CN109861977A - A kind of method that promotion personnel awareness of network security is promoted - Google Patents

A kind of method that promotion personnel awareness of network security is promoted Download PDF

Info

Publication number
CN109861977A
CN109861977A CN201811616290.7A CN201811616290A CN109861977A CN 109861977 A CN109861977 A CN 109861977A CN 201811616290 A CN201811616290 A CN 201811616290A CN 109861977 A CN109861977 A CN 109861977A
Authority
CN
China
Prior art keywords
network security
awareness
personnel
knowledge
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811616290.7A
Other languages
Chinese (zh)
Other versions
CN109861977B (en
Inventor
王宇
齐斌
李冀兴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hongshan Ruida Technology Co Ltd
National Computer Network and Information Security Management Center
Original Assignee
Beijing Hongshan Ruida Technology Co Ltd
National Computer Network and Information Security Management Center
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hongshan Ruida Technology Co Ltd, National Computer Network and Information Security Management Center filed Critical Beijing Hongshan Ruida Technology Co Ltd
Priority to CN201811616290.7A priority Critical patent/CN109861977B/en
Publication of CN109861977A publication Critical patent/CN109861977A/en
Application granted granted Critical
Publication of CN109861977B publication Critical patent/CN109861977B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of methods that promotion personnel awareness of network security is promoted, comprising the following steps: S1: the building of awareness of network security lift frame;S2: awareness of network security promotes platform construction;S3: knowledge examination system;S4: awareness of network security evaluation system;S5: personnel risk assessment system;S6: knowledge expertise training system.The invention proposes TET (Testing, Evaluation, Training) awareness of network security lift frame and corresponding application platform, and demonstration is passed through by actual test and has been checked and accepted, it is practicable to improve the personnel's awareness of network security level for participating in experiment, reference and data are provided for the research in the field.The network security education that the common people are assisted by comprehensive, system, effective awareness of network security lift frame and technology realizes that crew safeguards cyberspace safety and awareness of safety angle maintenance security of information assets jointly.

Description

A kind of method that promotion personnel awareness of network security is promoted
Technical field
The present invention relates to awareness of network security technical field, specially a kind of side of promotion personnel awareness of network security promotion Method.
Background technique
The whole world has exceeded 3000 disclosed leaking data events within 2016, wherein 2,200,000,000 records are disclosed.Relevant departments The reason of analysis finds, the causes leaking data loophole intrinsic in addition to system originates from organization internal employee violation operation mostly Caused, such as weak password account, Misuse movable storage device browse illegal website, download of malware, by phishing Deng, and these violation operations are all considered as awareness of network security deficiency.
Network security is not only related to the safety problems such as the information of netizen individual, assets, is more possible to directly influence National security promotes awareness of network security, has received the great attention of countries in the world official at present, " network security method " In explicitly point out the awareness of network security and level for taking measures to improve the whole society, form the whole society and participate in that network is promoted to pacify jointly Full good environment also indicates that whole society's awareness of network security eager to excel in whatever one does and protection skill, improves that numerous netizens are illegal to network to be had The identification of the illegal activities such as evil information, network fraud and resilience.
Existing network security training and communication and education are not obvious the promotion effect of consciousness, need it is comprehensive, be The network security education of system, effective awareness of network security lift frame and the technology auxiliary common people, to realize that crew is common It safeguards cyberspace safety, safeguards security of information assets from personnel safety consciousness angle.
Summary of the invention
The purpose of the present invention is to provide a kind of methods that promotion personnel awareness of network security is promoted, and propose TET network Awareness of safety lift frame and corresponding application platform, and demonstration has been passed through by actual test and has been checked and accepted, it is practicable The personnel's awareness of network security level for participating in experiment is improved, provides reference and data for the research in the field.By comprehensive , network security education of system, effective awareness of network security lift frame and the technology auxiliary common people, realize that crew is common Safeguard that cyberspace safety and awareness of safety angle safeguard security of information assets, to solve mentioned above in the background art ask Topic.
To achieve the above object, the invention provides the following technical scheme: what a kind of promotion personnel awareness of network security was promoted Method, comprising the following steps:
S1: awareness of network security lift frame building, the specific steps are as follows:
A, the degree of awareness of personnel safety consciousness, the understanding level of knowledge, technical ability and risk are accurately held by means Whether Professional Demand is met;
B, it is analyzed using concrete condition of the statistical method to personnel's awareness of network security, determines personnel's knowledge, technical ability Hierarchical structure and ability level, and take comprehensively and have targetedly method carry out freestanding autonomous education and promoted;
C, more strong personnel's network security defence line is constructed, TET frame is periodically recycled and builds personnel to peace Omniscient is known, skill master is horizontal, i.e., improves the knowledge of personnel, technical ability water by periodic cyclic test, assessment and training (TET) It is flat;
D, on the basis of personal network awareness of safety framework function PCSA, the awareness of network security for constructing organizations is promoted Frame evaluation function;
S2: awareness of network security promotes platform construction, promotes platform according to TET Frame Design building awareness of network security, And carry out system testing;
S3: knowledge examination system, the specific steps are as follows:
A, by the methods of CAT item judgement subject to network security knowledge, the grasp situation of technical ability;
B, situation adaptivity of answering according to subject testing requirement and in real time extracts the suitable network security knowledge of difficulty Point examination question differentiates personal network's security knowledge skill master level and specific short slab;
C, targetedly knowledge examination is carried out to employee according to network security knowledge library and enterprise network security specification, and raw It is reported at the examination of science;
D, study, result of training are analyzed from history learning angle analysis by the Check of comparison different phase, And the ' Current Knowledge Regarding of tested personnel in the following short time is analyzed according to the fitting situation algorithm based on big data, it is pre- in time It is alert;
S4: awareness of network security evaluation system, the specific steps are as follows:
A, pass through computer system log audit cooperation method or network analog attacking and defending, simulating scenes rehearsal, threat information Non- cooperation method is analyzed objectively to measure the awareness of network security or ability of subject and scientific evaluation;
B, the service tested, assessed for the network security confidential notions of specified crowd, according to tracking as a result, dividing Analyse, assess the awareness of network security of tested crowd;
C, quantitative evaluation is carried out to the awareness of network security of tested unit, exports statistical result and report, to different tested The awareness of network security of mechanism carries out across comparison ranking, indulges the awareness of network security of single in-house different times To comparing;
D, the networked asset of synthesis's unit and personnel risk relationship form corresponding Risk Assessment Report;
S5: personnel risk assessment system, the specific steps are as follows:
A, consider from personnel safety risk factors angle, realize in conjunction with cyberspace security developments Study on Trend personnel safety Influence or loss appraisal of the state to cyberspace, networked asset;
B, by safe and secret consciousness evaluation system and knowledge examination system, the examination assessment knot of tested concerning security matters personnel is obtained Fruit reflects the posteriori fragility of tested personnel, by psychological test as a result, obtaining its inborn fragility, from two sides of body and mind Face, inside and outside two aspects, evaluate and test the fragility of concerning security matters personnel comprehensively;
C, by acquiring the violation operation warning message of concerning security matters personnel, the viral trojan horse detection report of used concerning security matters carrier Alert information and the threat warning information on concerning security matters place periphery and inside, obtain the threat index that concerning security matters personnel face;
D, by counting level of confidentiality, the level of confidentiality in place post, the quantity of held carrier and the level of confidentiality of concerning security matters personnel, being participated in The information such as the movable quantity of concerning security matters and level of confidentiality obtain the assets value index of concerning security matters personnel, these indexs are integrated, and with The different visual means of radar map, histogram are shown, and comprehensively, system, scientifically evaluate single concerning security matters personnel or entire The security risk situation of unit concerning security matters personnel;
E, trace analysis causes the main reason for risk and historical variations situation, is taught by accurately security management and secrecy Offer decision-making foundation is provided;
F, according to above-mentioned appraisal procedure, personal and enterprise personnel awareness of network security test and evaluation reports are generated;
G, the network security situation awareness report of each employee of synthesis, extracts the risk elements in each post, according to upper Appraisal procedure is stated, the report of enterprise network security developing state is autonomously generated;
S6: knowledge expertise training system, the specific steps are as follows:
A, based on evaluating result, it is guidance with job position demand and network security knowledge library, establishes raising personnel Network security attainment and the customization educational training activity of system implemented;
B, the training scheme of personnel is determined according to assessment result and knowledge base, and pushed by Intelligent dialogue system, short essay, Training activity is unfolded in simulation practical operation, content training multi-angle at many levels;
C, personnel's awareness of network security cultivating system model is constructed, the element and evaluation that analysis personnel safety consciousness is constituted refer to Mark system, and by culture and propaganda action a surname reach, online knowledge training examination, social worker's attacking and defending practice measures it is influenced because Element, establishes scientific and reasonable knowledge classification system and behavioral standard, and quantization tracks the net of each personnel or even entire organization Network security risk;
D, simulated training method is analyzed and threatened by quantized data, converts shadow for newest assault in time The knowledge and skills for realizing training are rung, mobilism, ensured sustained development and network security development trend are adapted, constantly promotion is established Awareness of network security promoted cultivation mechanism;
E, awareness of network security cultivating system model foundation, it is accurate to construct by the analysis to awareness of network security element Image model and influence of the Essential Elements Of Analysis to overall awareness;
F, by reconstructed network security knowledge base, acquisition of knowledge degree and theoretical level are accurately reflected to the examination of people;
G, knowledge based system model and Analysis on evaluation outcomes current network security situation, it is timely in conjunction with cyberspace environment Early warning is gameeed in advance.
Preferably, the general formula for the TET Frame Theory that C is walked in the step S1 are as follows:
Wherein, TeijRefer to the efficiency of personnel i jth time test, EijRefer to the efficiency of its jth time assessment, TrijRefer to its The efficiency of j training, rmj∈ [0,1], m=1,2,3, refer to that jth time implementation effect meets expected probability value;J=1 ..., J refers to the number for executing TET lift frame, and t={ 1 ..., 12 } is the period for executing TET, the period using the moon as minimum unit, m For periodic attenuation corrected parameter, the corrected parameter m=0.476 of TET frame.
Preferably, the frame evaluation function that d is walked in the step S1 are as follows:
Wherein, N is the total number of persons that the tissue participates in that awareness of network security is promoted, wm=(0,1], m=1,2,3 refer to correspondence Weight of the execution module in lift frame, PHS, that is, tissue crew awareness of network security lift frame design effect account for expection Percentage.
Preferably, it includes that Cognitive Aptitude Test system, knowledge expertise are examined that the step S2 awareness of network security, which promotes platform, Core system, awareness of network security risk evaluating system and awareness of network security training system.
Preferably, the theory of testing that b is walked in the step S3 includes that item response theory and cognitive diagnosis are theoretical.
Preferably, b pacing tries in the step S4, the method for the service of assessment includes short message fishing, mail fishing, file Fishing, USB device fishing, wifi fishing and two dimensional code fishing.
Compared with prior art, the beneficial effects of the present invention are: the invention proposes TET (Testing, Evaluation, Training) awareness of network security lift frame and corresponding application platform, and passed through demonstration by actual test and tested Receive, it is practicable improve participate in experiment personnel awareness of network security it is horizontal, for the field research provide with reference to Data assist the network security of the common people to teach by comprehensive, system, effective awareness of network security lift frame and technology It educates, realizes that crew safeguards cyberspace safety and awareness of safety angle maintenance security of information assets jointly.
Detailed description of the invention
Fig. 1 is that the method awareness of network security promotion platform that a kind of promotion personnel awareness of network security of the invention is promoted is set Meter figure;
Fig. 2 is that the method periodic network awareness of safety that a kind of promotion personnel awareness of network security of the invention is promoted is promoted Effect attenuation curve figure;
Fig. 3 is the method score of the examination exemplary diagram that a kind of promotion personnel awareness of network security of the present invention is promoted;
Fig. 4 is the method score of the examination tendency chart that a kind of promotion personnel awareness of network security of the present invention is promoted;
Fig. 5 is the method awareness of network security evaluation system frame that a kind of promotion personnel awareness of network security of the present invention is promoted Figure;
Fig. 6 is the quantifiable personnel's awareness of network security of method that a kind of promotion personnel awareness of network security of the present invention is promoted Evaluation index figure;
Fig. 7 is the method awareness of network security cultivating system structure that a kind of promotion personnel awareness of network security of the present invention is promoted Block diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
Fig. 1-7 is please referred to, the present invention provides a kind of technical solution: a kind of side that promotion personnel awareness of network security is promoted Method, comprising the following steps:
S1: awareness of network security lift frame building, the specific steps are as follows:
A, the degree of awareness of personnel safety consciousness, the understanding level of knowledge, technical ability and risk are accurately held by means Whether Professional Demand is met;
B, it is analyzed using concrete condition of the statistical method to personnel's awareness of network security, determines personnel's knowledge, technical ability Hierarchical structure and ability level, and take comprehensively and have targetedly method carry out freestanding autonomous education and promoted; There may be variation, knowledge, the skills of personnel with technology development and the influence of cyberspace for network security knowledge, technical ability and cognition Level, which can be grasped, to decay with the time;
C, more strong personnel's network security defence line is constructed, TET frame is periodically recycled and builds personnel to peace Omniscient is known, skill master is horizontal, i.e., improves the knowledge of personnel, technical ability water by periodic cyclic test, assessment and training (TET) It is flat;
D, on the basis of personal network awareness of safety framework function PCSA, the awareness of network security for constructing organizations is promoted Frame evaluation function;It periodically uses and helps to improve personal network's awareness of safety in TET Frame Theory, but because everyone Learning ability, memory level and acceptance level it is multifarious;
S2: awareness of network security promotes platform construction, promotes platform according to TET Frame Design building awareness of network security, And carry out system testing;
Safe and secret consciousness assessment is to be attacked using various social engineering attack tools as main means by simulating various networks Hit scene, how actual measurement concerning security matters personnel dispose reply assault, and then examine its safe and secret consciousness and Whether technical ability is identical with personnel's security requirements of locating (general, important, core) concerning security matters grade;Safe and secret knowledge is passed the examination Psychological test, objectively safe and secret knowledge examination, examine concerning security matters personnel to the Grasping level of safe and secret common sense, regulation;It surveys It comments the result of examination to be included in risk evaluating system, if risk assessment is unqualified, enters safe and secret knowledge expertise training system System, the automatic educational training for guiding concerning security matters personnel to strengthen weak links.The skills training of safe and secret knowledge expertise training system Operating level is focused on, knowledge training focuses on regulation, theoretic, emphasizes particularly on different fields, but is all based on network on-line study.In Fig. 1 What the circulation on the left side was focused on is ability culture, and what the circulation on the right was focused on is the study of knowledge, and the right and left passes through safe and secret Consciousness assessment is merged with the examination of safe and secret knowledge, carries out quantification by safe and secret risk assessment, precision is assessed In the knowledge learning and consciousness assessment process for analyzing and feeding back a new round, to realize concerning security matters personnel theory and practice, know The combination of knowledge and ability realizes the perforation from confidential notions to secrecy attainment, formed from external training to inherence;
S3: knowledge examination system, the specific steps are as follows:
A, by the methods of CAT item judgement subject to network security knowledge, the grasp situation of technical ability;Meter Calculation machine adaptive testing is at present for one of widely used test method of awareness of network security content test;
B, situation adaptivity of answering according to subject testing requirement and in real time extracts the suitable network security knowledge of difficulty Point examination question differentiates personal network's security knowledge skill master level and specific short slab;
C, targetedly knowledge examination is carried out to employee according to network security knowledge library and enterprise network security specification, and raw It is reported at the examination of science;As shown in Figure 4, examination report can sufficiently show that the network security knowledge of tested personnel grasps journey Degree, the customization suggestion of the network security knowledge and educational training of knowledge point specific situation up to standard and missing;
D, study, result of training are analyzed from history learning angle analysis by the Check of comparison different phase, As shown in Figure 5, and according to the fitting situation algorithm based on big data the acquisition of knowledge of tested personnel in the following short time is analyzed Situation, timely early warning;
S4: awareness of network security evaluation system, the specific steps are as follows:
B, pass through computer system log audit cooperation method or network analog attacking and defending, simulating scenes rehearsal, threat information Non- cooperation method is analyzed objectively to measure the awareness of network security or ability of subject and scientific evaluation;
B, the service tested, assessed for the network security confidential notions of specified crowd, according to tracking as a result, dividing Analyse, assess the awareness of network security of tested crowd;
C, quantitative evaluation is carried out to the awareness of network security of tested unit, exports statistical result and report, to different tested The awareness of network security of mechanism carries out across comparison ranking, indulges the awareness of network security of single in-house different times To comparing;
D, the networked asset of synthesis's unit and personnel risk relationship form corresponding Risk Assessment Report;
As shown in figure 3, awareness of network security evaluation system is a complication system that is more comprehensive and intersecting, seeped by fishing The modules such as test and Situation Awareness composition thoroughly.The angle that wherein penetration testing mainly passes through " people " is permeated, and mesh is utilized The weakness for marking technology resolution capability, sense of risk of people etc. in tissue, attacks system, equipment by indirect, But be used for personnel and permeate, obtain target mechanism sensitive information, system vulnerability or control.Currently to information system It unites the technology of protection, products & services comparatively perfect, it is big to permeate difficulty to it, and it is at high cost, by social engineering method to it It is a kind of cost-effective means that user of service, which carries out infiltration, reaches infiltration purpose using the weakness of people, is a new research Direction.In addition, different from traditional single osmotic engine, the system integration mail fishing, short message fishing, file fishing, USB are fished 6 kinds of penetration modes such as fish, WIFI fishing, cellular base station fishing.The technology being related to is wide, realizes that technology is complicated, and workload is very big, But the success rate of infiltration can be significantly greatly increased.System ultimately generates personal, enterprise network security developing state report, examines comprising knowledge Core, consciousness assessment situation and corresponding analysis, are further educational training, promote enterprise network security level and provide foundation. By to situation effectively perceive, according to the timely early warning of cyberspace environment.
S5: personnel risk assessment system, the specific steps are as follows:
A, consider from personnel safety risk factors angle, realize in conjunction with cyberspace security developments Study on Trend personnel safety Influence or loss appraisal of the state to cyberspace, networked asset;For subject, mainly show that subject shows in testing Cognitive ability, knowledge, the deficiency in technical ability and recommendation on improvement;
B, by taking personnel safety security risk shown in fig. 6 assessment as an example, pass through safe and secret consciousness evaluation system and knowledge Checking system obtains the examination evaluating result of tested concerning security matters personnel, reflects the posteriori fragility of tested personnel, passes through psychological test As a result, obtain its inborn fragility, in terms of body and mind two, it is two inside and outside in terms of, evaluate and test the fragility of concerning security matters personnel comprehensively;
C, by acquiring the violation operation warning message of concerning security matters personnel, the viral trojan horse detection report of used concerning security matters carrier Alert information and the threat warning information on concerning security matters place periphery and inside, obtain the threat index that concerning security matters personnel face;
D, by counting level of confidentiality, the level of confidentiality in place post, the quantity of held carrier and the level of confidentiality of concerning security matters personnel, being participated in The information such as the movable quantity of concerning security matters and level of confidentiality obtain the assets value index of concerning security matters personnel, these indexs are integrated, and with The different visual means of radar map, histogram are shown, and comprehensively, system, scientifically evaluate single concerning security matters personnel or entire The security risk situation of unit concerning security matters personnel;
E, trace analysis causes the main reason for risk and historical variations situation, is taught by accurately security management and secrecy Offer decision-making foundation is provided;
F, according to above-mentioned appraisal procedure, personal and enterprise personnel awareness of network security test and evaluation reports are generated;
G, the network security situation awareness report of each employee of synthesis, extracts the risk elements in each post, according to upper Appraisal procedure is stated, with the examination of " weak passwurd attack " and assessment data instance, is autonomously generated enterprise network security developing state report It accuses;
S6: knowledge expertise training system, the specific steps are as follows:
A, based on evaluating result, it is guidance with job position demand and network security knowledge library, establishes raising personnel Network security attainment and the customization educational training activity of system implemented;This system is given lessons etc. single compared to traditional lecturer Form proposes the ideal concepts for customizing education;
B, the training scheme of personnel is determined according to assessment result and knowledge base, and pushed by Intelligent dialogue system, short essay, Training activity is unfolded in simulation practical operation, content training multi-angle at many levels;
C, personnel's awareness of network security cultivating system model is constructed, the element and evaluation that analysis personnel safety consciousness is constituted refer to Mark system, and by culture and propaganda action a surname reach, online knowledge training examination, social worker's attacking and defending practice measures it is influenced because Element, establishes scientific and reasonable knowledge classification system and behavioral standard, and quantization tracks the net of each personnel or even entire organization Network security risk;
D, simulated training method is analyzed and threatened by quantized data, converts shadow for newest assault in time The knowledge and skills for realizing training are rung, mobilism, ensured sustained development and network security development trend are adapted, constantly promotion is established Awareness of network security promoted cultivation mechanism;The effectively network security overall qualities and ability of guidance and the personnel that promoted effectively are sent out Now and APT threat is defendd, the angle of people protects national key message infrastructure security from cyberspace safety;
E, awareness of network security cultivating system model foundation, it is accurate to construct by the analysis to awareness of network security element Image model and influence of the Essential Elements Of Analysis to overall awareness;
F, by reconstructed network security knowledge base, acquisition of knowledge degree and theoretical level are accurately reflected to the examination of people;
G, knowledge based system model and Analysis on evaluation outcomes current network security situation, it is timely in conjunction with cyberspace environment Early warning is gameeed in advance;Protection of Network Security consciousness is improved from the angle of prevention, reduces network security risk, network Awareness of safety cultivating system structural block diagram such as Fig. 7.
Specifically, the general formula for the TET Frame Theory that C is walked in the step S1 are as follows:
Wherein, TeijRefer to the efficiency of personnel i jth time test, EijRefer to the efficiency of its jth time assessment, TrijRefer to its The efficiency of j training, rmj∈ [0,1], m=1,2,3, refer to that jth time implementation effect meets expected probability value;J=1 ..., J refers to the number for executing TET lift frame, and t={ 1 ..., 12 } is the period for executing TET, the period using the moon as minimum unit, m For periodic attenuation corrected parameter, the corrected parameter m=0.476 of TET frame;Awareness of network security result of training may be at any time Decaying, it is therefore necessary to introduce memory curve affecting parameters, the matched curve of Considering experimental data, awareness of network security is promoted Effect can form attenuation curve according to the size for executing the period, as shown in Figure 1.Period is shorter, the effect that awareness of network security is promoted Fruit is better, but also therefore can consume a large amount of time, so determining that time cost etc. should be comprehensively considered when the training period again.
Specifically, the frame evaluation function that d is walked in the step S1 are as follows:
Wherein, N is the total number of persons that the tissue participates in that awareness of network security is promoted, wm=(0,1], m=1,2,3 refer to correspondence Weight of the execution module in lift frame, PHS, that is, tissue crew awareness of network security lift frame design effect account for expection Percentage.
Specifically, it includes that Cognitive Aptitude Test system, knowledge expertise are examined that the step S2 awareness of network security, which promotes platform, Core system, awareness of network security risk evaluating system and awareness of network security training system;As shown in Fig. 2, knowledge expertise is examined System and training system, which are relied primarily on, constructs knowledge base based on personnel safety knowledge hierarchy, and Cognitive Aptitude Test system relies primarily on In being based on tool storage room, personnel risk assessment system depends on achievement data library.
Specifically, the theory of testing that b is walked in the step S3 includes that item response theory and cognitive diagnosis are theoretical.
Specifically, b pacing tries in the step S4, the method for the service of assessment includes short message fishing, mail fishing, file Fishing, USB device fishing, wifi fishing and two dimensional code fishing.
In summary: the invention proposes the promotions of TET (Testing, Evaluation, Training) awareness of network security Frame and corresponding application platform, and demonstration has been passed through by actual test and has been checked and accepted, it is practicable to improve participation in fact The personnel awareness of network security tested is horizontal, provides reference and data for the research in the field, by it is comprehensive, system, have The network security education of awareness of network security lift frame and technology the auxiliary common people of effect, realize that crew safeguards cyberspace jointly Safety and awareness of safety angle safeguard security of information assets.
It although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, can be with A variety of variations, modification, replacement can be carried out to these embodiments without departing from the principles and spirit of the present invention by understanding And modification, the scope of the present invention is defined by the appended.

Claims (7)

1. a kind of method that promotion personnel awareness of network security is promoted, it is characterised in that: the following steps are included:
S1: awareness of network security lift frame building, the specific steps are as follows:
A, the degree of awareness of personnel safety consciousness is accurately held by means, whether is the understanding level of knowledge, technical ability and risk Meet Professional Demand;
B, it is analyzed using concrete condition of the statistical method to personnel's awareness of network security, determines the layer of personnel's knowledge, technical ability Secondary structure and ability level, and take comprehensively and there is the targetedly freestanding autonomous education of method progress to be promoted;
C, more strong personnel's network security defence line is constructed, periodically recycling TET frame builds personnel and knows safety Know, the grasp of technical ability level;
D, on the basis of personal network awareness of safety framework function PCSA, the awareness of network security lift frame of organizations is constructed Evaluation function;
S2: awareness of network security promotes platform construction, promotes platform according to TET Frame Design building awareness of network security, goes forward side by side Row system testing;
S3: knowledge examination system, the specific steps are as follows:
A, by the methods of CAT item judgement subject to network security knowledge, the grasp situation of technical ability;
B, situation adaptivity of answering according to subject testing requirement and in real time extracts the suitable network security knowledge examination question of difficulty, Differentiate personal network's security knowledge, the grasp level of technical ability and specific short slab;
C, targetedly knowledge examination, and generation section is carried out to employee according to network security knowledge library and enterprise network security specification Examination is reported;
D, study, result of training, and root are analyzed from history learning angle analysis by comparing the Check of different phase The ' Current Knowledge Regarding of tested personnel in the following short time, timely early warning are analyzed according to the fitting situation algorithm based on big data;
S4: awareness of network security evaluation system, the specific steps are as follows:
A, pass through computer system log audit cooperation method or network analog attacking and defending, simulating scenes rehearsal, threat intelligence analysis Non- cooperation method is objectively measured the awareness of network security or ability of subject and scientific evaluation;
B, the service tested, assessed for the network security confidential notions of specified crowd, according to tracking as a result, analyzing, commenting Estimate the awareness of network security of tested crowd;
C, quantitative evaluation is carried out to the awareness of network security of tested unit, exports statistical result and report, to different tested mechanisms Awareness of network security carry out across comparison ranking, longitudinal ratio is carried out to the awareness of network security of single in-house different times Compared with;
D, the networked asset of synthesis's unit and personnel risk relationship form corresponding Risk Assessment Report;
S5: personnel risk assessment system, the specific steps are as follows:
A, consider from personnel safety risk factors angle, in conjunction with cyberspace security developments Study on Trend personnel safety state of consciousness Influence or loss appraisal to cyberspace, networked asset;
B, by safe and secret consciousness evaluation system and knowledge examination system, the examination evaluating result of tested concerning security matters personnel is obtained, Reflect the posteriori fragility of tested personnel, by psychological test as a result, obtaining its inborn fragility, in terms of body and mind two, Inside and outside two aspects, evaluate and test the fragility of concerning security matters personnel comprehensively;
C, by acquiring the violation operation warning message of concerning security matters personnel, the viral trojan horse detection alarm signal of used concerning security matters carrier The threat warning information on breath and concerning security matters place periphery and inside obtains the threat index that concerning security matters personnel face;
D, pass through the level of confidentiality of statistics concerning security matters personnel, the level of confidentiality in place post, the quantity of held carrier and level of confidentiality, participated in concerning security matters The information such as movable quantity and level of confidentiality obtain the assets value index of concerning security matters personnel, these indexs are integrated, and with radar The different visual means of figure, histogram are shown, and comprehensively, system, scientifically evaluate single concerning security matters personnel or entire unit The security risk situation of concerning security matters personnel;
E, trace analysis causes the main reason for risk and historical variations situation, is mentioned by accurately security management and security education For decision-making foundation;
F, according to above-mentioned appraisal procedure, personal and enterprise personnel awareness of network security test and evaluation reports are generated;
G, the network security situation awareness report of each employee of synthesis, extracts the risk elements in each post, according to upper commentary Estimate method, is autonomously generated the report of enterprise network security developing state;
S6: knowledge expertise training system, the specific steps are as follows:
A, based on evaluating result, it is guidance with job position demand and network security knowledge library, establishes raising personnel network Safety culture and the individualized education training activity of system implemented;
B, the training scheme of personnel is determined according to assessment result and knowledge base, and passes through Intelligent dialogue system, short essay push, simulation Training activity is unfolded in practical operation, content training multi-angle at many levels;
C, personnel's awareness of network security cultivating system model is constructed, the element and evaluation index body that analysis personnel safety consciousness is constituted System, and by culture and propaganda action a surname reach, online knowledge training examination, social worker's attacking and defending practice measures to its influence factor, build Scientific and reasonable knowledge classification system and behavioral standard are found, quantization tracks the network security of each personnel or even entire organization Risk;
D, it analyzes by quantized data and threatens simulated training method, convert influence meaning for newest assault in time The knowledge and skills for knowing training establish mobilism, ensured sustained development and net that network security development trend is adapted, constantly being promoted Network awareness of safety promotes cultivation mechanism;
E, awareness of network security cultivating system model foundation, by the analysis to awareness of network security element, accurate building consciousness Model and influence of the Essential Elements Of Analysis to overall awareness;
F, by reconstructed network security knowledge base, acquisition of knowledge degree and theoretical level are accurately reflected to the examination of people;
G, knowledge based system model and Analysis on evaluation outcomes current network security situation, it is pre- in time in conjunction with cyberspace environment It is alert, it games in advance.
2. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step Awareness of network security lift frame includes cognition, knowledge expertise and training in rapid S1.
3. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step The general formula of the TET Frame Theory of C step in rapid S1 are as follows:
Wherein, TeijRefer to the efficiency of personnel i jth time test, EijRefer to the efficiency of its jth time assessment, TrijRefer to its jth time The efficiency of training, rmj∈ [0,1], m=1,2,3, refer to that jth time implementation effect meets expected probability value;J=1 ..., J refers to The number of execution TET lift frame, t=1 ..., and 12 } it is the period for executing TET, the period, m was using the moon as minimum unit Periodic attenuation corrected parameter, the corrected parameter m=0.476 of TET frame.
4. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step The frame evaluation function of d step in rapid S1 are as follows:
Wherein, N is the total number of persons that the tissue participates in that awareness of network security is promoted, wm=(0,1], m=1,2,3 refer to corresponding execution Weight of the module in lift frame, PHS, that is, tissue crew awareness of network security lift frame design effect account for expected hundred Divide ratio.
5. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step It includes Cognitive Aptitude Test system, knowledge expertise checking system, awareness of network security wind that rapid S2 awareness of network security, which promotes platform, Dangerous assessment system and awareness of network security training system.
6. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step The theory of testing of b step includes that item response theory and cognitive diagnosis are theoretical in rapid S3.
7. the method that a kind of promotion personnel awareness of network security according to claim 1 is promoted, it is characterised in that: the step Suddenly b pacing tries in S4, the method for the service of assessment includes short message fishing, mail fishing, file is gone fishing, USB device is gone fishing, wifi Fishing and two dimensional code fishing.
CN201811616290.7A 2018-12-28 2018-12-28 Method for promoting personnel network security awareness to be improved Active CN109861977B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811616290.7A CN109861977B (en) 2018-12-28 2018-12-28 Method for promoting personnel network security awareness to be improved

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811616290.7A CN109861977B (en) 2018-12-28 2018-12-28 Method for promoting personnel network security awareness to be improved

Publications (2)

Publication Number Publication Date
CN109861977A true CN109861977A (en) 2019-06-07
CN109861977B CN109861977B (en) 2021-04-30

Family

ID=66892995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811616290.7A Active CN109861977B (en) 2018-12-28 2018-12-28 Method for promoting personnel network security awareness to be improved

Country Status (1)

Country Link
CN (1) CN109861977B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112000562A (en) * 2020-08-25 2020-11-27 上海聚水潭网络科技有限公司 Enterprise safety consciousness training system
CN113055366A (en) * 2021-03-05 2021-06-29 北京交通大学 Social engineering attack simulation and verification quantitative evaluation method
CN113706349A (en) * 2021-09-06 2021-11-26 广西君子行科技有限公司 Secret education platform
CN114205121A (en) * 2021-11-17 2022-03-18 南方电网数字电网研究院有限公司 Information access security protection method for power grid data
CN115208638A (en) * 2022-06-24 2022-10-18 深圳零时科技有限公司 Network security consciousness assessment method and device
CN116777225A (en) * 2023-08-17 2023-09-19 清华大学 Quantification method, device, computer equipment and medium for enterprise security risk level

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050234755A1 (en) * 2000-04-26 2005-10-20 Safeoperations, Inc. Method, system, and computer program product for assessing information security
CN105513449A (en) * 2015-12-22 2016-04-20 国家电网公司 Comprehensive evaluation method for power grid regulating and controlling integral simulating training system
CN106059839A (en) * 2016-08-02 2016-10-26 北京永信至诚科技股份有限公司 Adaptive information security cloud training platform management method and system
WO2018070887A1 (en) * 2016-10-10 2018-04-19 Esecure Sp. Z O.O. A method for auditing the state of knowledge, skills and prudence and for motivating employees
CN108446848A (en) * 2018-03-21 2018-08-24 北京理工大学 Individual networks awareness of safety scalar quantization evaluation method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050234755A1 (en) * 2000-04-26 2005-10-20 Safeoperations, Inc. Method, system, and computer program product for assessing information security
CN105513449A (en) * 2015-12-22 2016-04-20 国家电网公司 Comprehensive evaluation method for power grid regulating and controlling integral simulating training system
CN106059839A (en) * 2016-08-02 2016-10-26 北京永信至诚科技股份有限公司 Adaptive information security cloud training platform management method and system
WO2018070887A1 (en) * 2016-10-10 2018-04-19 Esecure Sp. Z O.O. A method for auditing the state of knowledge, skills and prudence and for motivating employees
CN108446848A (en) * 2018-03-21 2018-08-24 北京理工大学 Individual networks awareness of safety scalar quantization evaluation method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ZEQUN HUANG: "Difficulty-Level Metric for Cyber Security Training", 《2015 IEEE INTERNATIONAL MULTI-DISCIPLINARY CONFERRENCE ON COGNITIVE METHODS IN SITUATION AWARENESS AND DECISION》 *
朱代祥: "人员网络安全意识整体解决方案", 《信息技术与标准化》 *
波涛: "网络安全风险评估关键技术探讨", 《科技与创新》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112000562A (en) * 2020-08-25 2020-11-27 上海聚水潭网络科技有限公司 Enterprise safety consciousness training system
CN113055366A (en) * 2021-03-05 2021-06-29 北京交通大学 Social engineering attack simulation and verification quantitative evaluation method
CN113706349A (en) * 2021-09-06 2021-11-26 广西君子行科技有限公司 Secret education platform
CN114205121A (en) * 2021-11-17 2022-03-18 南方电网数字电网研究院有限公司 Information access security protection method for power grid data
CN115208638A (en) * 2022-06-24 2022-10-18 深圳零时科技有限公司 Network security consciousness assessment method and device
CN115208638B (en) * 2022-06-24 2024-04-16 深圳零时科技有限公司 Network security consciousness assessment method and device
CN116777225A (en) * 2023-08-17 2023-09-19 清华大学 Quantification method, device, computer equipment and medium for enterprise security risk level

Also Published As

Publication number Publication date
CN109861977B (en) 2021-04-30

Similar Documents

Publication Publication Date Title
CN109861977A (en) A kind of method that promotion personnel awareness of network security is promoted
Ouellet et al. Network exposure and excessive use of force: Investigating the social transmission of police misconduct
Kennedy et al. The (un) known universe: Mapping gangs and gang violence in Boston
Lazo et al. Factors affecting hurricane evacuation intentions
Fischhoff Risk perception and communication
National Research Council et al. Review of the Department of Homeland Security's approach to risk analysis
CN109190975A (en) A kind of safety quality assessment method and system based on O2O and AR/VR
Slayton Measuring risk: Computer security metrics, automation, and learning
Fu et al. Investigation into the role of human and organizational factors in security work against terrorism at large-scale events
Strömgren et al. The usage of safety management tools in Swedish municipalities
CN113822781B (en) Ecological environment supervision method and system based on block chain
Russell et al. Community occupancy before‐after‐control‐impact (CO‐BACI) analysis of Hurricane Gudrun on Swedish forest birds
Kioskli et al. A socio-technical approach to cyber-risk assessment
Borum Mapping the terrain: The current state of risk and threat assessment practice in the violent extremism field
Raskob et al. Demands to and experience with the Decision Support System RODOS for off-site emergency management in the decision making process in Germany
Thaha et al. The framing of decision making support systems on increasing community resilience in disaster risk reduction efforts: a conceptual approach
Giocomo et al. 16 The Role of Joint Ventures in Bridging the Gap between Research and Management
Arkhipova Multisociometrical readiness characteristics in information security management
Lu et al. The strength distribution and combined duration prediction of online collective actions: Big data analysis and BP neural networks
CN109063485A (en) A kind of vulnerability classification statistical system and method based on loophole platform
Pang et al. Capturing the complexity and dynamism of decision making in PR: The contingency theory of strategic conflict management
Bertsch et al. Multi-criteria decision support and stakeholder involvement in emergency management
Köhler Structural quality standards for work to intervene with and counter violent extremism: A handbook for practitioners, state coordination units and civil society programme implementers in Germany
Hirschfield 12 Decision support in crime prevention Data analysis, policy evaluation and GIS
Seeba et al. Security level evaluation with F4SLE

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant