services, such as security warning and monitoring services for preventive measures, security notifications and response services for incidents, and security damage insurance services for incident losses, to provide a more complete Security protection effect.

3.資安管控伺服端較佳的是可整合包含保險伺服端之聯防伺服端,而得以提供客戶伺服端聯防及事後彌補的保險機制,讓合作的客戶(例如大型機構、公務機關、銀行等)可獲得較佳的保障。3. The security control server is better able to integrate the anti-server with the insurance server, and provide the insurance mechanism for the customer's server to prevent and compensate afterwards, so that the cooperative customers (such as large institutions, public agencies, banks, etc.) ) Get better protection.

4.提供防護的同時也可提供資安訊息予保險伺服端,以便於在事後易於釐清損害賠償的責任歸屬,降低理賠認定的爭議。4. While providing protection, it can also provide security information to the insurance server, so that it is easy to clarify the liability of damages after the event and reduce the dispute of claim determination.

5.預警與監控伺服端例如可為資訊分享與分析中心(ISAC)、一資安監控中心(SOC)、一資安工具提供單位、一電信服務中心、一資安風險評估單位、一資安檢測團隊等,通報與應變伺服端例如可為政府資安資訊分享與分析中心(G-ISAC)、一金融資安中心(F-ISAC)、一資安調查鑑識單位、一資安應變團隊等,藉由擴大納入聯防的成員,並充分利用不同單位的特性,將可進一步提高聯防的效益。5. The early warning and monitoring server can be, for example, the Information Sharing and Analysis Center (ISAC), the One Security Monitoring Center (SOC), the One-Aid Security Tool Providing Unit, a Telecommunications Service Center, a Security Risk Assessment Unit, and a Security Center. The inspection team, etc., the notification and response server can be, for example, the government's information security sharing and analysis center (G-ISAC), the one-finance financing center (F-ISAC), the one-investigation investigation and identification unit, the one-on-one security response team, etc. By expanding the members of the joint defense and making full use of the characteristics of different units, the benefits of joint prevention will be further enhanced.

6.可由風險評估模組依據資安風險特徵模型判斷客戶伺服端之資安風險值,以便於認定合理的保費。6. The risk assessment module can determine the security risk value of the client's server based on the security risk model to facilitate the identification of reasonable premiums.

7.資安風險特徵模型可依據客戶伺服端之資安訊息來建立,並可依據資安訊息的來源不同(例如來自管理階層、基層、資訊管理、外部威脅等)進行綜合評比,以便於更精確地認定資安風險值,進而可估算更為合理保費。7. The security risk feature model can be established based on the security information of the client's server, and can be comprehensively evaluated according to the source of the security information (such as from management, grassroots, information management, external threats, etc.) to facilitate Accurately identify the value of the security risk, which in turn can estimate more reasonable premiums.

8.運用區塊鏈技術進行資安訊息的備份,降低資安資訊事後遺失、被竄改等問題的可能性,提高備份之資安訊息的可信度,避免造成事後理賠的爭議。8. Use blockchain technology to back up the security information, reduce the possibility of the loss and tampering of the information of the security information, improve the credibility of the backup security information, and avoid disputes arising from the after-the-fact claims.

9.傳統由於保險人與被保險人之間資安風險資訊不對稱,造成保險人對被保險人資安防護能力與風險程度信心薄弱,以致保險費率偏高。但藉由該資安管控伺服端做為第三方,提供被保險人諸如資安監控防護規則、資安訊息與聯防等服務,將可協助提升保險人對於被保險人之資安防護信心,降低資安保險費率,及加速理賠作業流程。9. Traditionally, due to the asymmetry of information on the security risks between the insurer and the insured, the insurer has weak confidence in the insurer's ability to protect and risk, and the insurance premium rate is high. However, by providing the third party as the third party, the service provider, such as the security monitoring and protection rules, the security information and the joint defense, will help improve the insurer’s confidence in the security protection of the insured and reduce The insurance premium rate and the accelerated claims process.

綜合上述技術特徵,本發明資安聯防方法、系統、電腦程式產品及電腦可讀取紀錄媒體的主要功效將可於下述實施例清楚呈現。In combination with the above technical features, the main functions of the method, system, computer program product and computer readable recording medium of the present invention will be clearly shown in the following embodiments.

請先參閱第一圖及第二圖,係揭示本發明實施例資安聯防系統(100),用於連接至少一客戶伺服端(200)(如企業、銀行、公務機關等單位之伺服器,於此由於性質同屬用戶故採用相同元件符號),前述客戶伺服端(200)安裝一資安訊息收集物件(201)(例如日誌收集器),該資安聯防系統(100)包含:複數聯防伺服端(1)、一保險伺服端(10)及一資安管控伺服端(2)。於本實施例中前述聯防伺服端(1)包含一預警與監控伺服端(11)及一通報與應變伺服端(12),但並不以此為限。例如可以僅有該預警與監控伺服端(11)、該通報與應變伺服端(12),而不具有該保險伺服端(10);或者僅有該通報與應變伺服端(12)及該保險伺服端(10);亦或是該預警與監控伺服端(11)及該保險伺服端(10)。該資安管控伺服端(2)訊號連接該資安訊息收集物件(201)及前述聯防伺服端(1)。該資安管控伺服端(2)用以選擇性地與前述聯防伺服端(1)交換該資安訊息收集物件(201)取得之一資安訊息,以對前述客戶伺服端(200)提供一聯防服務及一保險服務,其中該聯防服務包含一資安預警與監控服務及一資安通報與應變服務,該保險服務可包含承保評估或/及理賠服務。但要特別說明的是,並不以提供該保險服務為必要,亦可僅提供資安預警與監控服務、資安通報與應變服務。Referring to the first figure and the second figure, the security security system (100) of the embodiment of the present invention is disclosed for connecting at least one client server (200) (such as a server of a company, a bank, a public service, etc.). In this case, since the same component symbol is used by the same user, the client server (200) installs a security information collection item (201) (for example, a log collector), and the security joint prevention system (100) includes: multiple joint defense The servo terminal (1), a safety servo terminal (10) and a security control server (2). In the embodiment, the joint defense server (1) includes an early warning and monitoring servo end (11) and a notification and strain servo end (12), but is not limited thereto. For example, there may be only the warning and monitoring server (11), the notification and the strain server (12), and not the insurance server (10); or only the notification and strain server (12) and the insurance The servo terminal (10); or the warning and monitoring servo terminal (11) and the insurance servo terminal (10). The security control server (2) signal connects the security message collection object (201) and the aforementioned joint defense server (1). The security controller (2) is configured to selectively exchange the security information collection object (201) with the security server (1) to obtain a security message to provide a service to the client server (200). Joint defense service and one insurance service, wherein the joint defense service includes a security warning and monitoring service and a security notification and response service, which may include underwriting assessment and/or claims service. However, it should be specially stated that it is not necessary to provide the insurance service, and it can also provide only the security warning and monitoring service, the security notification and the response service.

復請參閱第一圖及第二圖,詳細而言,該預警與監控伺服端(11)例如可為資訊分享與分析中心(ISAC)、一資安監控中心(SOC)、一資安工具提供單位、一電信服務中心、一資安風險評估單位、一資安檢測團隊等,該通報與應變伺服端(12)例如可為政府資安資訊分享與分析中心(G-ISAC)、一金融資安中心(F-ISAC)、一資安調查鑑識單位、一資安應變團隊等。藉由擴大納入聯防的成員,將可充分利用不同單位的特性,而提高聯防的效益。舉例來說,可運用電信服務中心進行較佳的流量管控,運用政府資安資訊分享與分析中心獲得重要資安資訊,運用資安工具提供單位可協助克服資安工具技術問題等。該保險伺服端(10)例如為保險機構、保險事業發展中心(保發中心)等可承保或/及核保之伺服器。Please refer to the first figure and the second figure. In detail, the warning and monitoring server (11) can be provided, for example, by the Information Sharing and Analysis Center (ISAC), the SOC, and the security tool. The unit, a telecom service center, a security risk assessment unit, a security inspection team, etc., the notification and response server (12) can be, for example, the government fund information sharing and analysis center (G-ISAC), one gold financing An Center (F-ISAC), a funded security investigation and identification unit, and a funded security team. By expanding the membership of the joint defense, the characteristics of different units can be fully utilized to improve the effectiveness of the joint defense. For example, the Telecommunication Service Centre can be used for better traffic control. The Government Information Security Sharing and Analysis Centre can be used to obtain important information on the security of the information. The use of the IPA tool provider can help overcome the technical problems of the security tool. The insurance server (10) is, for example, a server that can be underwritten or/and underwritten by an insurance institution, an insurance business development center (the security center).

復如第二圖所示,較佳的是,更包含一風險評估模組(3),訊號連接該資安管控伺服端(2)。該風險評估模組(3)用以依據該資安訊息運算一資安風險特徵模型(31),並依據該資安風險特徵模型(31)計算一資安風險值。詳細而言,該資安訊息包含一資安日誌(log),該資安風險特徵模型(31)包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。而得以依據資安訊息的來源不同(例如來自管理階層、基層、資訊管理、外部威脅等)進行綜合評比,以便於更精確地認定資安風險值,進而可估算較為合理保費。As shown in the second figure, it is preferable to further include a risk assessment module (3), and the signal is connected to the security controller (2). The risk assessment module (3) is configured to calculate a security risk model (31) according to the security information, and calculate a security risk value according to the security risk model (31). In detail, the security information includes a log (log), the security risk model (31) includes a management risk value, a grassroots security risk value, an information management security value, and an external threat value. Any or combination of them. It is possible to conduct a comprehensive evaluation based on the source of the information (such as management, grassroots, information management, external threats, etc.) in order to more accurately determine the value of the security risk, and thus estimate the reasonable premium.

復如第二圖所示,較佳的是,更包含一存證模組(4),訊號連接該資安管控伺服端(2),該存證模組(4)用以將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端(200)及前述聯防伺服端(1)讀取。As shown in the second figure, it is preferable to further include a deposit module (4), and the signal is connected to the security controller (2), and the deposit module (4) is used for each asset. The information is converted into a block of data, and the block data is stored in a private blockchain and a public blockchain, and the private blockchain is used for reading a block by a digital identification system. The public blockchain is used to read the foregoing block data to provide the aforementioned client server (200) and the aforementioned joint defense server (1).

續請參閱第三圖,詳細而言,前述客戶伺服端(200)安裝有前述資安訊息收集物件(201)及建立一關鍵基礎設施資訊資產管理資訊(202),該資安訊息收集物件(201)用於收集各項設備或事件之日誌(log)並傳至該資安管控伺服端(2),該關鍵基礎設施資訊資產管理資訊(202)係依據客戶相關資訊軟、硬體設備進行分類、風險評估及建議風險因應之優先等級,以節省客戶相關人力工時,並提升因應作業之時效性。再將該關鍵基礎設施資訊資產管理資訊(202)屬於非機敏資產資訊傳送至該資安管控伺服端(2)儲存作為一關鍵基礎設施資訊資產資訊(20),以針對每位客戶建立專屬之資訊資產。該資安管控伺服端(2)包含一資安監控模組(21)、一預警及通報模組(22)、一資安訊息存證模組(23)、一情資交換模組(24)及前述風險評估模組(3)。該資安監控模組(21)可經由資安威脅資訊規則引擎,分析及過濾前述資安訊息,並在有威脅時發出事件資訊,以藉由該預警及通報模組(22)進行通報及通報相關的客戶端伺服器(200)。該資安訊息存證模組(23)用於同步儲存前述資安訊息,以藉此封存數位證據,當資安事故發生時,且產生損害時,可向前述保險伺服端(10)請求賠償,此時保險伺服端(10)可至該資安訊息存證模組(23)調閱存證資料,以便於鑑識資安事故發生之狀況,作為理賠之參考資料,加速理賠流程。該情資交換模組(24)可與多個國內外之資安資訊分享與分析中心(ISAC)界接,以提供自身之資安情資,或接收國內及國際組織之資安情資。For the continuation, please refer to the third figure. In detail, the aforementioned client server (200) is installed with the aforementioned security information collection object (201) and establishes a key infrastructure information asset management information (202), and the security information collection object ( 201) A log (log) for collecting various devices or events is transmitted to the security control server (2), and the critical infrastructure information asset management information (202) is based on customer related information software and hardware devices. Classification, risk assessment and recommended risk are prioritized to save customers' relevant man-hours and improve the timeliness of the response. The key infrastructure information asset management information (202) is transferred to the security management server (2) and stored as a key infrastructure information asset information (20) to establish exclusive information for each customer. Information assets. The security control server (2) includes a security monitoring module (21), an early warning and notification module (22), a security message storage module (23), and an emotional exchange module (24). ) and the aforementioned risk assessment module (3). The security monitoring module (21) can analyze and filter the aforementioned security information through the security threat information rule engine, and issue event information when there is a threat to notify by the early warning and notification module (22). Notify the relevant client server (200). The security information storage module (23) is used for synchronously storing the aforementioned security information, thereby storing digital evidence, and when the security incident occurs, and the damage occurs, the insurance server (10) may be requested to make compensation. At this time, the insurance server (10) can go to the security information storage module (23) to access the deposit information, in order to identify the situation of the security incident, as a reference for claims, and speed up the claims process. The emotional exchange module (24) can be integrated with a number of domestic and international information security and analysis centers (ISAC) to provide their own security, or to receive the security of domestic and international organizations.

請先參閱第四圖搭配第二圖所示,係揭示本發明實施例資安聯防方法,實施上可建構為一程式並儲存於電腦程式產品或電腦可讀取紀錄媒體。當電腦載入該程式並執行後,可完成前述之資安聯防方法,前述資安聯防方法包含一環境建置步驟(S01)、一聯防建置步驟(S02)及一提供服務步驟(S03)。該環境建置步驟(S01):建置前述資安管控伺服端(2)。Please refer to the fourth figure and the second figure. The method for controlling the security of the embodiment of the present invention is disclosed. The implementation can be constructed as a program and stored in a computer program product or a computer readable recording medium. After the computer is loaded into the program and executed, the aforementioned security joint prevention method can be completed. The foregoing security joint prevention method includes an environment construction step (S01), a joint defense establishment step (S02), and a service providing step (S03). . The environment construction step (S01): the establishment of the aforementioned security control server (2).

參閱第四圖搭配第二圖所示,該聯防建置步驟(S02):於前述客戶伺服端(200)安裝前述資安訊息收集物件(201),且該資安訊息收集物件(201)透過網路連接該資安管控伺服端(2),並使該資安管控伺服端(2)訊號連接前述聯防伺服端(1)及前述保險伺服端(10),前述聯防伺服端(1)包含前述預警與監控伺服端(11)及前述通報與應變伺服端(12)。但並不以此為限。例如可以僅有該預警與監控伺服端(11)、該通報與應變伺服端(12),而不具有該保險伺服端(10);或者僅有該通報與應變伺服端(12)及該保險伺服端(10);亦或是該預警與監控伺服端(11)及該保險伺服端(10)。Referring to the fourth figure and the second figure, the joint defense step (S02): installing the aforementioned security information collection item (201) on the client server (200), and the security information collection object (201) is transmitted through The network connection is connected to the security control server (2), and the security control server (2) signal is connected to the joint defense server (1) and the aforementioned insurance server (10), and the joint defense server (1) includes The aforementioned warning and monitoring servo terminal (11) and the aforementioned notification and strain servo terminal (12). But it is not limited to this. For example, there may be only the warning and monitoring server (11), the notification and the strain server (12), and not the insurance server (10); or only the notification and strain server (12) and the insurance The servo terminal (10); or the warning and monitoring servo terminal (11) and the insurance servo terminal (10).

參閱第四圖搭配第二圖所示,該提供服務步驟(S03):使該資安管控伺服端(2)選擇性地與前述聯防伺服端(1)及該保險伺服端(10)交換該資安訊息收集物件(201)取得之一資安訊息,以對前述客戶伺服端(200)提供下列至少任二服務:一資安預警與監控服務、一資安通報與應變服務、一資安損害保險服務。於本實施例中可三者兼具,但並不以此為限,例如可以僅有該資安預警與監控服務及該資安通報與應變服務,或者僅有該資安通報與應變服務及該資安損害保險服務,亦或是該資安預警與監控服務及該資安損害保險服務。Referring to the fourth figure and the second figure, the providing service step (S03): causing the security controller (2) to selectively exchange the same with the aforementioned defense server (1) and the insurance server (10). The Security Information Collection (201) obtained a security information to provide at least two of the following services to the aforementioned client server (200): a security warning and monitoring service, a security notification and response service, and a security Damage insurance services. In this embodiment, the three can be combined, but not limited thereto. For example, only the security warning and monitoring service and the security notification and response service, or only the security notification and response service, The security damage insurance service is also the security warning and monitoring service and the security damage insurance service.

續請參閱第五圖搭配第二圖,較佳的是,更包含一資安風險評估步驟(S04):以一風險評估模組(3)依據該資安訊息運算一資安風險特徵模型(31),並依據該資安風險特徵模型(31)計算一資安風險值。詳細而言,該資安訊息包含一資安日誌(log),該資安風險特徵模型(31)包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。而得以依據資安訊息的來源不同(例如來自管理階層、基層、資訊管理、外部威脅等)進行綜合評比,以便於更精確地認定資安風險值,進而可估算較為合理保費。詳細而言,該資安風險評估步驟(S04)包含一建立資安風險特徵模型子步驟(S041)、一評估資安風險值子步驟(S042)及一計算資安風險值子步驟(S043)。For the continuation, please refer to the fifth figure with the second picture. Preferably, it further includes a security risk assessment step (S04): using a risk assessment module (3) to calculate a security risk model based on the security information ( 31), and calculate the value of a security risk based on the security risk model (31). In detail, the security information includes a log (log), the security risk model (31) includes a management risk value, a grassroots security risk value, an information management security value, and an external threat value. Any or combination of them. It is possible to conduct a comprehensive evaluation based on the source of the information (such as management, grassroots, information management, external threats, etc.) in order to more accurately determine the value of the security risk, and thus estimate the reasonable premium. In detail, the security risk assessment step (S04) includes a sub-step of establishing a security risk characteristic model (S041), an evaluation sub-step of the security risk value (S042), and a sub-step of calculating the security risk value (S043) .

續請參閱第五圖搭配第二圖,該建立資安風險特徵模型子步驟(S041)中,是依據大數據資料分析技術,將一資訊資產分類及一資安日誌分析後建立前述資安風險特徵模型。具體來說,在資安聯防體系下,先依行業別屬性建立行業群組資安資料集,包括一資訊資產及基於資安監控需要產出之一資安日誌(Log)。該資訊資產依屬性分類,如伺服器硬體、伺服器作業系統、系統軟體、資料庫軟體、應用系統軟體、終端設備等。該資安日誌:一般資安日誌解析出的內容可區分為行為者(Who)、何時(When)、動作(Do)、作用(Use)(解析實例另請配合參閱第六圖所示)。接著,形塑前述資安風險特徵模型(31),依該資訊資產之分類及解析之該資安日誌,前述資安風險特徵模型(31)之風險特徵如下:特徵一:歸納可能引發資安風險之員工行為(用於統計前述基層資安風險值),如辦公區AD Log 資安政策違反的日誌量(如:密碼錯誤量) 、全公司防毒軟體觸發的警報數(以每人每月平均計)、同一品牌Proxy Log員工Hit黑名單或可疑網站的數量(以不同公司每位員工平均每月計)等。特徵二:系統管理者行為(用於統計前述基層資安風險值),系統管理者如有引發資安風險之行為,其風險及影響性更大,如管理員電腦的IP每月或每年平均中毒警訊數、管理員電腦的IP Proxy 黑名單阻擋量等。特徵三:資訊安全管理面(用於統計前述資訊管理安全值),歸納行業群組各企業個體在系統安全管理面之資訊,如系統服務區AD Log 資安政策違反的量(如:密碼錯誤量)、資料庫區防火牆內部存取Deny量、管理網段Firewall Deny數量、系統服務區網段的病毒觸發數(每年每台伺服器作業系統平均觸發病毒數)、資料外洩(DLP)違反政策的數量、辦公區同仁防毒軟體觸發的警報數(以每人每月平均計)。特徵四:外部威脅(用於統計前述外部威脅值),由資安日誌可歸納出之外部威脅、如IPS的Block數量垃圾郵件或病毒郵件數量、Web Access Log量等。For the continuation, please refer to the fifth figure with the second picture. The sub-step (S041) of establishing the security risk feature model is based on the big data data analysis technology, and the information security asset classification and the information security log are analyzed to establish the aforementioned security risks. Feature model. Specifically, under the security and security system, the industry group resource security data set is first established according to the industry attributes, including an information asset and a log based on the resource security monitoring needs. The information assets are classified according to attributes, such as server hardware, server operating system, system software, database software, application system software, and terminal equipment. The security log: The content analyzed by the general security log can be divided into the actor (Who), the when (When), the action (Do), and the role (Use) (for the analysis example, please refer to the sixth figure). Then, shaping the aforementioned Zi'an risk characteristic model (31), according to the information asset classification and analysis of the security log, the risk characteristics of the aforementioned Zian risk feature model (31) are as follows: Feature 1: Induction may trigger security Risk of employee behavior (used to calculate the aforementioned basic security risk value), such as the amount of logs violated by the office AD Log security policy (eg, password error amount), the number of alarms triggered by company-wide anti-virus software (in per person per month) Average count), the number of Proxy Log employees' Hit blacklists or suspicious websites of the same brand (average monthly for each employee in different companies). Feature 2: System administrator behavior (used to calculate the aforementioned basic security risk value). If the system administrator has the behavior of initiating the security risk, the risk and impact are greater, such as the monthly or annual average of the administrator's computer IP. The number of poisoning alarms, the IP Proxy blacklist blocking amount of the administrator's computer, and so on. Feature 3: Information security management surface (used to count the aforementioned information management security value), summarizing the information of each enterprise entity in the system security management system, such as the amount of violation of the AD Log security policy in the system service area (eg password error) Quantity), database access internal Deny amount, management network segment Firewall Deny number, system service area network segment virus trigger number (average number of viruses triggered per server operating system per year), data leakage (DLP) violation The number of policies, the number of alerts triggered by the office's peer anti-virus software (on an average per person per month). Feature 4: External threats (used to count the aforementioned external threat values), external threats that can be summarized by the security log, such as the number of IPS's Block spam or virus mail, and the amount of Web Access Log.

續請參閱第五圖搭配第二圖,該評估資安風險值子步驟(S042)及該計算資安風險值子步驟(S043)中,是依據行業別建立之前述資安風險特徵模型(31),再輸入個別企業之資安資料集,而產生企業之資安風險特徵之風險值。接著再將前述資安風險特徵模型(31)之不同特徵值(如前述特徵一至特徵四)賦予不同權重,例如可預設前述特徵一至特徵四皆各占總分25%,或者依照實際需求予以調整,最後由該風險評估模組(3)計算出資安風險值。由該風險評估模組(3)計算之資安風險值,再依資安風險值分佈,提供該保險伺服端(10)核定資安保險費率之依據,每年並可依企業資安風險值,作為資安保險保費加減費參考,如資安風險值提高一等級,保費可減費,反之,應予加費,可激勵企業強化資安防護,並改善整體資安防護,免除資安威脅。For the continuation, please refer to the fifth figure with the second picture. The sub-step of evaluating the security risk value (S042) and the sub-step of calculating the security risk value (S043) are based on the aforementioned model of the security risk model established by the industry (31). ), and then enter the asset security data set of the individual enterprise, and generate the risk value of the enterprise's security risk characteristics. Then, different characteristic values (such as the foregoing feature 1 to feature 4) of the aforementioned security risk feature model (31) are assigned different weights. For example, the foregoing feature 1 to feature 4 may each be set to 25% of the total score, or according to actual needs. After adjustment, the risk assessment module (3) finally calculates the value of the security risk. The value of the security risk calculated by the risk assessment module (3), based on the distribution of the risk value of the security, provides the basis for the insurance server (10) to verify the insurance premium rate, which can be based on the enterprise security risk value each year. As a reference for the increase and decrease of insurance premiums, if the risk value of the security is increased by one level, the premium can be reduced. Conversely, the fee should be increased to encourage the enterprise to strengthen the security protection and improve the overall security protection and avoid the threat of security. .

續請參閱第七圖搭配第二圖,較佳的是,更包括一存證步驟(S05):以一存證模組(4)將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端(200)及前述聯防伺服端(1)讀取。For the continuation, please refer to the seventh figure and the second figure. Preferably, the method further includes a deposit verification step (S05): converting each of the security information into a block data by using a deposit module (4). The block data is stored in a private blockchain and a public blockchain, and the private blockchain is used for interfacing by a digital identification system to read the block data, and the public blockchain is used to block the block. The data is provided for reading by the aforementioned client server (200) and the aforementioned joint defense server (1).

續請參閱第七圖搭配第二圖,詳細而言,該存證步驟(S05)包含一產生區塊資料子步驟(S051)、一建立私有區塊鏈子步驟(S052)及一公有區塊鏈子步驟(S053)。該產生區塊資料子步驟(S051)是先將該客戶伺服端(200)之資安日誌資料以串流資料傳送至該資安管控伺服端(2),由該資安管控伺服端(2)之存證模組(4)轉換一區塊資料。該資安日誌是以串流資料記錄,無需仰賴格式化之訊息設計,即可記錄存證內容。該建立私有區塊鏈子步驟(S052)是運用於1對1或1對多的訊息傳遞,提供多參與者的運算環境,可用於聯防體系統下的多企業體、多系統、多點之共同參與,建構為彈性參與的環境。運用區塊鏈結特性,使數位證據無法被破壞,簡化證據保存程序,日後可透過數學運算方式驗證所提存資料之不可否認性,而強化了證據力。該私有區塊鏈可提供一般數位鑑識系統介接,存取日誌存證資料,以作為資安事件調查鑑識使用。資安日誌產生之區塊資料存證於私有區塊鏈的同時,亦置入數位鑑識系統。確保在1對多的應用時,所有處理者都能得到相同順序資料。數位鑑識人員可透過數位鑑識系統或直接連線至資安日誌存證私有區塊鏈調閱資料,由系統進行數學特徵值運算,確保查核資料之證據力。該公有區塊鏈子步驟(S053)是每日將區塊資料透過簡化後,計算得出的區塊特徵值,儲存於公開區塊鏈。將資安日誌特徵值是公開在參與者間保存,以共同持有方式,確認日後之可稽核與可驗證性。外部公開之任何區塊鏈系統,運用區塊鏈之特性,強化數位資料之證據力,提高數位鑑識的效率。Please refer to the seventh figure and the second figure. In detail, the depositing step (S05) includes a generating block data sub-step (S051), a establishing a private block chain step (S052), and a public block chain. Step (S053). The generating block data sub-step (S051) first transmits the security log data of the client server (200) to the security control server (2) by using the streaming data, and the server is controlled by the security controller (2). The deposit module (4) converts a block of data. The security log is recorded by streaming data, and the content of the certificate can be recorded without relying on the formatted message design. The step of establishing a private blockchain (S052) is applied to the one-to-one or one-to-one message transmission, and provides a multi-participant computing environment, which can be used for multi-enterprise, multi-system, multi-point common under the joint defense system. Participate and construct an environment of flexible participation. Using the characteristics of blockchain, the digital evidence can not be destroyed, simplifying the evidence preservation procedure, and in the future, the non-repudiation of the deposited data can be verified through mathematical operations, and the evidence power is strengthened. The private blockchain can provide a general digital identification system to access and access the log storage information for use as a security investigation. The block data generated by the Zi'an log is stored in the private blockchain and is also placed in the digital identification system. Ensure that all processors get the same order data in a one-to-many application. Digital forensic personnel can access the data through the digital identification system or directly to the private blockchain of the Zi'an log deposit, and the system performs mathematical eigenvalue calculations to ensure the evidence of the data. The public block chain step (S053) is a block feature value calculated by simplifying the block data per day and stored in the public blockchain. The characteristic value of the security log is publicly stored among the participants, and the arbitrability and verifiability of the future are confirmed by the common holding method. Any blockchain system that is publicly disclosed externally uses the characteristics of the blockchain to enhance the evidence of digital data and improve the efficiency of digital forensics.

綜合上述實施例之說明,當可充分瞭解本發明之操作、使用及本發明產生之功效,惟以上所述實施例僅係為本發明之較佳實施例,當不能以此限定本發明實施之範圍,即依本發明申請專利範圍及發明說明內容所作簡單的等效變化與修飾,皆屬本發明涵蓋之範圍內。In view of the foregoing description of the embodiments, the operation and the use of the present invention and the effects of the present invention are fully understood, but the above described embodiments are merely preferred embodiments of the present invention, and the invention may not be limited thereto. Included within the scope of the present invention are the scope of the present invention.

(100)‧‧‧資安聯防系統(100) ‧‧‧ Security Security System

(200)‧‧‧客戶伺服端(200)‧‧‧Customer server

(201)‧‧‧資安訊息收集物件(201) ‧ ‧ ‧ Security Information Collection Objects

(202)‧‧‧關鍵基礎設施資訊資產管理資訊(202) ‧‧‧Key Infrastructure Information Asset Management Information

(1)‧‧‧聯防伺服端(1) ‧ ‧ joint defense server

(11)‧‧‧預警與監控伺服端(11) ‧‧‧Warning and monitoring server

(12)‧‧‧通報與應變伺服端(12) ‧‧‧Notification and strain server

(10)‧‧‧保險伺服端(10) ‧‧‧ insurance server

(2)‧‧‧資安管控伺服端(2) ‧ ‧ ‧ security control server

(20)‧‧‧關鍵基礎設施資訊資產資訊(20) ‧‧‧Key Infrastructure Information Asset Information

(21)‧‧‧資安監控模組(21) ‧‧‧ Security Monitoring Module

(22)‧‧‧預警及通報模組(22) ‧ ‧ Early warning and notification module

(23)‧‧‧資安訊息存證模組(23) ‧‧‧ Security Information Depository Module

(24)‧‧‧情資交換模組(24) ‧‧‧Sex exchange module

(3)‧‧‧風險評估模組(3) ‧ ‧ risk assessment module

(31)‧‧‧資安風險特徵模型(31) ‧ ‧ ‧ security risk characterization model

(4)‧‧‧存證模組(4) ‧‧‧Certificate module

(S01)‧‧‧環境建置步驟(S01) ‧ ‧ Environmental Construction Steps

(S02)‧‧‧聯防建置步驟(S02) ‧ ‧ joint defense implementation steps

(S03)‧‧‧提供服務步驟(S03)‧‧‧Provide service steps

(S04)‧‧‧資安風險評估步驟(S04) ‧‧ ‧ security risk assessment steps

(S041)‧‧‧建立資安風險特徵模型子步驟(S041) ‧ ‧ Establish sub-steps of the security risk model

(S042)‧‧‧評估資安風險值子步驟(S042) ‧ ‧ sub-steps for assessing the risk value of security

(S043)‧‧‧計算資安風險值子步驟(S043) ‧‧‧ Sub-steps for calculating the risk value of security

(S05)‧‧‧存證步驟(S05) ‧ ‧ § deposit procedure

(S051)‧‧‧產生區塊資料子步驟(S051) ‧‧‧ Generate block data substeps

(S052)‧‧‧建立私有區塊鏈子步驟(S052) ‧ ‧ Establishing a private blockchain step

(S053)‧‧‧公有區塊鏈子步驟(S053) ‧ ‧ public block chain steps

[第一圖]係本發明實施例之主要系統架構示意圖。 [第二圖]係本發明實施例之系統方塊示意圖。 [第三圖]係本發明實施例之詳細系統方塊示意圖。 [第四圖]係本發明實施例之主要步驟流程示意圖。 [第五圖]係本發明實施例風險評估之步驟流程示意圖。 [第六圖]係本發明實施例風險評估中資安日誌之解析狀態示意圖。 [第七圖]係本發明實施例存證之步驟流程示意圖。[First figure] is a schematic diagram of a main system architecture of an embodiment of the present invention. [Second figure] is a block diagram of a system according to an embodiment of the present invention. [Third Figure] is a detailed system block diagram of an embodiment of the present invention. [Fourth Diagram] is a schematic flow chart of the main steps of the embodiment of the present invention. [Fifth Diagram] is a schematic flow chart of the steps of the risk assessment of the embodiment of the present invention. [Sixth Graph] is a schematic diagram of the analysis state of the security log in the risk assessment of the embodiment of the present invention. [Seventh figure] is a schematic flow chart of the steps of the present invention.

Claims (15)

一種資安聯防方法,包含下列步驟: 一環境建置步驟:建置一資安管控伺服端; 一聯防建置步驟:於一客戶伺服端安裝一資安訊息收集物件,且該資安訊息收集物件透過一網路連接該資安管控伺服端,並使該資安管控伺服端訊號連接至少一聯防伺服端及一保險伺服端,前述聯防伺服端包含一預警與監控伺服端或/及一通報與應變伺服端; 一提供服務步驟:使該資安管控伺服端選擇性地與前述聯防伺服端及該保險伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供一聯防服務及一保險服務。A security joint prevention method includes the following steps: an environment construction step: establishing a security control server; a joint defense construction step: installing a security information collection object on a client server, and the security information collection The object connects the security control server through a network, and connects the security control server signal to at least one anti-server and one insurance server. The anti-server includes an early warning and monitoring server or/and a notification. And providing a service step: causing the security controller to selectively exchange the security message with the aforementioned defense server and the insurance server to obtain a security message for the foregoing client server Provide a joint defense service and an insurance service. 如申請專利範圍第1項所述之資安聯防方法,其中,前述預警與監控伺服端包含一資訊分享與分析中心(ISAC)、一資安監控中心(SOC)、一資安工具提供單位、一電信服務中心、一資安風險評估單位、一資安檢測團隊之任一或組合。For example, the above-mentioned early warning and monitoring server includes an information sharing and analysis center (ISAC), a security monitoring center (SOC), and a security tool providing unit. Any one or combination of a telecom service center, a security risk assessment unit, and a security inspection team. 如申請專利範圍第2項所述之資安聯防方法,其中,前述通報與應變伺服端包含一政府資安資訊分享與分析中心(G-ISAC)、一金融資安中心(F-ISAC)、一資安調查鑑識單位、一資安應變團隊之任一或組合。For example, in the application for patent security, the above-mentioned notification and response server includes a government fund information sharing and analysis center (G-ISAC) and a financial financing center (F-ISAC). Any one or combination of the one-investigation investigation and identification unit and the one-on-one security response team. 如申請專利範圍第1項所述之資安聯防方法,更包含一資安風險評估步驟:以一風險評估模組依據該資安訊息運算一資安風險特徵模型,並依據該資安風險特徵模型計算一資安風險值。For example, the security joint prevention method described in item 1 of the patent application scope includes a risk assessment step: a risk assessment module calculates a security risk model based on the security information, and according to the security risk characteristics The model calculates the value of a security risk. 如申請專利範圍第4項所述之資安聯防方法,其中,該資安訊息包含一資安日誌(log),該資安風險特徵模型包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。For example, the security security prevention method described in claim 4, wherein the security information includes a log (log), the security risk characteristic model includes a management risk value, a grassroots security risk value, An information management security value, an external threat value, or a combination thereof. 如申請專利範圍第1項所述之資安聯防方法,更包括一存證步驟:以一存證模組將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端及前述聯防伺服端讀取。For example, the security joint prevention method described in item 1 of the patent application scope includes a deposit verification step: converting each security information into a block data by using a deposit module, the block data being separately stored in a private a blockchain and a public blockchain for reading a block information by a digital identification system for providing the foregoing block data to the client server and The aforementioned joint defense server reads. 一種資安聯防方法,包含下列步驟: 一環境建置步驟:建置一資安管控伺服端; 一聯防建置步驟:於一客戶伺服端安裝一資安訊息收集物件,且該資安訊息收集物件透過一網路連接該資安管控伺服端,並使該資安管控伺服端訊號連接複數聯防伺服端,前述聯防伺服端包含一預警與監控伺服端及一通報與應變伺服端; 一提供服務步驟:使該資安管控伺服端選擇性地與前述聯防伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供一聯防服務,該聯防服務包含一資安預警與監控服務及一資安通報與應變服務。A security joint prevention method includes the following steps: an environment construction step: establishing a security control server; a joint defense construction step: installing a security information collection object on a client server, and the security information collection The object is connected to the security control server through a network, and the security controller is connected to the plurality of anti-servers, and the anti-server includes an early warning and monitoring servo and a notification and response servo; Step: the security control server selectively exchanges the security information collection object with the aforementioned anti-server to obtain a security message to provide a joint defense service to the client server, and the defense service includes a security warning And monitoring services and a security notification and response services. 一種資安聯防系統,用於連接至少一客戶伺服端,前述客戶伺服端安裝一資安訊息收集物件,該資安聯防系統包含: 至少一聯防伺服端及一保險伺服端,前述聯防伺服端包含一預警與監控伺服端或/及一通報與應變伺服端;及 一資安管控伺服端,訊號連接前述聯防伺服端及該保險伺服端,並訊號聯接該資安訊息收集物件,該資安管控伺服端用以選擇性地與前述聯防伺服端及該保險伺服端交換該資安訊息收集物件取得之一資安訊息,以對前述客戶伺服端提供下列至少任二服務:一資安預警與監控服務、一資安通報與應變服務、一資安損害保險服務。A security joint defense system for connecting at least one client server, wherein the client server installs a security message collection object, the security prevention system includes: at least one anti-server and one insurance server, and the foregoing anti-server includes An early warning and monitoring servo terminal or/and a notification and strain servo terminal; and a security control server, the signal is connected to the aforementioned joint defense server and the insurance server, and the signal is connected to the security information collection object, the security control The server is configured to selectively exchange the security information with the foregoing anti-server and the insurance server to obtain a security message to provide the following client server with at least any of the following services: a security warning and monitoring Services, one-off security notification and response services, and a security damage insurance service. 如申請專利範圍第8項所述之資安聯防系統,其中,前述預警與監控伺服端包含一資訊分享與分析中心(ISAC)、一資安監控中心(SOC)、一資安工具提供單位、一電信服務中心、一資安風險評估單位、一資安檢測團隊之任一或組合。For example, in the application for the patent security scope item 8, the aforementioned warning and monitoring server includes an information sharing and analysis center (ISAC), a security monitoring center (SOC), and a security equipment providing unit. Any one or combination of a telecom service center, a security risk assessment unit, and a security inspection team. 如申請專利範圍第9項所述之資安聯防系統,其中,前述通報與應變伺服端包含一政府資安資訊分享與分析中心(G-ISAC)、一金融資安中心(F-ISAC)、一資安調查鑑識單位、一資安應變團隊之任一或組合。For example, in the application for the patent security scope item 9, the aforementioned notification and response server includes a government fund information sharing and analysis center (G-ISAC) and a financial security center (F-ISAC). Any one or combination of the one-investigation investigation and identification unit and the one-on-one security response team. 如申請專利範圍第8項所述之資安聯防系統,更包含一風險評估模組,訊號連接該資安管控伺服端,該風險評估模組用以依據該資安訊息運算一資安風險特徵模型,並依據該資安風險特徵模型計算一資安風險值。For example, the security security system described in item 8 of the patent application scope further includes a risk assessment module, and the signal is connected to the security control server, and the risk assessment module is configured to calculate a security risk characteristic according to the security information. The model calculates the risk value of the security based on the security risk model. 如申請專利範圍第11項所述之資安聯防系統,其中,該資安訊息包含一資安日誌(log),該資安風險特徵模型包含一管理階層風險值、一基層資安風險值、一資訊管理安全值、一外部威脅值之任一或組合。For example, the security security prevention system described in claim 11 of the patent scope, wherein the security information includes a log (log), the security risk characteristic model includes a management risk value, a grassroots security risk value, An information management security value, an external threat value, or a combination thereof. 如申請專利範圍第8項所述之資安聯防系統,更包含一存證模組,訊號連接該資安管控伺服端,該存證模組用以將每一個資安訊息轉換為一區塊資料,該區塊資料分別儲存於一私有區塊鏈及一公有區塊鏈,該私有區塊鏈用以供一數位鑑識系統介接而讀取該區塊資料,該公有區塊鏈用以將前述區塊資料提供前述客戶伺服端及前述聯防伺服端讀取。For example, the security security system described in item 8 of the patent application scope further includes a deposit certificate module, and the signal is connected to the security control server, and the deposit verification module is used to convert each security message into a block. The data of the block is stored in a private blockchain and a public blockchain. The private blockchain is used for interfacing by a digital identification system to read the block data. The public blockchain is used to read the block data. The foregoing block data is provided for reading by the aforementioned client server and the aforementioned joint defense server. 一種電腦程式產品,內儲一程式,當電腦載入該程式並執行後,可完成如請求項第1項至第7項中任一項所述之資安聯防方法。A computer program product, in which a program is stored, and when the computer is loaded into the program and executed, the security joint prevention method described in any one of items 1 to 7 of the claim can be completed. 一種電腦可讀取紀錄媒體,內儲一程式,當電腦載入該程式並執行後,可完成如請求項第1項至第7項中任一項所述之資安聯防方法。A computer readable recording medium storing a program, and when the computer is loaded into the program and executed, the security prevention method described in any one of items 1 to 7 of the claim can be completed.
TW106130323A 2017-09-05 2017-09-05 Guardian security methods, systems, computer program products and computer readable recording media TWI667589B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106130323A TWI667589B (en) 2017-09-05 2017-09-05 Guardian security methods, systems, computer program products and computer readable recording media

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106130323A TWI667589B (en) 2017-09-05 2017-09-05 Guardian security methods, systems, computer program products and computer readable recording media

Publications (2)

Publication Number Publication Date
TW201913440A true TW201913440A (en) 2019-04-01
TWI667589B TWI667589B (en) 2019-08-01

Family

ID=66991978

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106130323A TWI667589B (en) 2017-09-05 2017-09-05 Guardian security methods, systems, computer program products and computer readable recording media

Country Status (1)

Country Link
TW (1) TWI667589B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI744864B (en) * 2020-04-16 2021-11-01 台灣物聯網股份有限公司 Monitoring system and method for transaction security
TWI736258B (en) * 2020-05-11 2021-08-11 臺灣銀行股份有限公司 Device enhancement order analysis method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4378064B2 (en) * 2001-08-29 2009-12-02 インターナショナル・ビジネス・マシーンズ・コーポレーション Transaction monitoring method, transaction monitoring system, and recording medium
TW201122895A (en) * 2009-12-30 2011-07-01 Trade Van Information Services Co Security operation and instant messaging system, its union defense system and union defense method.
TW201141155A (en) * 2010-05-14 2011-11-16 Nat Univ Chin Yi Technology Alliance type distributed network intrusion prevention system and method thereof
TW201705035A (en) * 2015-07-23 2017-02-01 Chunghwa Telecom Co Ltd Method and system for rapidly screening information security risk hosts rapidly screening hosts with high hacking risks through various hacking indexes analyzed by a hacking risk analysis module
TWM555500U (en) * 2017-09-05 2018-02-11 Trade Van Information Services Co Info-security joint defense system

Also Published As

Publication number Publication date
TWI667589B (en) 2019-08-01

Similar Documents

Publication Publication Date Title
US11886575B1 (en) Methods and systems for fraud containment
TWM555500U (en) Info-security joint defense system
US11706247B2 (en) Detection and prevention of external fraud
Ryu et al. A blockchain-based decentralized efficient investigation framework for IoT digital forensics
US11265350B2 (en) Cyber risk analysis and remediation using network monitored sensors and methods of use
Moreno-Sanchez et al. Listening to whispers of ripple: Linking wallets and deanonymizing transactions in the ripple network
Saini et al. Cyber-crimes and their impacts: A review
Franklin et al. An inquiry into the nature and causes of the wealth of internet miscreants.
US20050257045A1 (en) Secure messaging system
Cross et al. Exploiting trust for financial gain: An overview of business email compromise (BEC) fraud
Das et al. Stock market response to information security breach: A study using firm and attack characteristics
Rantala Cybercrime against businesses, 2005
US11087334B1 (en) Method and system for identifying potential fraud activity in a tax return preparation system, at least partially based on data entry characteristics of tax return content
CN111598574A (en) Intelligent service transaction oriented supervision method and supervision interface
US11637870B2 (en) User responses to cyber security threats
Glaessner et al. Electronic Security: Risk Mitigation in Financial Transactions: Public Policy Issues
TWI667589B (en) Guardian security methods, systems, computer program products and computer readable recording media
Gallaher et al. Cyber security: Economic strategies and public policy alternatives
KR101998986B1 (en) A method and apparatus for preventing ransomware using blockchain
Ambhire et al. Information security in banking and financial industry
US20230396640A1 (en) Security event management system and associated method
Hussien et al. An overview of fraud applications and software on social media
Huang Research on e-commerce security in data and cloud computing environment
Van Eeten et al. Damages from internet security incidents: A framework and toolkit for assessing the economic costs of security breaches
Maulana et al. Designing a Smart Mobile Application to Detect Fraud Theft of E-Banking Access Based on SOA In Indonesia