CN105844169A - Method and device for information safety metrics - Google Patents

Method and device for information safety metrics Download PDF

Info

Publication number
CN105844169A
CN105844169A CN201510020740.6A CN201510020740A CN105844169A CN 105844169 A CN105844169 A CN 105844169A CN 201510020740 A CN201510020740 A CN 201510020740A CN 105844169 A CN105844169 A CN 105844169A
Authority
CN
China
Prior art keywords
risk
index
data
value
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510020740.6A
Other languages
Chinese (zh)
Other versions
CN105844169B (en
Inventor
王欢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Group Anhui Co Ltd
Original Assignee
China Mobile Group Anhui Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Group Anhui Co Ltd filed Critical China Mobile Group Anhui Co Ltd
Priority to CN201510020740.6A priority Critical patent/CN105844169B/en
Publication of CN105844169A publication Critical patent/CN105844169A/en
Application granted granted Critical
Publication of CN105844169B publication Critical patent/CN105844169B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a method and a device for information safety metrics. The method comprises: obtaining information safety associated data; analyzing the safety associated data to obtain safety risk data corresponding to each operational indicator; and according to the safety risk data, determining the risk value corresponding to each operational indicator.

Description

Information security measure and device
Technical field
The present invention relates to the safe practice of field of information processing, particularly relate to a kind of information security measure and Device.
Background technology
Along with electronic technology and the development of communication technology, electronic equipment and the Internet create substantial amounts of data, The obvious safe operation how ensureing these data is the key utilizing these information to complete specific function.
Generally when ensuring information security, first current information will be monitored the most safely and measure;Its Secondary corresponding security strategy will be used to carry out safe handling and guarantee according to current monitor and the result of tolerance. The tolerance of existing information security mainly from the assets value factor of information system, the weakness of information system because of The factors such as element and the outer wechat of system are monitored and measure.
Following two formula is the value-at-risk that prior art vacuum metrics information system currently can suffer from;
Value-at-risk (R)=assets value (S) × weakness value (V) × threat value (T)
Value-at-risk (R)=assets value (S) × weakness value (V) × threat value (T)/safety measure (P).
Said method can measure out the risk that information system is currently suffered to a certain extent;But storage Problems with can cause the degree of accuracy of risk measurement result to be had a greatly reduced quality.
One, existing security measure system is for whole system, it is impossible to specific to certain some letter of information system Breath or certain some application, it is clear that practicality is inadequate, the when of carrying out security management and control according to measurement results, target Too big to happiness, and may cause cannot accurately carrying out management and control targetedly.
Two, the basis of existing security measure system is dynamic, and tolerance is required for doing substantial amounts of beam worker every time Making, security measure efficiency is low.
Existing security measure system is based on assets, threat, these risk three elements of weakness, the value of information assets Rely on and business, typically will not change, and the threat that information assets faces, it is weak that assets self exist Point, can change, as well as system user to being along with the change of system external environment and the growth of time System constantly operates with or rectifies and improves reinforcing and changes.Once threatening or weakness changes, risk is also Will and then change.Therefore after a period of time, the risk measurement result being previously calculated will lose efficacy, and needs weight The new situation of change analyzing risk, gauging system security risk again, to ensure the effectiveness of security measure.
Three, existing method is limited only to the information system that scale is less, it is impossible to the letter that accuracy amount is larger Breath security of system situation.
The factor that existing metric relies on is dynamic, when facing fairly large system, is relied on Factor change is the most complicated, and now carrying out security measure needs the factor considered too many, is difficult to true reflection The safe condition of scale complex system.But iff relying on single factors, as only from threatening or weakness angle Degree tolerance, for a certain specific threat or weakness, although the index result drawn is relatively accurate, but relatively Unilateral, it is impossible to the security situation of reflection whole system.
Four, at the bottom of existing security measure system measurement automation degree, occur at system end (risk elements) During change, it is impossible to reflection is to index result automatically.
Summary of the invention
In view of this, embodiment of the present invention expectation provides a kind of information security measure and device, to improve The accuracy of security measure and practicality.
For reaching above-mentioned purpose, the technical scheme is that and be achieved in that:
Embodiment of the present invention first aspect provides a kind of information security measure, and described method includes:
Obtain information security associated data;
Resolve the described security association data acquisition security risk data corresponding to each operational indicator;
The value-at-risk that each operational indicator is corresponding is determined according to described security risk data.
Preferably,
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described according to described security risk data determine value-at-risk corresponding to each operational indicator include following at least One of them:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Preferably,
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, bag Include:
The described security risk number that the described security risk data obtained in n-th moment obtained with the (n-1)th moment According to comparing, form comparative result;Wherein, described n is the integer not less than 2;Described n-th moment It is later than described (n-1)th moment;
Amount of change is determined whether according to comparative result;
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, including:
When relating to the amount of change that value-at-risk calculates, use amount of change analysis strategy that described amount of change is carried out Numerical quantization;
Described value-at-risk is determined according to described numerical quantization.
Preferably,
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, also include:
When the amount of change calculated without reference to value-at-risk, return the step obtaining described information security associated data Suddenly.
Preferably,
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, also Including:
Screen the described security association data acquisition security risk data corresponding to each operational indicator.
Preferably,
Described foundation comparative result determines whether amount of change, including:
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
Embodiment of the present invention second aspect provides a kind of information security measurement apparatus, and described device includes:
Acquiring unit, is used for obtaining information security associated data;
Resolution unit, for resolving the described security association data acquisition safety wind corresponding to each operational indicator Danger data;
Determine unit, for determining, according to described security risk data, the value-at-risk that each operational indicator is corresponding.
Preferably,
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described determine unit, specifically for determining described business conduct index pair according to described security risk data The value-at-risk answered, and/or determine, according to described security risk data, the risk that described operation flow index is corresponding Value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Preferably,
Described resolution unit, including:
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2; Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit, specifically for when relating to the amount of change that value-at-risk calculates, use amount of change to divide Analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
Preferably,
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition Unit obtains described information security associated data.
Preferably,
Described resolution unit, is additionally operable to screen described security association data acquisition corresponding to each operational indicator Security risk data.
Preferably,
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment, Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.This Information security measure described in inventive embodiments and device, carry out information security tolerance time, be based on The value-at-risk that each operational indicator is carried out, so will obtain multiple different business index for an information system Single value-at-risk;Obviously risk that these value-at-risks directly represent these business are corresponding rather than general Risk corresponding to whole system, it is clear that carry out risk-aversion provide the most accurate parameter for follow-up;Aobvious The method that carry out information security tolerance the most general to whole information system relative in prior art, improves The accuracy of security measure and practicality.
Accompanying drawing explanation
Fig. 1 is one of schematic flow sheet of information security measure described in the embodiment of the present invention;
Fig. 2 is the structural representation of the operational indicator described in the embodiment of the present invention;
Fig. 3 is the structural representation of the information security measurement apparatus described in the embodiment of the present invention;
Fig. 4 is the two of the schematic flow sheet of the information security measure described in the embodiment of the present invention.
Detailed description of the invention
Below in conjunction with Figure of description and specific embodiment technical scheme done and further explain in detail State.
Embodiment of the method:
As it is shown in figure 1, the present embodiment provides a kind of information security measure, described method includes:
Step S110: obtain information security associated data;
Step S120: resolve the described security association data acquisition security risk number corresponding to each operational indicator According to;
Step S130: determine the value-at-risk that each operational indicator is corresponding according to described security risk data.
Method described in the present embodiment is applied in the electronic equipments such as the computer with the information processing function, as The information processing platform, cloud platform or a single computer etc..
Based on each operational indicator in the measure information method described in the present embodiment, rather than it is based only on Whole information system, so will obtain more relative to information security based on whole information system tolerance Value-at-risk, and these value-at-risks are aimed at each operational indicator, so according to value-at-risk, Ke Yijing True knows which business current will suffer from risk or suffers the degree of risk;Obviously so can be conducive to During follow-up risk averse, process targetedly, with more preferable anticipating risk.
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;Wherein, described business conduct index is the index corresponding to a business operation behavior;Described Operation flow index is the index of several operation flows formed according to execution sequence business operation behavior;Institute State the index that business tine index is the business tine that at least one described operation flow completes.
As in figure 2 it is shown, for based on described in the embodiment of the present invention information security measure propose be used for into The index of row risk measurement;Wherein, the risk indicator in minimum stratification is security risk index.Described peace Full risk indicator can be identical with the index in security risk index system of the prior art.In described safety For the operational indicator described in the embodiment of the present invention on risk indicator.The index that described operational indicator granularity is minimum For behavioral indicator;The corresponding operation of a usual business conduct, concrete such as register, deletion action; These operations are it is possible that in each middle business, be process indicator on behavioral indicator;Process indicator is to have The index that multiple business conducts are formed according to certain execution sequence.Described process indicator generally corresponds to multiple Behavioral indicator.It it is the finest business tine index of granularity on process indicator;Business tine index is usual Correspond to business tine;The concrete business tine such as business, inquiry business of such as paying dues.
Each described business tine index correspond to the assets specified in information system;But above-mentioned each The scope of the assets that index is corresponding and precision are different;As the most corresponding in security risk index is whole letter All assets of breath system;The described behavioral indicator then corresponding assets performing the behavior;Process indicator performs should The assets of flow process, business tine index correspondence performs the assets of this business.In these assets include information system Software and hardware resources, concrete such as processor, store resource, interface and the network bandwidth etc..
Described step S130 can include following at least one:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Apparently according to above-mentioned value-at-risk, it may be determined that go out which business tine and be likely to occur in risk, business That flow process in appearance may meet with risk, and which behavior the most sometimes can cause risk, it is clear that by this The offer of a little value-at-risks, whether information processing system can be determined the most accurately to be currently subject to and maybe will meet with By risk, it is possible to which resource of positioning information system can meet with or meet with risk accurately, it is simple to follow-up The specific aim of risk-aversion flow process starts.
Described step S120 comprises the steps that
Step S121: described in the described security risk data that the n-th moment was obtained and the acquisition of the (n-1)th moment Security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2;Institute Stating for the n-th moment is later than described (n-1)th moment;
Step S122: determine whether amount of change according to comparative result;
Described step S130 comprises the steps that when relating to the amount of change that value-at-risk calculates, and uses amount of change analysis Strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
It is up when information system major part, when information system occurs risk, the peace of collection Full risk data will occur different from the security risk data gathered time properly functioning.Therefore in the present embodiment Utilize this characteristic, the security risk that the security risk data gathered in the n-th moment obtain with the (n-1)th moment Data compare;If comparative result shows security risk data and the safety in the (n-1)th moment in the n-th moment Risk data is consistent, now, if the (n-1)th moment was safe not experience risk, it is clear that when n-th Carve also is safe not meet with risk.It is generally used for the security risk number in the (n-1)th moment compared According to generally indicating that information system is currently safe.
Described step S130 also includes: when the amount of change calculated without reference to value-at-risk, returns described in obtaining The step of information security associated data.
Step S110 to the execution of step S130 in the present embodiment can be to perform in the cycle, specifically as 10s, In 1min, one performs the cycle, and now, described n-th moment is a moment of current period;Described (n-1)th Moment was a moment in a upper cycle, and the duration of difference of usual the two moment can be exactly a cycle.
Therefore in step s 130 when determining the amount of change without reference to value-at-risk, enter next risk measurement In the cycle, i.e. wait that preparation performs the execution of step S110 in next cycle.
Described 120 also include: screen the described security association data acquisition safety corresponding to each operational indicator Risk data.
Described security association data generally can include event that safety equipment report, system journal, business procedure The source datas such as execution journal;In these source datas, risk measurement will not be caused by the data such as some timestamp in fact Impact, processes to reduce data volume, therefore first carries out the screening of data, concrete as What carries out data screening, can will not relate to this operational indicator security risk by definition comparing and measure Data get rid of, it is also possible to pass through template matching.
When carrying out data screening, may also include according to the data screening rule preset, filter out root index meter Calculating relevant data, and these data are carried out classification process, similar events carries out sorting out and divides, convenient after Continuous more efficiently complete data analysis.
Comprise the steps that in step S122
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
The most such as, described first parameter and the different parameters value that the second parameter is same parameter;These parameters are only It is possible that float;The most such as, the bandwidth that a certain business tine takies;As above the risk that a moment gathers Secure data is shown as 5M/s;The risk flexible strategy evidence of current time collection is shown as 6M/s;The most not With;Occur in that floating;In the range of but this floating is probably normally;As 5M/s and 6M/s is respectively positioned on Between the 3M/s to 7M/s of threshold values space, it is believed that this variation is normal variation, it it not institute in the present embodiment The amount of change relating to security measure stated.If the first current threshold values space is 3M/s to 5.5M/s;Second Threshold space is 5.5M/s to 7M/s;Now, then it is assumed that occur in that the amount of change described in the present embodiment.Aobvious So so can get rid of the problem that degree of accuracy that normal data fluctuation causes is inadequate.
Summary, present embodiments provides information security measure, has the advantage that degree of accuracy is high, with Time can also be by front having the difference between the data that two moment obtain, the easy identification realizing risk change; Processed by dynamic quantitative analysis etc., the process of the data volume measured each time can also be reduced simultaneously, improve Data-handling efficiency.
Apparatus embodiments
As it is shown on figure 3, the present embodiment provides a kind of information security measurement apparatus, described dress includes:
Acquiring unit 110, is used for obtaining information security associated data;
Resolution unit 120, for resolving the described security association data acquisition peace corresponding to each operational indicator Full risk data;
Determine unit 130, for determining, according to described security risk data, the risk that each operational indicator is corresponding Value.
Acquiring unit 110 described in the present embodiment can include data acquisition unit, is used for gathering in information system each The security association data that individual assets are formed.Described acquiring unit 110 can also is that wired or wireless reception connects Mouthful, described receiving interface is for receiving the various security association data that each assets in information system report.Institute State wireline interface and can may also be cable interface with fiber optic cable interface.
Described resolution unit 120 and determine that unit 130 concrete structure can include processor and storage medium;Institute State and connected by bus between processor and storage medium.On described storage medium, storage has executable code; Described processor can perform resolution unit 120 by reading and run described executable code and determine unit The function of 130 correspondences.Described resolution unit 120 and determine that unit 130 can process that individually correspondence is different Device, it is also possible to integrated corresponding to same processor.When integrated corresponding to same processor time, described processor The mode using time division multiplex or concurrent thread performs described resolution unit 120 and determines the function of unit 130. Described processor can be application processor AP, digital signal processor DSP, programmable array PLC, Micro-processor MCV or sincere advice processor CUP etc. have the process structure of signal capabilities.
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;Wherein, described business conduct index is the index corresponding to a business operation behavior;Described Operation flow index is the index of several operation flows formed according to execution sequence business operation behavior;Institute State the index that business tine index is the business tine that at least one described operation flow completes;Each Described business tine index correspond to the assets specified in information system;
Described determine unit 130, specifically for determining that described business conduct refers to according to described security risk data The value-at-risk that mark is corresponding, and/or determine, according to described security risk data, the wind that described operation flow index is corresponding Danger value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Herein, it is provided that the described concrete structure determining unit 130;Described determine that unit 130 can be to often When one operational indicator is measured, can measure from least three dimension, thus be calculated every One operational indicator can accurately determine whether the serious journey of probability and the risk that the most maybe will meet with risk The value-at-risk of degree.
Described resolution unit 120 comprises the steps that
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2; Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit 130, specifically for when relating to the amount of change that value-at-risk calculates, use variation Component analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
The concrete structure of described comparison module can include comparator or have the processor of comparing function.Described really Cover half block can include various types of processor with information processing or process chip etc..
The most described resolution unit 120 is by parsing amount of change, and determines that unit 130 passes through Amount of change analysis determines value-at-risk, so can reduce part the most not the amount of changing data former and later two The replicate analysis in moment, thus improve efficiency and the speed of response that data process.
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition Unit obtains described information security associated data.
Further, described resolution unit 120, it is additionally operable to screen described security association data acquisition and corresponds to The security risk data of each operational indicator.Herein, described resolution unit 120, by data screening, enters one Step decreases the process of data volume, it is possible to again improve efficiency and response speed that data process.
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment, Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.
Described threshold interval can be to have previously been based on staff to indicate setting, it is also possible to described device according to Historical statistical data determines voluntarily, as the visit capacity when a business is uprushed, it is possible that be this business The inadequate resource of distribution, thus cause the busiest stuck problem of system;But the access of this business is usual Also there is a normal fluctuation range, therefore according to the fluctuation of normal visit capacity before, described value-at-risk tolerance dress Put and can provide a threshold space automatically according to historical data.
Summary, present embodiments provides a kind of information security measurement apparatus, it is possible to sieve automatically by data Choosing, parsing, comparison and analysis, obtain accurate value-at-risk based on operational indicator, it is possible to prevents for follow-up risk Imperial value-at-risk providing degree of accuracy high, practical;It can be the information security degree described in embodiment of the method Metering method provides and realizes hardware.
Below in conjunction with above-described embodiment one concrete example of offer:
Information security measure described in this example comprises the following steps:
Step one: information system operational analysis
The business that combing information system is supported, the business such as a certain information system main support includes business B1, business B2, business B3.Business B1 comprises 2 main business workflows, respectively flow process F1 and stream Journey F2;Flow process F1 is made up of 3 main business behaviors, respectively behavior O1, behavior O2, behavior O3; Main information assets involved by behavior O1 include: assets A1, assets A2, assets A3 etc..With this type of Pushing away, business B2 and business B3 carry out combing analysis, and the operational analysis table that builds up an information system respectively.
Information system operational analysis table sample formula is as follows, can select according to the complexity situation of system in practical operation Select business main in system, operation flow, business conduct, information assets, similar business is carried out whole Reason merges, and reduces the later stage and reduces the scope of tolerance.Or according to the systemic-function of establishment in systems development process Inventory carries out operational analysis, to reach the effect got twice the result with half the effort.
Body series security measure index is the most corresponding with system business function, and this corresponding relation source Exploitation design process in system.And the business that information system is supported is fixing, operation flow and business Behavior is just cured in systems when system Construction, will not arbitrarily change, so such business combing divides Analysis work has only to using the method for the first time when do once.Only when business demand changes, Just need some of which operation flow and business conduct are carried out some amendments, or to a newly-increased new industry Business carries out combing.
Step 2: Information Security Risk is measured
To the information assets involved by information system, (assets scope is exactly the letter in information system operational analysis table Breath assets) measure, calculate the security risk value of each riskless asset.
Here to reduce the complexity of tolerance, the accurate of tolerance can be improved by presetting assets scope Property.Although have employed existing security measure method based on risk, but it being permissible that measurement results obtains accuracy Ensure.Reason is as follows: first, and the scope of tolerance is very clear and definite, i.e. petty bourgeoisie involved by business conduct Product scope, and the most only calculate the value-at-risk of assets, it is not necessary to consider the situation of multiple assets;The Two, the method has relatively firm theoretical basis and reality in terms of asset identification, threat identification and weakness identification Trample advantage, for the security measure result of on a small scale single risk factor or relatively objective and accurately.
Step 3:
Service security metric parameter includes assets operation degree of association parameter PA, business conduct significance level parameter PO, operation flow significance level parameter PF
Establishing method:
First, according to the degree of association between each assets related in operational indicator, complete this operational indicator time The importance degree etc. of corresponding assets is ranked up from high to low.
Then, it is determined that principle of determining parameters.The scope 0 < P < 1 of such as setup parameter, and P1+P2+ ...+Pn=1. And with reference in existing security risk measure, assets C (confidentiality)/I (integrity)/A (availability), Threat frequency, the assignment mode of the weakness order of severity, carry out parameter setting.
Finally, relevant parameter is determined.Represent with aggregate manner,
Parameter sets such as business conduct 1 underlying assets is: Pa={ pa1,pa2,…panDescribed an represents n-th Assets;Described n is the integer not less than 1.
The parameter sets of operation flow 1 related service behavior is: Po={ po1,po2,…pon};Described on represents N assets;Described n is the integer not less than 1.
The parameter sets of business 1 related business process is: Pf={ pf1,pf2,…pfn};Described fn represents n-th Assets;Described n is the integer not less than 1.
Step 4: service security tolerance quantum chemical method
Definition: soRepresent business conduct security measure index, sfRepresent operation flow security measure index, sBTable Show business general safety metric.
Matrix AS=(oisA1,oisA2,...oisAn), described ASRepresent business conduct oiInvolved information assets peace Full value-at-risk, is second step result of calculation, matrix PS=(oipa1,oipa2,...oipan), PSRepresent each assets pair The security implication degree parameter answered;Described oisAnFor business conduct oiThe security risk of An the assets related to Value;Described oipanFor business conduct oiThe security implication angle value of an the assets related to.
Matrix OS=(FisO1,FisO2,...FisOn), represent flow process FiBusiness conduct security risk value, be business Behavior safety measurement results, matrix Po=(FiSo1,FiSo2,...FiSon), represent the safe shadow that each business behavior is corresponding Loudness parameter;Described FisonFor business conduct FiThe security risk value of On the assets related to;Described FiSon For business conduct FiThe security implication angle value of on the assets related to.
Matrix FS=(BisF1,BisF2,...BisFn), represent composition business BiOperation flow security risk value, be Operation flow security measure result, matrix Pf=(Bipf1,Bipf2,...Bipfn), represent that each operation flow is corresponding Security implication degree parameter;Described BisFnFor business conduct FiThe B related toiThe security risk value of individual assets; Described BipfnFor business conduct FiThe security implication angle value of fn the assets related to.
Then:
Behavior safety index: S o = A s P a T / i = &Sigma; n = 1 i S An p an / i ; Described i is assets number.
Flow process safety index: S F = O s P o T / i = &Sigma; n = 1 j S on p on / j ; Described j is business conduct number.
Service security index: S B = F s P f T / k = &Sigma; n = 1 k S Fn p fn / k ; Described k is operation flow number.
So far, service security tolerance quantized value is formed.
It should be noted that containing of the value of n and i in different formulas in this example and the physical quantity of representative Justice is only limitted to this formula, does not affect the value of n in other formula and the implication of physical quantity.
This example carry out information security tolerance time idiographic flow as shown in Figure 4, including:
Step 01: data acquisition: by the data acquisition unit on device, gathers safety in network equipment and quotes Event, the source data such as system journal.
Step 02: data screening: according to predefined data screening rule, screens with index calculates relevant Data, and these data are sorted out, similar events carries out merger.
Step 03: data analysis: in the data newly collected according to data analysis rule relative analysis and rule Difference between the threshold values of definition, and contrast with the data gathered last time, analyse whether to change.
Step 04: data movement judges: without variation, device handling process forwards step 01 data to Gather;If there being variation, enter step 05 amount of change fractional analysis.
Step 05: amount of change fractional analysis: according to predefined amount of change fractional analysis rule, this is changed Situation carries out numerical quantization.
Step 06: index calculates feedback: according to predefined index calculating method, calculates index of correlation, And result of calculation is fed back to device user by the form such as note, mail.
Step 07: rule and method manages: device provides the customization to dependency rule and computational methods to manage, Operate including increase, delete, revise, inquiry etc..
In several embodiments provided herein, it should be understood that disclosed equipment and method, Can realize by another way.Apparatus embodiments described above is only schematically, such as, The division of described unit, is only a kind of logic function and divides, and actual can have other division when realizing Mode, such as: multiple unit or assembly can be in conjunction with, or are desirably integrated into another system, or some are special Levy and can ignore, or do not perform.It addition, the coupling each other of shown or discussed each ingredient, Or direct-coupling or communication connection can be the INDIRECT COUPLING by some interfaces, equipment or unit or logical Letter connect, can be electrical, machinery or other form.
The above-mentioned unit illustrated as separating component can be or may not be physically separate, makees The parts shown for unit can be or may not be physical location, i.e. may be located at a place, Can also be distributed on multiple NE;Can select according to the actual needs therein partly or entirely Unit realizes the purpose of the present embodiment scheme.
It addition, each functional unit in various embodiments of the present invention can be fully integrated into a processing module In, it is also possible to it is that each unit is individually as a unit, it is also possible to two or more unit collection Become in a unit;Above-mentioned integrated unit both can realize to use the form of hardware, it would however also be possible to employ Hardware adds the form of SFU software functional unit and realizes.
One of ordinary skill in the art will appreciate that: realize all or part of step of said method embodiment Can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in a computer-readable Taking in storage medium, this program upon execution, performs to include the step of said method embodiment;And it is aforementioned Storage medium include: movable storage device, read only memory (ROM, Read-Only Memory), Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various The medium of program code can be stored.
The above, the only detailed description of the invention of the present invention, but protection scope of the present invention is not limited to In this, any those familiar with the art, can be easily in the technical scope that the invention discloses Expect change or replace, all should contain within protection scope of the present invention.Therefore, the protection of the present invention Scope should be as the criterion with described scope of the claims.

Claims (12)

1. an information security measure, it is characterised in that described method includes:
Obtain information security associated data;
Resolve the described security association data acquisition security risk data corresponding to each operational indicator;
The value-at-risk that each operational indicator is corresponding is determined according to described security risk data.
Method the most according to claim 1, it is characterised in that
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described according to described security risk data determine value-at-risk corresponding to each operational indicator include following at least One of them:
The value-at-risk that described business conduct index is corresponding is determined according to described security risk data;
The value-at-risk that described operation flow index is corresponding is determined according to described security risk data;
The value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
Method the most according to claim 1 and 2, it is characterised in that
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, bag Include:
The described security risk number that the described security risk data obtained in n-th moment obtained with the (n-1)th moment According to comparing, form comparative result;Wherein, described n is the integer not less than 2;Described n-th moment It is later than described (n-1)th moment;
Amount of change is determined whether according to comparative result;
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, including:
When relating to the amount of change that value-at-risk calculates, use amount of change analysis strategy that described amount of change is carried out Numerical quantization;
Described value-at-risk is determined according to described numerical quantization.
Method the most according to claim 3, it is characterised in that
Described determine, according to described security risk data, the value-at-risk that each operational indicator is corresponding, also include:
When the amount of change calculated without reference to value-at-risk, return the step obtaining described information security associated data Suddenly.
Method the most according to claim 3, it is characterised in that
Described parsing described security association data acquisition is corresponding to the security risk data of each operational indicator, also Including:
Screen the described security association data acquisition security risk data corresponding to each operational indicator.
Method the most according to claim 3, it is characterised in that
Described foundation comparative result determines whether amount of change, including:
The first parameter in described comparative result shows the described safe wind direction data in described n-th moment is different When described security risk data second parameter in described (n-1)th moment, determine the first parameter and the second parameter Corresponding threshold interval is the most identical;Wherein, the interval that described threshold interval is specified in being analysis rule;
When the threshold interval corresponding with the second parameter when the first parameter differs, determine there is amount of change, when first When the parameter threshold interval corresponding with the second parameter differs, determine there is no amount of change.
7. an information security measurement apparatus, it is characterised in that described device includes:
Acquiring unit, is used for obtaining information security associated data;
Resolution unit, for resolving the described security association data acquisition safety wind corresponding to each operational indicator Danger data;
Determine unit, for determining, according to described security risk data, the value-at-risk that each operational indicator is corresponding.
Device the most according to claim 7, it is characterised in that
Described operational indicator includes business conduct index, operation flow index and business tine index at least One of them;
Wherein, described business conduct index is the index corresponding to a business operation behavior;
Described operation flow index is several operation flows formed according to execution sequence business operation behavior Index;
Described business tine index is the index of the business tine that at least one described operation flow completes;
Each described business tine index correspond to the assets specified in information system;
Described determine unit, specifically for determining described business conduct index pair according to described security risk data The value-at-risk answered, and/or determine, according to described security risk data, the risk that described operation flow index is corresponding Value, and/or the value-at-risk of assets corresponding to described business tine is determined according to described security risk data.
9. according to the device described in claim 7 or 8, it is characterised in that
Described resolution unit, including:
Comparison module, for the described security risk data and the acquisition of the (n-1)th moment that were obtained in the n-th moment Described security risk data compare, and form comparative result;Wherein, described n is the integer not less than 2; Described n-th moment is later than described (n-1)th moment;
Determine module, for determining whether amount of change according to comparative result;
Described determine unit, specifically for when relating to the amount of change that value-at-risk calculates, use amount of change to divide Analysis strategy carries out numerical quantization to described amount of change;And determine described value-at-risk according to described numerical quantization.
Device the most according to claim 9, it is characterised in that
Described determine unit, be additionally operable to, when the amount of change calculated without reference to value-at-risk, trigger described acquisition Unit obtains described information security associated data.
11. devices according to claim 9, it is characterised in that
Described resolution unit, is additionally operable to screen described security association data acquisition corresponding to each operational indicator Security risk data.
12. devices according to claim 9, it is characterised in that
Described determine module, specifically for showing the described safety wind in described n-th moment when described comparative result When the first parameter in data is different from described security risk data second parameter in described (n-1)th moment, Determine that the first parameter threshold interval corresponding with the second parameter is the most identical;Wherein, described threshold interval is for dividing The interval specified in analysis rule;Determine do not have when the threshold interval that the first parameter is corresponding with the second parameter is identical Amount of change, when the threshold interval corresponding with the second parameter when the first parameter differs, determines there is amount of change.
CN201510020740.6A 2015-01-15 2015-01-15 Information security measure and device Active CN105844169B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510020740.6A CN105844169B (en) 2015-01-15 2015-01-15 Information security measure and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510020740.6A CN105844169B (en) 2015-01-15 2015-01-15 Information security measure and device

Publications (2)

Publication Number Publication Date
CN105844169A true CN105844169A (en) 2016-08-10
CN105844169B CN105844169B (en) 2019-09-13

Family

ID=56580065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510020740.6A Active CN105844169B (en) 2015-01-15 2015-01-15 Information security measure and device

Country Status (1)

Country Link
CN (1) CN105844169B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107562929A (en) * 2017-09-15 2018-01-09 北京安点科技有限责任公司 The arrangement method and device of threat assets based on big data analysis
CN108427624A (en) * 2017-02-13 2018-08-21 阿里巴巴集团控股有限公司 A kind of recognition methods of system stability risk and equipment
CN113553583A (en) * 2021-07-28 2021-10-26 中国南方电网有限责任公司 Information system asset security risk assessment method and device
CN114019942A (en) * 2021-11-04 2022-02-08 哈尔滨工业大学 Industrial robot system security threat evaluation method based on time-sharing frequency

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1761208A (en) * 2005-11-17 2006-04-19 郭世泽 System and method for evaluating security and survivability of network information system
CN101374051A (en) * 2008-08-22 2009-02-25 中国航天科工集团第二研究院七○六所 Method for evaluating information system risk base on multi-element fusion
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN101674302A (en) * 2009-09-25 2010-03-17 联想网御科技(北京)有限公司 Method and device for conducting security identification on information system
CN101770602A (en) * 2008-12-31 2010-07-07 国立成功大学 Flight safety margin risk evaluating method, specialist system and establishing method thereof
CN102081622A (en) * 2009-11-30 2011-06-01 中国移动通信集团贵州有限公司 Method and device for evaluating system health degree
US20110173146A1 (en) * 2006-06-12 2011-07-14 John Harris Hnatio Complexity systems management method
CN102402723A (en) * 2011-11-03 2012-04-04 北京谷安天下科技有限公司 Method and system for detecting security of information assets
CN102622668A (en) * 2012-02-13 2012-08-01 中国科学院科技政策与管理科学研究所 Risk early warning method based on technological processes
CN102663530A (en) * 2012-05-25 2012-09-12 中国南方电网有限责任公司超高压输电公司 Safety early warning and evaluating system for high-voltage direct current transmission system
CN102752142A (en) * 2012-07-05 2012-10-24 深圳市易聆科信息技术有限公司 Monitoring method and system based on multidimensional modeled information system
CN102819813A (en) * 2012-08-20 2012-12-12 浙江大学 Security risk assessment method for intelligent substation automation system
CN103366244A (en) * 2013-06-19 2013-10-23 深圳市易聆科信息技术有限公司 Method and system for acquiring network risk value in real time
CN103927631A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation
CN103996006A (en) * 2013-02-17 2014-08-20 中国移动通信集团山西有限公司 Information system security risk assessment method and device
CN104052635A (en) * 2014-06-05 2014-09-17 北京江南天安科技有限公司 Risk situation prediction method and system based on safety pre-warning

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1761208A (en) * 2005-11-17 2006-04-19 郭世泽 System and method for evaluating security and survivability of network information system
US20110173146A1 (en) * 2006-06-12 2011-07-14 John Harris Hnatio Complexity systems management method
CN101374051A (en) * 2008-08-22 2009-02-25 中国航天科工集团第二研究院七○六所 Method for evaluating information system risk base on multi-element fusion
CN101436967A (en) * 2008-12-23 2009-05-20 北京邮电大学 Method and system for evaluating network safety situation
CN101770602A (en) * 2008-12-31 2010-07-07 国立成功大学 Flight safety margin risk evaluating method, specialist system and establishing method thereof
CN101674302A (en) * 2009-09-25 2010-03-17 联想网御科技(北京)有限公司 Method and device for conducting security identification on information system
CN102081622A (en) * 2009-11-30 2011-06-01 中国移动通信集团贵州有限公司 Method and device for evaluating system health degree
CN102402723A (en) * 2011-11-03 2012-04-04 北京谷安天下科技有限公司 Method and system for detecting security of information assets
CN102622668A (en) * 2012-02-13 2012-08-01 中国科学院科技政策与管理科学研究所 Risk early warning method based on technological processes
CN102663530A (en) * 2012-05-25 2012-09-12 中国南方电网有限责任公司超高压输电公司 Safety early warning and evaluating system for high-voltage direct current transmission system
CN102752142A (en) * 2012-07-05 2012-10-24 深圳市易聆科信息技术有限公司 Monitoring method and system based on multidimensional modeled information system
CN102819813A (en) * 2012-08-20 2012-12-12 浙江大学 Security risk assessment method for intelligent substation automation system
CN103996006A (en) * 2013-02-17 2014-08-20 中国移动通信集团山西有限公司 Information system security risk assessment method and device
CN103366244A (en) * 2013-06-19 2013-10-23 深圳市易聆科信息技术有限公司 Method and system for acquiring network risk value in real time
CN103927631A (en) * 2014-04-30 2014-07-16 南方电网科学研究院有限责任公司 Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation
CN104052635A (en) * 2014-06-05 2014-09-17 北京江南天安科技有限公司 Risk situation prediction method and system based on safety pre-warning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
唐思思: "基于离散动态贝叶斯网络的信息安全风险评估方法的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108427624A (en) * 2017-02-13 2018-08-21 阿里巴巴集团控股有限公司 A kind of recognition methods of system stability risk and equipment
CN108427624B (en) * 2017-02-13 2021-03-02 创新先进技术有限公司 System stability risk identification method and device
CN107562929A (en) * 2017-09-15 2018-01-09 北京安点科技有限责任公司 The arrangement method and device of threat assets based on big data analysis
CN113553583A (en) * 2021-07-28 2021-10-26 中国南方电网有限责任公司 Information system asset security risk assessment method and device
CN114019942A (en) * 2021-11-04 2022-02-08 哈尔滨工业大学 Industrial robot system security threat evaluation method based on time-sharing frequency
CN114019942B (en) * 2021-11-04 2023-08-29 哈尔滨工业大学 Industrial robot system security threat evaluation method based on time-sharing frequency

Also Published As

Publication number Publication date
CN105844169B (en) 2019-09-13

Similar Documents

Publication Publication Date Title
Harrigan et al. Designation and trend analysis of the updated UK Benchmark Network of river flow stations: The UKBN2 dataset
JP5300761B2 (en) Energy distribution calculation device
CN105844169A (en) Method and device for information safety metrics
CN103929330B (en) Domain name service method for evaluating quality and system
Simpson Geography conversion tables: a framework for conversion of data between geographical units
CN107908533B (en) A kind of monitoring method, device, computer readable storage medium and the equipment of database performance index
CN110827169B (en) Distributed power grid service monitoring method based on grading indexes
CN108345985A (en) A kind of power distribution network Data Quality Assessment Methodology and system
CN107679734A (en) It is a kind of to be used for the method and system without label data classification prediction
D'Avanzo et al. Cosmic functional measurement of mobile applications and code size estimation
CN105894329A (en) Data analysis method and device
Schuh et al. Methodology for the assessment of structural complexity in global production networks
CN111881124A (en) Data processing method and system based on state estimation of improved algorithm
CN114881343A (en) Short-term load prediction method and device of power system based on feature selection
CN111985163B (en) Rubidium clock life prediction method and device
CN113807587B (en) Integral early warning method and system based on multi-ladder nuclear deep neural network model
US20160147838A1 (en) Receiving node, data management system, data management method and strage medium
CN108599147A (en) Combination section prediction technique based on normal state exponential smoothing and Density Estimator
CN112100165A (en) Traffic data processing method, system, device and medium based on quality evaluation
Li et al. An information model for use in software management estimation and prediction
CN112305603B (en) Quality monitoring method and system for node instrument
CN108712303A (en) A kind of the tail delay evaluation system and method for cloud platform
Martinović Halo statistics analysis within medium volume cosmological N-body simulation
CN114792232B (en) Engineering quantity processing method, system, equipment and readable storage medium
McFadden et al. Survey and analysis of quality measures used in aspect mining

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant