CN109902021A - A kind of information system security test quality evaluating method and system - Google Patents

A kind of information system security test quality evaluating method and system Download PDF

Info

Publication number
CN109902021A
CN109902021A CN201910189747.9A CN201910189747A CN109902021A CN 109902021 A CN109902021 A CN 109902021A CN 201910189747 A CN201910189747 A CN 201910189747A CN 109902021 A CN109902021 A CN 109902021A
Authority
CN
China
Prior art keywords
test
information system
security
function
rate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910189747.9A
Other languages
Chinese (zh)
Other versions
CN109902021B (en
Inventor
丁勉
姜强
胡云
汤志刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing State Shun Polytron Technologies Inc
Original Assignee
Beijing State Shun Polytron Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing State Shun Polytron Technologies Inc filed Critical Beijing State Shun Polytron Technologies Inc
Priority to CN201910189747.9A priority Critical patent/CN109902021B/en
Publication of CN109902021A publication Critical patent/CN109902021A/en
Application granted granted Critical
Publication of CN109902021B publication Critical patent/CN109902021B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the present invention provides a kind of information system security test quality evaluating method and system, and provided method includes: to obtain the test width of information system security test according to system function dot coverage in safety test and demand for security verifying rate;It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains the test depth of information system security test;According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security test quality evaluation.Method provided in an embodiment of the present invention, evaluation to information system security test, by the related data for choosing safety test, and the corresponding complexity of information system, safety test is assessed, the data of selection simply easily obtain, formula calculates simplicity, general enterprises can be quoted, guarantee the completeness of safety test, and tested by record security and threaten verification process, conventional security test is allowed to visualize.

Description

A kind of information system security test quality evaluating method and system
Technical field
The present embodiments relate to field of computer technology more particularly to a kind of information system security to test quality evaluation meter Calculate method and system.
Background technique
In Life Cycle of Information Systems, before information system is gone into operation, most of financial institutions can carry out one to information system Secondary online preceding safety test, with the safety of metrical information system.But with safety test work normalization, for safety The quality evaluation of test but none conscientiously available standard, the good and bad jumbled together for safety test effect, and part system is online in spite of illness, Enterprise is caused to generate economic loss because of system vulnerability.
As the supervision of information system security is increasingly stringenter, safety test work gradually normalization, part bank is protected The financial institutions such as danger, security have taken the mechanism of safety test " veto by one vote ", i.e., aiming at the problem that safety test is found, for Residue does not repair item, and it is online can to postpone information system by way of " veto by one vote ", it is seen that safety test is increasingly by weight Depending on.
In the prior art, it is usually evaluated from following element for the evaluation of safety test, (1) is from test Ability, technical capability of security service provider of personnel etc. carry out qualitative evaluation safety test quality;(2) high from safety test report Danger, middle danger, low danger loophole quantity evaluate safety test quality;(3) according to test function covering surface or common validating vulnerability rate To judge safety test quality.
However, in the prior art, conventional security test effect and testing time, the experience of tester, level of skill etc. All directly related, the method without complete set goes assessment test effect;Secondly, conventional needle manages safety test quality, Mostly set about from common validating vulnerability rate or functional coverage face, visual angle is unilateral and difference due to operation system function scene, it is difficult to It promotes;Further, the prior art lacks safety test quality evaluation theoretical direction, and safety test is uncontrollable.
Summary of the invention
The embodiment of the present invention provides a kind of information system security test quality evaluating method and system, to solve existing skill The problems such as safety test is uncontrollable in art, can not ensure test effect and completeness.
In a first aspect, the embodiment of the present invention provides a kind of information system security test quality evaluating method, comprising:
According to system function dot coverage in safety test and demand for security verifying rate, information system security test is obtained Test width;
It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains letter The test depth of breath system safety test;
According to the test width and the test depth, the complexity of combining information system calculates and obtains information system Safety test quality evaluation.
Second aspect, the embodiment of the present invention provide a kind of information system security test QA system, comprising:
Width computing module is tested, is used for according to system function dot coverage in safety test and demand for security verifying rate, Obtain the test width of information system security test;
Test depth computing module, for threatening investigation rate and edge service according to core business function in safety test Function threatens investigation rate, obtains the test depth of information system security test;
Evaluation module, for according to the test width and the test depth, the complexity of combining information system to be calculated It obtains information system security and tests quality evaluation.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory Computer program that is upper and can running on a processor, the processor are realized when executing described program such as above-mentioned first aspect institute The information system security of offer tests the step of quality evaluating method.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating Machine program realizes that the information system security as provided by above-mentioned first aspect tests matter when the computer program is executed by processor The step of measuring evaluation method.
Information system security test quality evaluating method provided in an embodiment of the present invention and system, by choosing safety test Related data and the corresponding complexity of information system, safety test is assessed, the data of selection simply easily obtain It taking, formula calculating simplicity, general enterprises can be quoted, meanwhile, from " function point ", " demand for security ", " security threat ", " system Complexity " four elements evaluate safety test quality, guarantee the completeness of safety test, and test and threaten by record security Verification process allows conventional security test to visualize.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram that the information system security that one embodiment of the invention provides tests quality evaluating method;
Fig. 2 is the safety test reliability evaluation model schematic diagram that one embodiment of the invention provides;
Fig. 3 is the structural schematic diagram that the information system security that one embodiment of the invention provides tests QA system;
Fig. 4 is the structural schematic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
With reference to Fig. 1, Fig. 1 is that the process for the information system security test quality evaluating method that one embodiment of the invention provides is shown It is intended to, provided method includes:
S1 obtains information system security and surveys according to system function dot coverage in safety test and demand for security verifying rate The test width of examination.
S2 threatens investigation rate and edge service function to threaten investigation rate, obtains according to core business function in safety test Take the test depth of information system safety test.
S3, according to the test width and the test depth, the complexity of combining information system calculates and obtains information system System safety test quality evaluation.
Specifically, being based on financial industry safety test big data, the present embodiment is commented from safety test Reliability assessment angle The quality of valence safety test is calculated the weight of each security factor, proposes following safety test by quoting analytic hierarchy process (AHP) Reliability assessment model:
Safety test reliability=1/ system complexity of test width * test depth *
According to above-mentioned formula, in information system security test quality evaluation, by the test for obtaining this safety test Width and test depth can calculate the reliability for obtaining safety test, wherein such as Fig. 2 institute further according to the complexity of system Show, Fig. 2 is the safety test reliability evaluation model schematic diagram that one embodiment of the invention provides, wherein test width passes through peace System function dot coverage and demand for security verifying rate, which calculate, in full test obtains;Test depth passes through core industry in safety test Function of being engaged in threatens investigation rate and edge service function that investigation rate is threatened to calculate and obtains.
System complexity passes through the access channel of information system, hierarchical protection grade, data sensitive degree, business continuance It is assessed with factors such as framework complexities.
Table 1 shows the evaluation point weight value range and weighted value of information system security test reliability.
Table 1
It is different according to being carried out in table 1 to every evaluation content in test width and test depth and system complexity Weight distribution is evaluated so as to the safety test reliability to information system, and then obtains information system security test Quality evaluation.
The related data for choosing safety test, Yi Jixin are passed through to the evaluation that information system security is tested by the method The corresponding complexity of breath system, assesses safety test, and the data of selection simply easily obtain, formula calculates simplicity, and one As enterprise can quote, meanwhile, from " function point ", " demand for security ", " security threat ", " system complexity " four elements evaluation Safety test quality, guarantees the completeness of safety test, and is tested by record security and threaten verification process, allows conventional security Test visualization.
On the basis of the above embodiments, described to be verified according to system function dot coverage in safety test and demand for security Rate, specifically includes: according to detection function in the information system the step of obtaining the test width of information system security test Whole function point quantity in the quantity and the information system of point calculates the function point covering obtained in the safety test Rate;According to whole demand for security quantity in demand for security quantity and the information system are had verified that in the information system, calculate Obtain the demand for security verifying rate in the safety test;According to the function dot coverage and the demand for security verifying rate, Calculate the test width for obtaining the safety test.
Specifically, verifying coverage rate of the main examination safety test of test width evaluation to demand for security, safety test pair The coverage rate of system function point, calculation are as follows:
Test width=function dot coverage * α1+ demand for security verifying rate * α2
Function dot coverage=(brake point quantity/system repertoire point quantity) * 100%.
Demand for security verifying rate=(having verified that demand for security quantity/system whole demand for security quantity) * 100%.
Wherein, α1And α2For weighted value, can be adjusted according to system actual conditions.
On the basis of the above embodiments, investigation rate and edge service are threatened according to core business function in safety test The step of function threatens investigation rate, obtains the test depth of information system security test, specifically includes: obtaining the safety test In, the information system core business function threatens investigation rate and edge service function to threaten investigation rate;According to the core industry Function of being engaged in threatens investigation rate and edge service function to threaten investigation rate, calculates the test depth obtained in the safety test.
Wherein, it obtains in the safety test, the information system core business function threatens investigation rate and edge service Function threatens the step of investigation rate to specifically include:
According to formula: core business function threatens investigation rate=(threat verifying quantity/core business of core business function 1 The threat threat verifying threat of quantity/core business function 2 of quantity+core business function 2 of function 1 quantity+...+core business function N threatens verifying quantity/core business function n to threaten quantity) * 100%/n, it calculates and obtains the information system core business function Threaten investigation rate.
According to formula: edge service function threatens investigation rate=(threat verifying quantity/edge service of edge service function 1 The threat of the function 1 quantity+threat verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function M threatens verifying quantity/edge service function m to threaten quantity) * 100%/m, it calculates and obtains the information system edge service function Threaten investigation rate;Wherein, m and n is positive integer.
Specifically, the depth of the main examination safety test of test depth evaluation, examination are directed to the investigation of system security threat Situation.Calculation is as follows:
Test depth=core business function threatens investigation rate * β1+ edge service function threatens investigation rate * β2
Core business function threatens investigation rate=(threat verifying threat of quantity/core business function 1 of core business function 1 The threat verifying threat of quantity/core business function 2 of quantity+core business function 2 quantity+...+core business function n threatens verifying Quantity/core business function n threatens quantity) * 100%/n.
Edge service function threatens investigation rate=(the threat verifying of the edge service function 1 quantity/threat of edge service function 1 Quantity+threat the verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function m threatens verifying Quantity/edge service function m threatens quantity) * 100%/m, it calculates and obtains the information system edge service function threat investigation Rate.Wherein, β1And β2For weighted value, can be adjusted according to information system actual conditions;M and n is positive integer.
On the basis of the above embodiments, described according to the test width and the test depth, combining information system Complexity, calculate obtain information system security test quality evaluation the step of, specifically include: according to formula: safety test can By degree=1/ system complexity of test width * test depth *, calculates and obtain information system security test reliability, according to described Information system security tests reliability and obtains the information system security test evaluation.
The method also includes: by the access channel of the information system, hierarchical protection rank, data sensitive degree, Business continuance and framework complexity calculate the system complexity for obtaining the information system.
Described the step of calculating the system complexity for obtaining the information system, specifically includes: according to formula: system complex Degree=access channel * γ1+ hierarchical protection rank * γ2+ data sensitive degree * γ3+ business continuance * γ4+ framework complexity * γ5, it calculates and obtains the information system complexity, in formula, γ1、γ2、γ3、γ4And γ5For weighted value.
Specifically, influence of the main examination operation system complexity of system complexity evaluation to safety test reliability, meter It is as follows to calculate formula:
System complexity=access channel * γ1+ hierarchical protection grade * γ2+ data sensitive degree * γ3+ business continuance * γ4+ framework complexity * γ5
Wherein, the difference of system access channel, the value-at-risk for resulting in the same security breaches is different, accesses channel value Principle is as shown in table 2:
Table 2
Access channel Value
Internet access 2.24
Intranet access 1.01
According to hierarchical protection grade separation, hierarchical protection level-one, second level, three-level, level Four are chosen as information system security Protection class grade scale, table 3 are hierarchical protection rank value principle:
Table 3
Hierarchical protection grade Value
Hierarchical protection level-one 1.01
Hierarchical protection second level 2.32
Hierarchical protection three-level 3.76
Hierarchical protection level Four 4.35
Data are divided into external disclosure, internal use, internal sensitive three ranks, data according to the access authority of data Sensitivity value principle is as shown in table 4:
Table 4
Data sensitive degree Value
External disclosure 0.67
Internal use 2.23
It is internal sensitive 3.45
Classification of the reference " supervision of commercial banking continuity is guided " to operation interrupt event, business continuance value are former Then as shown in table 5:
Table 5
Business continuance grade Value
Larger operation interrupt event 1.02
Great operation interrupt event 1.89
Especially big operation interrupt event 3.23
Framework complexity value principle is as shown in table 6:
Table 6
Type of architecture Value
Single application framework 0.81
Vertical applications framework 2.22
Distributed Application framework 3.12
Streaming application architecture 3.85
The problems such as by the method, solution current safety test is uncontrollable, can not ensure test effect and completeness.Pass through The reliability of information system security test is calculated, to evaluate the quality for information system security test, and then assesses information system The residual risk of system.
In another embodiment of the invention, it is illustrated with project A and project B, before the test begins, it is desirable that project A and item Mesh B tester requires according to the present embodiment, records test function point, records core business function and non-core services respectively Function threatens verification process, the contents such as demand for security verification result and corresponding business function, and is finally submitted in the form of report, It is reported by assessment item A and project B safety test, final result is as shown in table 7:
Table 7
The apparent project A and project B that reflects of result above tests the gap of quality, but is not included in the model Tester tests experience, horizontal consideration, because the experience of people, level are irregular, it is difficult to consider, so finally also needing Increase an additional conditions, exactly before project starts, tested unit needs that tester is arranged admission control, examination test Experience, technical capability of personnel etc., to ensure that safety test meets minimum security requirement.
With reference to Fig. 3, Fig. 3 is that the structure for the information system security test QA system that one embodiment of the invention provides is shown It is intended to, provided system includes: test width computing module 31, test depth computing module 32 and evaluation module 33.
Wherein, test width computing module 31 according to system function dot coverage and demand for security in safety test for testing Card rate obtains the test width of information system security test;
Test depth computing module 32 is used to threaten investigation rate and edge industry according to core business function in safety test Function of being engaged in threatens investigation rate, obtains the test depth of information system security test;
Evaluation module 33 is used for according to the test width and the test depth, the complexity of combining information system, meter It calculates and obtains information system security test quality evaluation.
Information system security provided in an embodiment of the present invention tests QA system, specifically executes above-mentioned each information system It is real please to be specifically detailed in above-mentioned each information system security test quality evaluating method for safety test quality evaluating method embodiment process The content of example is applied, details are not described herein.
System provided in an embodiment of the present invention, the evaluation to information system security test, by the phase for choosing safety test Data and the corresponding complexity of information system are closed, safety test is assessed, the data of selection simply easily obtain, is public Formula calculates simplicity, and general enterprises can be quoted, meanwhile, from " function point ", " demand for security ", " security threat ", " system complex Degree " four elements evaluate safety test quality, guarantee the completeness of safety test, and test by record security and threaten verifying Process allows conventional security test to visualize.
Fig. 4 illustrates the structural schematic diagram of a kind of electronic equipment, as shown in figure 4, the server may include: processor (processor) 410, communication interface (Communications Interface) 420, memory (memory) 430 and bus 440, wherein processor 410, communication interface 420, memory 430 complete mutual communication by bus 440.Communication interface 440 can be used for the information transmission between server and smart television.Processor 410 can call the logic in memory 430 Instruction, to execute following method: according to system function dot coverage in safety test and demand for security verifying rate, obtaining information system The test width of system safety test;Investigation rate and edge service function is threatened to threaten according to core business function in safety test Investigation rate obtains the test depth of information system security test;According to the test width and the test depth, combining information The complexity of system calculates and obtains information system security test quality evaluation.
The present embodiment also provides a kind of computer program product, and the computer program product includes being stored in non-transient meter Computer program on calculation machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is counted When calculation machine executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, according in safety test System function dot coverage and demand for security verifying rate obtain the test width of information system security test;According to safety test Middle core business function threatens investigation rate and edge service function to threaten investigation rate, obtains the test of information system security test Depth;According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security Test quality evaluation.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment, example It such as include: that information system security test is obtained according to system function dot coverage in safety test and demand for security verifying rate Test width;It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains The test depth of information system security test;According to the test width and the test depth, the complexity of combining information system Degree calculates and obtains information system security test quality evaluation.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member It is physically separated with being or may not be, component shown as a unit may or may not be physics list Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of information system security tests quality evaluating method characterized by comprising
According to system function dot coverage in safety test and demand for security verifying rate, the test of information system security test is obtained Width;
It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains information system The test depth of system safety test;
According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security Test quality evaluation.
2. the method according to claim 1, wherein it is described according to system function dot coverage in safety test and It the step of demand for security verifying rate, the test width of acquisition information system security test, specifically includes:
According to function point quantity whole in the quantity and the information system of detection function point in the information system, calculate Obtain the function dot coverage in the safety test;
According to whole demand for security quantity in demand for security quantity and the information system are had verified that in the information system, calculate Obtain the demand for security verifying rate in the safety test;
According to the function dot coverage and the demand for security verifying rate, the test width for obtaining the safety test is calculated.
3. the method according to claim 1, wherein described threaten row according to core business function in safety test The step of looking into rate and edge service function threatens investigation rate, obtaining the test depth of information system security test, specifically includes:
It obtains in the safety test, the information system core business function threatens investigation rate and edge service function to threaten row Look into rate;
It threatens investigation rate and edge service function to threaten investigation rate according to the core business function, calculates the acquisition safety and survey Test depth in examination.
4. according to the method described in claim 3, it is characterized in that, described obtain in the safety test, the information system The step of core business function threatens investigation rate and edge service function to threaten investigation rate specifically includes:
According to formula: core business function threatens investigation rate=(threat verifying quantity/core business function 1 of core business function 1 The threat threat verifying threat of quantity/core business function 2 of quantity+core business function 2 quantity+...+core business function n is threatened Verify quantity/core business function n and threaten quantity) * 100%/n, it calculates and obtains the information system core business function threat Investigation rate;
According to formula: edge service function threatens investigation rate=(threat verifying quantity/edge service function 1 of edge service function 1 Threat quantity+threat the verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function m is threatened Verify quantity/edge service function m and threaten quantity) * 100%/m, it calculates and obtains the information system edge service function threat Investigation rate;
Wherein, m and n is positive integer.
5. the method according to claim 1, wherein described according to the test width and the test depth, The complexity of combining information system calculates the step of obtaining information system security test quality evaluation, specifically includes:
According to formula: safety test reliability=1/ system complexity of test width * test depth * calculates and obtains information system Safety test reliability tests reliability according to the information system security and obtains the information system security test evaluation.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
It is complicated by the access channel of the information system, hierarchical protection rank, data sensitive degree, business continuance and framework Degree calculates the system complexity for obtaining the information system.
7. according to the method described in claim 6, it is characterized in that, described calculate the system complexity for obtaining the information system The step of specifically include:
According to formula: system complexity=access channel * γ1+ hierarchical protection rank * γ2+ data sensitive degree * γ3+ business connects Continuous property * γ4+ framework complexity * γ5, it calculates and obtains the information system complexity, in formula, γ1、γ2、γ3、γ4And γ5For Weighted value.
8. a kind of information system security tests QA system characterized by comprising
Width computing module is tested, for obtaining according to system function dot coverage in safety test and demand for security verifying rate The test width of information system security test;
Test depth computing module, for threatening investigation rate and edge service function according to core business function in safety test Investigation rate is threatened, the test depth of information system security test is obtained;
Evaluation module, for according to the test width and the test depth, the complexity of combining information system to be calculated and obtained Information system security tests quality evaluation.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor Machine program, which is characterized in that the processor realizes the information system as described in any one of claim 1 to 7 when executing described program The step of system safety test quality evaluating method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer Realizing the information system security test quality evaluating method as described in any one of claim 1 to 7 when program is executed by processor Step.
CN201910189747.9A 2019-03-13 2019-03-13 Information system safety test quality evaluation method and system Active CN109902021B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910189747.9A CN109902021B (en) 2019-03-13 2019-03-13 Information system safety test quality evaluation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910189747.9A CN109902021B (en) 2019-03-13 2019-03-13 Information system safety test quality evaluation method and system

Publications (2)

Publication Number Publication Date
CN109902021A true CN109902021A (en) 2019-06-18
CN109902021B CN109902021B (en) 2021-03-02

Family

ID=66952139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910189747.9A Active CN109902021B (en) 2019-03-13 2019-03-13 Information system safety test quality evaluation method and system

Country Status (1)

Country Link
CN (1) CN109902021B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110377518A (en) * 2019-07-17 2019-10-25 招商银行股份有限公司 Whole process scan method, device, equipment and readable storage medium storing program for executing
CN110851344A (en) * 2019-09-17 2020-02-28 恒生电子股份有限公司 Big data testing method and device based on computational formula complexity and electronic equipment
CN110908912A (en) * 2019-11-25 2020-03-24 中国人寿保险股份有限公司 Software security threat analysis method and system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100898748B1 (en) * 2007-08-01 2009-05-25 한국철도기술연구원 Testing method for software safety evaluation of train control system
CN101493870A (en) * 2008-12-17 2009-07-29 武汉大学 Credible platform module test device
CN101604288A (en) * 2009-07-10 2009-12-16 北京航空航天大学 A kind of method for evaluating software quality based on test data
CN101950271A (en) * 2010-10-22 2011-01-19 中国人民解放军理工大学 Modeling technology-based software security test method
WO2017108924A1 (en) * 2015-12-21 2017-06-29 Safran Electronics & Defense Method for detecting computer module testability problems
CN107797929A (en) * 2017-10-26 2018-03-13 北京广利核系统工程有限公司 The statistical method and device of FPGA emulation testing function coverage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100898748B1 (en) * 2007-08-01 2009-05-25 한국철도기술연구원 Testing method for software safety evaluation of train control system
CN101493870A (en) * 2008-12-17 2009-07-29 武汉大学 Credible platform module test device
CN101604288A (en) * 2009-07-10 2009-12-16 北京航空航天大学 A kind of method for evaluating software quality based on test data
CN101950271A (en) * 2010-10-22 2011-01-19 中国人民解放军理工大学 Modeling technology-based software security test method
WO2017108924A1 (en) * 2015-12-21 2017-06-29 Safran Electronics & Defense Method for detecting computer module testability problems
CN107797929A (en) * 2017-10-26 2018-03-13 北京广利核系统工程有限公司 The statistical method and device of FPGA emulation testing function coverage

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110377518A (en) * 2019-07-17 2019-10-25 招商银行股份有限公司 Whole process scan method, device, equipment and readable storage medium storing program for executing
CN110377518B (en) * 2019-07-17 2023-07-25 招商银行股份有限公司 Full-flow scanning method, device, equipment and readable storage medium
CN110851344A (en) * 2019-09-17 2020-02-28 恒生电子股份有限公司 Big data testing method and device based on computational formula complexity and electronic equipment
CN110851344B (en) * 2019-09-17 2023-09-08 恒生电子股份有限公司 Big data testing method and device based on complexity of calculation formula and electronic equipment
CN110908912A (en) * 2019-11-25 2020-03-24 中国人寿保险股份有限公司 Software security threat analysis method and system
CN110908912B (en) * 2019-11-25 2023-11-21 中国人寿保险股份有限公司 Software security threat analysis method and system

Also Published As

Publication number Publication date
CN109902021B (en) 2021-03-02

Similar Documents

Publication Publication Date Title
Dahen et al. Scaling models for the severity and frequency of external operational loss data
US10445496B2 (en) Product risk profile
CN109902021A (en) A kind of information system security test quality evaluating method and system
Lis et al. Cyberattacks on critical infrastructure: An economic perspective
Ioana STUDY REGARDING THE IMPACT OF THE AUDIT COMMITTEE CHARACTERISTICS ON COMPANY PERFORMANCE.
Al-Okaily et al. Information technology governance and online banking in Bahrain
US20220188828A1 (en) Transaction generation for analytics evaluation
CN113095931A (en) Post-loan risk monitoring method and device and computer equipment
Legowo et al. Risk management; risk assessment of information technology security system at bank using ISO 27001
Kattai Credit risk model for the Estonian banking sector
Milenia et al. Analysis of the effect of sharia compliance and islamic corporate governance on fraud in islamic banks in Indonesia 2017-2019
US10771347B2 (en) Method, apparatus, and computer-readable medium for data breach simulation and impact analysis in a computer network
Dobolyi et al. Modeling consumer-perceived web application fault severities for testing
Komoto et al. Assessing business processes by checking transaction documents for inconsistency risks
Afgan Resilience of company management system
Ekananda Misinvoicing analysis in ASEAN-China free trade agreement (ACFTA)
Suroso et al. Risk Management of Debtor Information System At Bank XYZ Using OCTAVE Allegro Method
Anghelache et al. „Operational risk–an assessment at international level‟
Dewi et al. Factors influencing the effectiveness of credit card fraud prevention in Indonesian issuing banks
Douthett Jr et al. The association between auditor size and bank regulator ratings
Cao et al. Modeling Inverse Demand Function with Explainable Dual Neural Networks
Lin et al. The optimal operational risk capital requirement by applying the advanced measurement approach
Tum Continuous Audit: From the concept towards the implementation
DOMNIŞORU et al. AUDITOR INDEPENDENCE, AUDIT COMMITTEE QUALITY AND INTERNAL CONTROL WEAKNESSES.
RAHMANI et al. TRUST BASED SECURITY MODEL FOR CLOUD SYSTEMS IN AN ORGANIZATION

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant