CN105844169A - Method and device for information safety metrics - Google Patents
Method and device for information safety metrics Download PDFInfo
- Publication number
- CN105844169A CN105844169A CN201510020740.6A CN201510020740A CN105844169A CN 105844169 A CN105844169 A CN 105844169A CN 201510020740 A CN201510020740 A CN 201510020740A CN 105844169 A CN105844169 A CN 105844169A
- Authority
- CN
- China
- Prior art keywords
- risk
- index
- data
- value
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and a device for information safety metrics. The method comprises: obtaining information safety associated data; analyzing the safety associated data to obtain safety risk data corresponding to each operational indicator; and according to the safety risk data, determining the risk value corresponding to each operational indicator.
Description
Technical field
The present invention relates to the safe practice of field of information processing, particularly relate to a kind of information security measure and
Device.
Background technology
Along with electronic technology and the development of communication technology, electronic equipment and the Internet create substantial amounts of data,
The obvious safe operation how ensureing these data is the key utilizing these information to complete specific function.
Generally when ensuring information security, first current information will be monitored the most safely and measure;Its
Secondary corresponding security strategy will be used to carry out safe handling and guarantee according to current monitor and the result of tolerance.
The tolerance of existing information security mainly from the assets value factor of information system, the weakness of information system because of
The factors such as element and the outer wechat of system are monitored and measure.
Following two formula is the value-at-risk that prior art vacuum metrics information system currently can suffer from;
Value-at-risk (R)=assets value (S) × weakness value (V) × threat value (T)
Value-at-risk (R)=assets value (S) × weakness value (V) × threat value (T)/safety measure (P).
Said method can measure out the risk that information system is currently suffered to a certain extent;But storage
Problems with can cause the degree of accuracy of risk measurement result to be had a greatly reduced quality.
One, existing security measure system is for whole system, it is impossible to specific to certain some letter of information system
Breath or certain some application, it is clear that practicality is inadequate, the when of carrying out security management and control according to measurement results, target
Too big to happiness, and may cause cannot accurately carrying out management and control targetedly.
Two, the basis of existing security measure system is dynamic, and tolerance is required for doing substantial amounts of beam worker every time
Making, security measure efficiency is low.
Existing security measure system is based on assets, threat, these risk three elements of weakness, the value of information assets
Rely on and business, typically will not change, and the threat that information assets faces, it is weak that assets self exist
Point, can change, as well as system user to being along with the change of system external environment and the growth of time
System constantly operates with or rectifies and improves reinforcing and changes.Once threatening or weakness changes, risk is also
Will and then change.Therefore after a period of time, the risk measurement result being previously calculated will lose efficacy, and needs weight
The new situation of change analyzing risk, gauging system security risk again, to ensure the effectiveness of security measure.
Three, existing method is limited only to the information system that scale is less, it is impossible to the letter that accuracy amount is larger
Breath security of system situation.
The factor that existing metric relies on is dynamic, when facing fairly large system, is relied on
Factor change is the most complicated, and now carrying out security measure needs the factor considered too many, is difficult to true reflection
The safe condition of scale complex system.But iff relying on single factors, as only from threatening or weakness angle
Degree tolerance, for a certain specific threat or weakness, although the index result drawn is relatively accurate, but relatively
Unilateral, it is impossible to the security situation of reflection whole system.
Four, at the bottom of existing security measure system measurement automation degree, occur at system end (risk elements)
During change, it is impossible to reflection is to index result automatically.
Summary of the invention
In view of this, embodiment of the present invention expectation provides a kind of information security measure and device, to improve
The accuracy of security measure and practicality.
For reaching above-mentioned purpose, the technical scheme is that and be achieved in that:
Embodiment of the present invention first aspect provides a kind of information security measure, and described method includes:
Obtain information security associated data;
Resolve the described security association data acquisition security risk data corresponding to each operational indicator;
The value-at-risk that each operational indicator is corresponding is determined according to described security risk data.
Preferably,
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior
Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described according to described security risk data determine value-at-risk corresponding to each operational indicator include following at least
One of them:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Preferably,
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, bag
Include:
The described security risk number that the described security risk data obtained in n-th moment obtained with the (n-1)th moment
According to comparing, form comparative result;Wherein, described n is the integer not less than 2;Described n-th moment
It is later than described (n-1)th moment;
Amount of change is determined whether according to comparative result;
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, including:
When relating to the amount of change that value-at-risk calculates, use amount of change analysis strategy that described amount of change is carried out
Numerical quantization;
Described value-at-risk is determined according to described numerical quantization.
Preferably,
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, also include:
When the amount of change calculated without reference to value-at-risk, return the step obtaining described information security associated data
Suddenly.
Preferably,
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, also
Including:
Screen the described security association data acquisition security risk data corresponding to each operational indicator.
Preferably,
Described foundation comparative result determines whether amount of change, including:
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different
When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter
Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first
When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
Embodiment of the present invention second aspect provides a kind of information security measurement apparatus, and described device includes:
Acquiring unit, is used for obtaining information security associated data;
Resolution unit, for resolving the described security association data acquisition safety wind corresponding to each operational indicator
Danger data;
Determine unit, for determining, according to described security risk data, the value-at-risk that each operational indicator is corresponding.
Preferably,
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior
Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described determine unit, specifically for determining described business conduct index pair according to described security risk data
The value-at-risk answered, and/or determine, according to described security risk data, the risk that described operation flow index is corresponding
Value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Preferably,
Described resolution unit, including:
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment
Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2;
Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit, specifically for when relating to the amount of change that value-at-risk calculates, use amount of change to divide
Analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
Preferably,
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition
Unit obtains described information security associated data.
Preferably,
Described resolution unit, is additionally operable to screen described security association data acquisition corresponding to each operational indicator
Security risk data.
Preferably,
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result
When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment,
Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing
The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical
Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.This
Information security measure described in inventive embodiments and device, carry out information security tolerance time, be based on
The value-at-risk that each operational indicator is carried out, so will obtain multiple different business index for an information system
Single value-at-risk;Obviously risk that these value-at-risks directly represent these business are corresponding rather than general
Risk corresponding to whole system, it is clear that carry out risk-aversion provide the most accurate parameter for follow-up;Aobvious
The method that carry out information security tolerance the most general to whole information system relative in prior art, improves
The accuracy of security measure and practicality.
Accompanying drawing explanation
Fig. 1 is one of schematic flow sheet of information security measure described in the embodiment of the present invention;
Fig. 2 is the structural representation of the operational indicator described in the embodiment of the present invention;
Fig. 3 is the structural representation of the information security measurement apparatus described in the embodiment of the present invention;
Fig. 4 is the two of the schematic flow sheet of the information security measure described in the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with Figure of description and specific embodiment technical scheme done and further explain in detail
State.
Embodiment of the method:
As it is shown in figure 1, the present embodiment provides a kind of information security measure, described method includes:
Step S110: obtain information security associated data;
Step S120: resolve the described security association data acquisition security risk number corresponding to each operational indicator
According to;
Step S130: determine the value-at-risk that each operational indicator is corresponding according to described security risk data.
Method described in the present embodiment is applied in the electronic equipments such as the computer with the information processing function, as
The information processing platform, cloud platform or a single computer etc..
Based on each operational indicator in the measure information method described in the present embodiment, rather than it is based only on
Whole information system, so will obtain more relative to information security based on whole information system tolerance
Value-at-risk, and these value-at-risks are aimed at each operational indicator, so according to value-at-risk, Ke Yijing
True knows which business current will suffer from risk or suffers the degree of risk;Obviously so can be conducive to
During follow-up risk averse, process targetedly, with more preferable anticipating risk.
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;Wherein, described business conduct index is the index corresponding to a business operation behavior;Described
Operation flow index is the index of several operation flows formed according to execution sequence business operation behavior;Institute
State the index that business tine index is the business tine that at least one described operation flow completes.
As in figure 2 it is shown, for based on described in the embodiment of the present invention information security measure propose be used for into
The index of row risk measurement;Wherein, the risk indicator in minimum stratification is security risk index.Described peace
Full risk indicator can be identical with the index in security risk index system of the prior art.In described safety
For the operational indicator described in the embodiment of the present invention on risk indicator.The index that described operational indicator granularity is minimum
For behavioral indicator;The corresponding operation of a usual business conduct, concrete such as register, deletion action;
These operations are it is possible that in each middle business, be process indicator on behavioral indicator;Process indicator is to have
The index that multiple business conducts are formed according to certain execution sequence.Described process indicator generally corresponds to multiple
Behavioral indicator.It it is the finest business tine index of granularity on process indicator;Business tine index is usual
Correspond to business tine;The concrete business tine such as business, inquiry business of such as paying dues.
Each described business tine index correspond to the assets specified in information system;But above-mentioned each
The scope of the assets that index is corresponding and precision are different;As the most corresponding in security risk index is whole letter
All assets of breath system;The described behavioral indicator then corresponding assets performing the behavior;Process indicator performs should
The assets of flow process, business tine index correspondence performs the assets of this business.In these assets include information system
Software and hardware resources, concrete such as processor, store resource, interface and the network bandwidth etc..
Described step S130 can include following at least one:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Apparently according to above-mentioned value-at-risk, it may be determined that go out which business tine and be likely to occur in risk, business
That flow process in appearance may meet with risk, and which behavior the most sometimes can cause risk, it is clear that by this
The offer of a little value-at-risks, whether information processing system can be determined the most accurately to be currently subject to and maybe will meet with
By risk, it is possible to which resource of positioning information system can meet with or meet with risk accurately, it is simple to follow-up
The specific aim of risk-aversion flow process starts.
Described step S120 comprises the steps that
Step S121: described in the described security risk data that the n-th moment was obtained and the acquisition of the (n-1)th moment
Security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2;Institute
Stating for the n-th moment is later than described (n-1)th moment;
Step S122: determine whether amount of change according to comparative result;
Described step S130 comprises the steps that when relating to the amount of change that value-at-risk calculates, and uses amount of change analysis
Strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
It is up when information system major part, when information system occurs risk, the peace of collection
Full risk data will occur different from the security risk data gathered time properly functioning.Therefore in the present embodiment
Utilize this characteristic, the security risk that the security risk data gathered in the n-th moment obtain with the (n-1)th moment
Data compare;If comparative result shows security risk data and the safety in the (n-1)th moment in the n-th moment
Risk data is consistent, now, if the (n-1)th moment was safe not experience risk, it is clear that when n-th
Carve also is safe not meet with risk.It is generally used for the security risk number in the (n-1)th moment compared
According to generally indicating that information system is currently safe.
Described step S130 also includes: when the amount of change calculated without reference to value-at-risk, returns described in obtaining
The step of information security associated data.
Step S110 to the execution of step S130 in the present embodiment can be to perform in the cycle, specifically as 10s,
In 1min, one performs the cycle, and now, described n-th moment is a moment of current period;Described (n-1)th
Moment was a moment in a upper cycle, and the duration of difference of usual the two moment can be exactly a cycle.
Therefore in step s 130 when determining the amount of change without reference to value-at-risk, enter next risk measurement
In the cycle, i.e. wait that preparation performs the execution of step S110 in next cycle.
Described 120 also include: screen the described security association data acquisition safety corresponding to each operational indicator
Risk data.
Described security association data generally can include event that safety equipment report, system journal, business procedure
The source datas such as execution journal;In these source datas, risk measurement will not be caused by the data such as some timestamp in fact
Impact, processes to reduce data volume, therefore first carries out the screening of data, concrete as
What carries out data screening, can will not relate to this operational indicator security risk by definition comparing and measure
Data get rid of, it is also possible to pass through template matching.
When carrying out data screening, may also include according to the data screening rule preset, filter out root index meter
Calculating relevant data, and these data are carried out classification process, similar events carries out sorting out and divides, convenient after
Continuous more efficiently complete data analysis.
Comprise the steps that in step S122
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different
When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter
Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first
When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
The most such as, described first parameter and the different parameters value that the second parameter is same parameter;These parameters are only
It is possible that float;The most such as, the bandwidth that a certain business tine takies;As above the risk that a moment gathers
Secure data is shown as 5M/s;The risk flexible strategy evidence of current time collection is shown as 6M/s;The most not
With;Occur in that floating;In the range of but this floating is probably normally;As 5M/s and 6M/s is respectively positioned on
Between the 3M/s to 7M/s of threshold values space, it is believed that this variation is normal variation, it it not institute in the present embodiment
The amount of change relating to security measure stated.If the first current threshold values space is 3M/s to 5.5M/s;Second
Threshold space is 5.5M/s to 7M/s;Now, then it is assumed that occur in that the amount of change described in the present embodiment.Aobvious
So so can get rid of the problem that degree of accuracy that normal data fluctuation causes is inadequate.
Summary, present embodiments provides information security measure, has the advantage that degree of accuracy is high, with
Time can also be by front having the difference between the data that two moment obtain, the easy identification realizing risk change;
Processed by dynamic quantitative analysis etc., the process of the data volume measured each time can also be reduced simultaneously, improve
Data-handling efficiency.
Apparatus embodiments
As it is shown on figure 3, the present embodiment provides a kind of information security measurement apparatus, described dress includes:
Acquiring unit 110, is used for obtaining information security associated data;
Resolution unit 120, for resolving the described security association data acquisition peace corresponding to each operational indicator
Full risk data;
Determine unit 130, for determining, according to described security risk data, the risk that each operational indicator is corresponding
Value.
Acquiring unit 110 described in the present embodiment can include data acquisition unit, is used for gathering in information system each
The security association data that individual assets are formed.Described acquiring unit 110 can also is that wired or wireless reception connects
Mouthful, described receiving interface is for receiving the various security association data that each assets in information system report.Institute
State wireline interface and can may also be cable interface with fiber optic cable interface.
Described resolution unit 120 and determine that unit 130 concrete structure can include processor and storage medium;Institute
State and connected by bus between processor and storage medium.On described storage medium, storage has executable code;
Described processor can perform resolution unit 120 by reading and run described executable code and determine unit
The function of 130 correspondences.Described resolution unit 120 and determine that unit 130 can process that individually correspondence is different
Device, it is also possible to integrated corresponding to same processor.When integrated corresponding to same processor time, described processor
The mode using time division multiplex or concurrent thread performs described resolution unit 120 and determines the function of unit 130.
Described processor can be application processor AP, digital signal processor DSP, programmable array PLC,
Micro-processor MCV or sincere advice processor CUP etc. have the process structure of signal capabilities.
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;Wherein, described business conduct index is the index corresponding to a business operation behavior;Described
Operation flow index is the index of several operation flows formed according to execution sequence business operation behavior;Institute
State the index that business tine index is the business tine that at least one described operation flow completes;Each
Described business tine index correspond to the assets specified in information system;
Described determine unit 130, specifically for determining that described business conduct refers to according to described security risk data
The value-at-risk that mark is corresponding, and/or determine, according to described security risk data, the wind that described operation flow index is corresponding
Danger value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Herein, it is provided that the described concrete structure determining unit 130;Described determine that unit 130 can be to often
When one operational indicator is measured, can measure from least three dimension, thus be calculated every
One operational indicator can accurately determine whether the serious journey of probability and the risk that the most maybe will meet with risk
The value-at-risk of degree.
Described resolution unit 120 comprises the steps that
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment
Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2;
Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit 130, specifically for when relating to the amount of change that value-at-risk calculates, use variation
Component analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
The concrete structure of described comparison module can include comparator or have the processor of comparing function.Described really
Cover half block can include various types of processor with information processing or process chip etc..
The most described resolution unit 120 is by parsing amount of change, and determines that unit 130 passes through
Amount of change analysis determines value-at-risk, so can reduce part the most not the amount of changing data former and later two
The replicate analysis in moment, thus improve efficiency and the speed of response that data process.
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition
Unit obtains described information security associated data.
Further, described resolution unit 120, it is additionally operable to screen described security association data acquisition and corresponds to
The security risk data of each operational indicator.Herein, described resolution unit 120, by data screening, enters one
Step decreases the process of data volume, it is possible to again improve efficiency and response speed that data process.
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result
When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment,
Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing
The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical
Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.
Described threshold interval can be to have previously been based on staff to indicate setting, it is also possible to described device according to
Historical statistical data determines voluntarily, as the visit capacity when a business is uprushed, it is possible that be this business
The inadequate resource of distribution, thus cause the busiest stuck problem of system;But the access of this business is usual
Also there is a normal fluctuation range, therefore according to the fluctuation of normal visit capacity before, described value-at-risk tolerance dress
Put and can provide a threshold space automatically according to historical data.
Summary, present embodiments provides a kind of information security measurement apparatus, it is possible to sieve automatically by data
Choosing, parsing, comparison and analysis, obtain accurate value-at-risk based on operational indicator, it is possible to prevents for follow-up risk
Imperial value-at-risk providing degree of accuracy high, practical;It can be the information security degree described in embodiment of the method
Metering method provides and realizes hardware.
Below in conjunction with above-described embodiment one concrete example of offer:
Information security measure described in this example comprises the following steps:
Step one: information system operational analysis
The business that combing information system is supported, the business such as a certain information system main support includes business
B1, business B2, business B3.Business B1 comprises 2 main business workflows, respectively flow process F1 and stream
Journey F2;Flow process F1 is made up of 3 main business behaviors, respectively behavior O1, behavior O2, behavior O3;
Main information assets involved by behavior O1 include: assets A1, assets A2, assets A3 etc..With this type of
Pushing away, business B2 and business B3 carry out combing analysis, and the operational analysis table that builds up an information system respectively.
Information system operational analysis table sample formula is as follows, can select according to the complexity situation of system in practical operation
Select business main in system, operation flow, business conduct, information assets, similar business is carried out whole
Reason merges, and reduces the later stage and reduces the scope of tolerance.Or according to the systemic-function of establishment in systems development process
Inventory carries out operational analysis, to reach the effect got twice the result with half the effort.
Body series security measure index is the most corresponding with system business function, and this corresponding relation source
Exploitation design process in system.And the business that information system is supported is fixing, operation flow and business
Behavior is just cured in systems when system Construction, will not arbitrarily change, so such business combing divides
Analysis work has only to using the method for the first time when do once.Only when business demand changes,
Just need some of which operation flow and business conduct are carried out some amendments, or to a newly-increased new industry
Business carries out combing.
Step 2: Information Security Risk is measured
To the information assets involved by information system, (assets scope is exactly the letter in information system operational analysis table
Breath assets) measure, calculate the security risk value of each riskless asset.
Here to reduce the complexity of tolerance, the accurate of tolerance can be improved by presetting assets scope
Property.Although have employed existing security measure method based on risk, but it being permissible that measurement results obtains accuracy
Ensure.Reason is as follows: first, and the scope of tolerance is very clear and definite, i.e. petty bourgeoisie involved by business conduct
Product scope, and the most only calculate the value-at-risk of assets, it is not necessary to consider the situation of multiple assets;The
Two, the method has relatively firm theoretical basis and reality in terms of asset identification, threat identification and weakness identification
Trample advantage, for the security measure result of on a small scale single risk factor or relatively objective and accurately.
Step 3:
Service security metric parameter includes assets operation degree of association parameter PA, business conduct significance level parameter
PO, operation flow significance level parameter PF。
Establishing method:
First, according to the degree of association between each assets related in operational indicator, complete this operational indicator time
The importance degree etc. of corresponding assets is ranked up from high to low.
Then, it is determined that principle of determining parameters.The scope 0 < P < 1 of such as setup parameter, and P1+P2+ ...+Pn=1.
And with reference in existing security risk measure, assets C (confidentiality)/I (integrity)/A (availability),
Threat frequency, the assignment mode of the weakness order of severity, carry out parameter setting.
Finally, relevant parameter is determined.Represent with aggregate manner,
Parameter sets such as business conduct 1 underlying assets is: Pa={ pa1,pa2,…panDescribed an represents n-th
Assets;Described n is the integer not less than 1.
The parameter sets of operation flow 1 related service behavior is: Po={ po1,po2,…pon};Described on represents
N assets;Described n is the integer not less than 1.
The parameter sets of business 1 related business process is: Pf={ pf1,pf2,…pfn};Described fn represents n-th
Assets;Described n is the integer not less than 1.
Step 4: service security tolerance quantum chemical method
Definition: soRepresent business conduct security measure index, sfRepresent operation flow security measure index, sBTable
Show business general safety metric.
Matrix AS=(oisA1,oisA2,...oisAn), described ASRepresent business conduct oiInvolved information assets peace
Full value-at-risk, is second step result of calculation, matrix PS=(oipa1,oipa2,...oipan), PSRepresent each assets pair
The security implication degree parameter answered;Described oisAnFor business conduct oiThe security risk of An the assets related to
Value;Described oipanFor business conduct oiThe security implication angle value of an the assets related to.
Matrix OS=(FisO1,FisO2,...FisOn), represent flow process FiBusiness conduct security risk value, be business
Behavior safety measurement results, matrix Po=(FiSo1,FiSo2,...FiSon), represent the safe shadow that each business behavior is corresponding
Loudness parameter;Described FisonFor business conduct FiThe security risk value of On the assets related to;Described FiSon
For business conduct FiThe security implication angle value of on the assets related to.
Matrix FS=(BisF1,BisF2,...BisFn), represent composition business BiOperation flow security risk value, be
Operation flow security measure result, matrix Pf=(Bipf1,Bipf2,...Bipfn), represent that each operation flow is corresponding
Security implication degree parameter;Described BisFnFor business conduct FiThe B related toiThe security risk value of individual assets;
Described BipfnFor business conduct FiThe security implication angle value of fn the assets related to.
Then:
Behavior safety index: Described i is assets number.
Flow process safety index: Described j is business conduct number.
Service security index: Described k is operation flow number.
So far, service security tolerance quantized value is formed.
It should be noted that containing of the value of n and i in different formulas in this example and the physical quantity of representative
Justice is only limitted to this formula, does not affect the value of n in other formula and the implication of physical quantity.
This example carry out information security tolerance time idiographic flow as shown in Figure 4, including:
Step 01: data acquisition: by the data acquisition unit on device, gathers safety in network equipment and quotes
Event, the source data such as system journal.
Step 02: data screening: according to predefined data screening rule, screens with index calculates relevant
Data, and these data are sorted out, similar events carries out merger.
Step 03: data analysis: in the data newly collected according to data analysis rule relative analysis and rule
Difference between the threshold values of definition, and contrast with the data gathered last time, analyse whether to change.
Step 04: data movement judges: without variation, device handling process forwards step 01 data to
Gather;If there being variation, enter step 05 amount of change fractional analysis.
Step 05: amount of change fractional analysis: according to predefined amount of change fractional analysis rule, this is changed
Situation carries out numerical quantization.
Step 06: index calculates feedback: according to predefined index calculating method, calculates index of correlation,
And result of calculation is fed back to device user by the form such as note, mail.
Step 07: rule and method manages: device provides the customization to dependency rule and computational methods to manage,
Operate including increase, delete, revise, inquiry etc..
In several embodiments provided herein, it should be understood that disclosed equipment and method,
Can realize by another way.Apparatus embodiments described above is only schematically, such as,
The division of described unit, is only a kind of logic function and divides, and actual can have other division when realizing
Mode, such as: multiple unit or assembly can be in conjunction with, or are desirably integrated into another system, or some are special
Levy and can ignore, or do not perform.It addition, the coupling each other of shown or discussed each ingredient,
Or direct-coupling or communication connection can be the INDIRECT COUPLING by some interfaces, equipment or unit or logical
Letter connect, can be electrical, machinery or other form.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, makees
The parts shown for unit can be or may not be physical location, i.e. may be located at a place,
Can also be distributed on multiple NE;Can select according to the actual needs therein partly or entirely
Unit realizes the purpose of the present embodiment scheme.
It addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing module
In, it is also possible to it is that each unit is individually as a unit, it is also possible to two or more unit collection
Become in a unit;Above-mentioned integrated unit both can realize to use the form of hardware, it would however also be possible to employ
Hardware adds the form of SFU software functional unit and realizes.
One of ordinary skill in the art will appreciate that: realize all or part of step of said method embodiment
Can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer-readable
Taking in storage medium, this program upon execution, performs to include the step of said method embodiment;And it is aforementioned
Storage medium include: movable storage device, read only memory (ROM, Read-Only Memory),
Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various
The medium of program code can be stored.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited to
In this, any those familiar with the art, can be easily in the technical scope that the invention discloses
Expect change or replace, all should contain within protection scope of the present invention.Therefore, the protection of the present invention
Scope should be as the criterion with described scope of the claims.
Claims (12)
1. an information security measure, it is characterised in that described method includes:
Obtain information security associated data;
Resolve the described security association data acquisition security risk data corresponding to each operational indicator;
The value-at-risk that each operational indicator is corresponding is determined according to described security risk data.
Method the most according to claim 1, it is characterised in that
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior
Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described according to described security risk data determine value-at-risk corresponding to each operational indicator include following at least
One of them:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Method the most according to claim 1 and 2, it is characterised in that
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, bag
Include:
The described security risk number that the described security risk data obtained in n-th moment obtained with the (n-1)th moment
According to comparing, form comparative result;Wherein, described n is the integer not less than 2;Described n-th moment
It is later than described (n-1)th moment;
Amount of change is determined whether according to comparative result;
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, including:
When relating to the amount of change that value-at-risk calculates, use amount of change analysis strategy that described amount of change is carried out
Numerical quantization;
Described value-at-risk is determined according to described numerical quantization.
Method the most according to claim 3, it is characterised in that
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, also include:
When the amount of change calculated without reference to value-at-risk, return the step obtaining described information security associated data
Suddenly.
Method the most according to claim 3, it is characterised in that
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, also
Including:
Screen the described security association data acquisition security risk data corresponding to each operational indicator.
Method the most according to claim 3, it is characterised in that
Described foundation comparative result determines whether amount of change, including:
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different
When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter
Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first
When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
7. an information security measurement apparatus, it is characterised in that described device includes:
Acquiring unit, is used for obtaining information security associated data;
Resolution unit, for resolving the described security association data acquisition safety wind corresponding to each operational indicator
Danger data;
Determine unit, for determining, according to described security risk data, the value-at-risk that each operational indicator is corresponding.
Device the most according to claim 7, it is characterised in that
Described operational indicator includes business conduct index, operation flow index and business tine index at least
One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior
Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described determine unit, specifically for determining described business conduct index pair according to described security risk data
The value-at-risk answered, and/or determine, according to described security risk data, the risk that described operation flow index is corresponding
Value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
9. according to the device described in claim 7 or 8, it is characterised in that
Described resolution unit, including:
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment
Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2;
Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit, specifically for when relating to the amount of change that value-at-risk calculates, use amount of change to divide
Analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
Device the most according to claim 9, it is characterised in that
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition
Unit obtains described information security associated data.
11. devices according to claim 9, it is characterised in that
Described resolution unit, is additionally operable to screen described security association data acquisition corresponding to each operational indicator
Security risk data.
12. devices according to claim 9, it is characterised in that
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result
When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment,
Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing
The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical
Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510020740.6A CN105844169B (en) | 2015-01-15 | 2015-01-15 | Information security measure and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510020740.6A CN105844169B (en) | 2015-01-15 | 2015-01-15 | Information security measure and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105844169A true CN105844169A (en) | 2016-08-10 |
CN105844169B CN105844169B (en) | 2019-09-13 |
Family
ID=56580065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510020740.6A Active CN105844169B (en) | 2015-01-15 | 2015-01-15 | Information security measure and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105844169B (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107562929A (en) * | 2017-09-15 | 2018-01-09 | 北京安点科技有限责任公司 | The arrangement method and device of threat assets based on big data analysis |
CN108427624A (en) * | 2017-02-13 | 2018-08-21 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of system stability risk and equipment |
CN113553583A (en) * | 2021-07-28 | 2021-10-26 | 中国南方电网有限责任公司 | Information system asset security risk assessment method and device |
CN114019942A (en) * | 2021-11-04 | 2022-02-08 | 哈尔滨工业大学 | Industrial robot system security threat evaluation method based on time-sharing frequency |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1761208A (en) * | 2005-11-17 | 2006-04-19 | 郭世泽 | System and method for evaluating security and survivability of network information system |
CN101374051A (en) * | 2008-08-22 | 2009-02-25 | 中国航天科工集团第二研究院七○六所 | Method for evaluating information system risk base on multi-element fusion |
CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
CN101674302A (en) * | 2009-09-25 | 2010-03-17 | 联想网御科技(北京)有限公司 | Method and device for conducting security identification on information system |
CN101770602A (en) * | 2008-12-31 | 2010-07-07 | 国立成功大学 | Flight safety margin risk evaluating method, specialist system and establishing method thereof |
CN102081622A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团贵州有限公司 | Method and device for evaluating system health degree |
US20110173146A1 (en) * | 2006-06-12 | 2011-07-14 | John Harris Hnatio | Complexity systems management method |
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102622668A (en) * | 2012-02-13 | 2012-08-01 | 中国科学院科技政策与管理科学研究所 | Risk early warning method based on technological processes |
CN102663530A (en) * | 2012-05-25 | 2012-09-12 | 中国南方电网有限责任公司超高压输电公司 | Safety early warning and evaluating system for high-voltage direct current transmission system |
CN102752142A (en) * | 2012-07-05 | 2012-10-24 | 深圳市易聆科信息技术有限公司 | Monitoring method and system based on multidimensional modeled information system |
CN102819813A (en) * | 2012-08-20 | 2012-12-12 | 浙江大学 | Security risk assessment method for intelligent substation automation system |
CN103366244A (en) * | 2013-06-19 | 2013-10-23 | 深圳市易聆科信息技术有限公司 | Method and system for acquiring network risk value in real time |
CN103927631A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation |
CN103996006A (en) * | 2013-02-17 | 2014-08-20 | 中国移动通信集团山西有限公司 | Information system security risk assessment method and device |
CN104052635A (en) * | 2014-06-05 | 2014-09-17 | 北京江南天安科技有限公司 | Risk situation prediction method and system based on safety pre-warning |
-
2015
- 2015-01-15 CN CN201510020740.6A patent/CN105844169B/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1761208A (en) * | 2005-11-17 | 2006-04-19 | 郭世泽 | System and method for evaluating security and survivability of network information system |
US20110173146A1 (en) * | 2006-06-12 | 2011-07-14 | John Harris Hnatio | Complexity systems management method |
CN101374051A (en) * | 2008-08-22 | 2009-02-25 | 中国航天科工集团第二研究院七○六所 | Method for evaluating information system risk base on multi-element fusion |
CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
CN101770602A (en) * | 2008-12-31 | 2010-07-07 | 国立成功大学 | Flight safety margin risk evaluating method, specialist system and establishing method thereof |
CN101674302A (en) * | 2009-09-25 | 2010-03-17 | 联想网御科技(北京)有限公司 | Method and device for conducting security identification on information system |
CN102081622A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团贵州有限公司 | Method and device for evaluating system health degree |
CN102402723A (en) * | 2011-11-03 | 2012-04-04 | 北京谷安天下科技有限公司 | Method and system for detecting security of information assets |
CN102622668A (en) * | 2012-02-13 | 2012-08-01 | 中国科学院科技政策与管理科学研究所 | Risk early warning method based on technological processes |
CN102663530A (en) * | 2012-05-25 | 2012-09-12 | 中国南方电网有限责任公司超高压输电公司 | Safety early warning and evaluating system for high-voltage direct current transmission system |
CN102752142A (en) * | 2012-07-05 | 2012-10-24 | 深圳市易聆科信息技术有限公司 | Monitoring method and system based on multidimensional modeled information system |
CN102819813A (en) * | 2012-08-20 | 2012-12-12 | 浙江大学 | Security risk assessment method for intelligent substation automation system |
CN103996006A (en) * | 2013-02-17 | 2014-08-20 | 中国移动通信集团山西有限公司 | Information system security risk assessment method and device |
CN103366244A (en) * | 2013-06-19 | 2013-10-23 | 深圳市易聆科信息技术有限公司 | Method and system for acquiring network risk value in real time |
CN103927631A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation |
CN104052635A (en) * | 2014-06-05 | 2014-09-17 | 北京江南天安科技有限公司 | Risk situation prediction method and system based on safety pre-warning |
Non-Patent Citations (1)
Title |
---|
唐思思: "基于离散动态贝叶斯网络的信息安全风险评估方法的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108427624A (en) * | 2017-02-13 | 2018-08-21 | 阿里巴巴集团控股有限公司 | A kind of recognition methods of system stability risk and equipment |
CN108427624B (en) * | 2017-02-13 | 2021-03-02 | 创新先进技术有限公司 | System stability risk identification method and device |
CN107562929A (en) * | 2017-09-15 | 2018-01-09 | 北京安点科技有限责任公司 | The arrangement method and device of threat assets based on big data analysis |
CN113553583A (en) * | 2021-07-28 | 2021-10-26 | 中国南方电网有限责任公司 | Information system asset security risk assessment method and device |
CN114019942A (en) * | 2021-11-04 | 2022-02-08 | 哈尔滨工业大学 | Industrial robot system security threat evaluation method based on time-sharing frequency |
CN114019942B (en) * | 2021-11-04 | 2023-08-29 | 哈尔滨工业大学 | Industrial robot system security threat evaluation method based on time-sharing frequency |
Also Published As
Publication number | Publication date |
---|---|
CN105844169B (en) | 2019-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Harrigan et al. | Designation and trend analysis of the updated UK Benchmark Network of river flow stations: The UKBN2 dataset | |
JP5300761B2 (en) | Energy distribution calculation device | |
CN105844169A (en) | Method and device for information safety metrics | |
CN103929330B (en) | Domain name service method for evaluating quality and system | |
Simpson | Geography conversion tables: a framework for conversion of data between geographical units | |
CN107908533B (en) | A kind of monitoring method, device, computer readable storage medium and the equipment of database performance index | |
CN110827169B (en) | Distributed power grid service monitoring method based on grading indexes | |
CN108345985A (en) | A kind of power distribution network Data Quality Assessment Methodology and system | |
CN107679734A (en) | It is a kind of to be used for the method and system without label data classification prediction | |
D'Avanzo et al. | Cosmic functional measurement of mobile applications and code size estimation | |
CN105894329A (en) | Data analysis method and device | |
Schuh et al. | Methodology for the assessment of structural complexity in global production networks | |
CN111881124A (en) | Data processing method and system based on state estimation of improved algorithm | |
CN114881343A (en) | Short-term load prediction method and device of power system based on feature selection | |
CN111985163B (en) | Rubidium clock life prediction method and device | |
CN113807587B (en) | Integral early warning method and system based on multi-ladder nuclear deep neural network model | |
US20160147838A1 (en) | Receiving node, data management system, data management method and strage medium | |
CN108599147A (en) | Combination section prediction technique based on normal state exponential smoothing and Density Estimator | |
CN112100165A (en) | Traffic data processing method, system, device and medium based on quality evaluation | |
Li et al. | An information model for use in software management estimation and prediction | |
CN112305603B (en) | Quality monitoring method and system for node instrument | |
CN108712303A (en) | A kind of the tail delay evaluation system and method for cloud platform | |
Martinović | Halo statistics analysis within medium volume cosmological N-body simulation | |
CN114792232B (en) | Engineering quantity processing method, system, equipment and readable storage medium | |
McFadden et al. | Survey and analysis of quality measures used in aspect mining |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |