CN109902021A - A kind of information system security test quality evaluating method and system - Google Patents
A kind of information system security test quality evaluating method and system Download PDFInfo
- Publication number
- CN109902021A CN109902021A CN201910189747.9A CN201910189747A CN109902021A CN 109902021 A CN109902021 A CN 109902021A CN 201910189747 A CN201910189747 A CN 201910189747A CN 109902021 A CN109902021 A CN 109902021A
- Authority
- CN
- China
- Prior art keywords
- test
- information system
- security
- function
- rate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the present invention provides a kind of information system security test quality evaluating method and system, and provided method includes: to obtain the test width of information system security test according to system function dot coverage in safety test and demand for security verifying rate;It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains the test depth of information system security test;According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security test quality evaluation.Method provided in an embodiment of the present invention, evaluation to information system security test, by the related data for choosing safety test, and the corresponding complexity of information system, safety test is assessed, the data of selection simply easily obtain, formula calculates simplicity, general enterprises can be quoted, guarantee the completeness of safety test, and tested by record security and threaten verification process, conventional security test is allowed to visualize.
Description
Technical field
The present embodiments relate to field of computer technology more particularly to a kind of information system security to test quality evaluation meter
Calculate method and system.
Background technique
In Life Cycle of Information Systems, before information system is gone into operation, most of financial institutions can carry out one to information system
Secondary online preceding safety test, with the safety of metrical information system.But with safety test work normalization, for safety
The quality evaluation of test but none conscientiously available standard, the good and bad jumbled together for safety test effect, and part system is online in spite of illness,
Enterprise is caused to generate economic loss because of system vulnerability.
As the supervision of information system security is increasingly stringenter, safety test work gradually normalization, part bank is protected
The financial institutions such as danger, security have taken the mechanism of safety test " veto by one vote ", i.e., aiming at the problem that safety test is found, for
Residue does not repair item, and it is online can to postpone information system by way of " veto by one vote ", it is seen that safety test is increasingly by weight
Depending on.
In the prior art, it is usually evaluated from following element for the evaluation of safety test, (1) is from test
Ability, technical capability of security service provider of personnel etc. carry out qualitative evaluation safety test quality;(2) high from safety test report
Danger, middle danger, low danger loophole quantity evaluate safety test quality;(3) according to test function covering surface or common validating vulnerability rate
To judge safety test quality.
However, in the prior art, conventional security test effect and testing time, the experience of tester, level of skill etc.
All directly related, the method without complete set goes assessment test effect;Secondly, conventional needle manages safety test quality,
Mostly set about from common validating vulnerability rate or functional coverage face, visual angle is unilateral and difference due to operation system function scene, it is difficult to
It promotes;Further, the prior art lacks safety test quality evaluation theoretical direction, and safety test is uncontrollable.
Summary of the invention
The embodiment of the present invention provides a kind of information system security test quality evaluating method and system, to solve existing skill
The problems such as safety test is uncontrollable in art, can not ensure test effect and completeness.
In a first aspect, the embodiment of the present invention provides a kind of information system security test quality evaluating method, comprising:
According to system function dot coverage in safety test and demand for security verifying rate, information system security test is obtained
Test width;
It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains letter
The test depth of breath system safety test;
According to the test width and the test depth, the complexity of combining information system calculates and obtains information system
Safety test quality evaluation.
Second aspect, the embodiment of the present invention provide a kind of information system security test QA system, comprising:
Width computing module is tested, is used for according to system function dot coverage in safety test and demand for security verifying rate,
Obtain the test width of information system security test;
Test depth computing module, for threatening investigation rate and edge service according to core business function in safety test
Function threatens investigation rate, obtains the test depth of information system security test;
Evaluation module, for according to the test width and the test depth, the complexity of combining information system to be calculated
It obtains information system security and tests quality evaluation.
The third aspect, the embodiment of the present invention provides a kind of electronic equipment, including memory, processor and is stored in memory
Computer program that is upper and can running on a processor, the processor are realized when executing described program such as above-mentioned first aspect institute
The information system security of offer tests the step of quality evaluating method.
Fourth aspect, the embodiment of the present invention provide a kind of non-transient computer readable storage medium, are stored thereon with calculating
Machine program realizes that the information system security as provided by above-mentioned first aspect tests matter when the computer program is executed by processor
The step of measuring evaluation method.
Information system security test quality evaluating method provided in an embodiment of the present invention and system, by choosing safety test
Related data and the corresponding complexity of information system, safety test is assessed, the data of selection simply easily obtain
It taking, formula calculating simplicity, general enterprises can be quoted, meanwhile, from " function point ", " demand for security ", " security threat ", " system
Complexity " four elements evaluate safety test quality, guarantee the completeness of safety test, and test and threaten by record security
Verification process allows conventional security test to visualize.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram that the information system security that one embodiment of the invention provides tests quality evaluating method;
Fig. 2 is the safety test reliability evaluation model schematic diagram that one embodiment of the invention provides;
Fig. 3 is the structural schematic diagram that the information system security that one embodiment of the invention provides tests QA system;
Fig. 4 is the structural schematic diagram for the electronic equipment that one embodiment of the invention provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
With reference to Fig. 1, Fig. 1 is that the process for the information system security test quality evaluating method that one embodiment of the invention provides is shown
It is intended to, provided method includes:
S1 obtains information system security and surveys according to system function dot coverage in safety test and demand for security verifying rate
The test width of examination.
S2 threatens investigation rate and edge service function to threaten investigation rate, obtains according to core business function in safety test
Take the test depth of information system safety test.
S3, according to the test width and the test depth, the complexity of combining information system calculates and obtains information system
System safety test quality evaluation.
Specifically, being based on financial industry safety test big data, the present embodiment is commented from safety test Reliability assessment angle
The quality of valence safety test is calculated the weight of each security factor, proposes following safety test by quoting analytic hierarchy process (AHP)
Reliability assessment model:
Safety test reliability=1/ system complexity of test width * test depth *
According to above-mentioned formula, in information system security test quality evaluation, by the test for obtaining this safety test
Width and test depth can calculate the reliability for obtaining safety test, wherein such as Fig. 2 institute further according to the complexity of system
Show, Fig. 2 is the safety test reliability evaluation model schematic diagram that one embodiment of the invention provides, wherein test width passes through peace
System function dot coverage and demand for security verifying rate, which calculate, in full test obtains;Test depth passes through core industry in safety test
Function of being engaged in threatens investigation rate and edge service function that investigation rate is threatened to calculate and obtains.
System complexity passes through the access channel of information system, hierarchical protection grade, data sensitive degree, business continuance
It is assessed with factors such as framework complexities.
Table 1 shows the evaluation point weight value range and weighted value of information system security test reliability.
Table 1
It is different according to being carried out in table 1 to every evaluation content in test width and test depth and system complexity
Weight distribution is evaluated so as to the safety test reliability to information system, and then obtains information system security test
Quality evaluation.
The related data for choosing safety test, Yi Jixin are passed through to the evaluation that information system security is tested by the method
The corresponding complexity of breath system, assesses safety test, and the data of selection simply easily obtain, formula calculates simplicity, and one
As enterprise can quote, meanwhile, from " function point ", " demand for security ", " security threat ", " system complexity " four elements evaluation
Safety test quality, guarantees the completeness of safety test, and is tested by record security and threaten verification process, allows conventional security
Test visualization.
On the basis of the above embodiments, described to be verified according to system function dot coverage in safety test and demand for security
Rate, specifically includes: according to detection function in the information system the step of obtaining the test width of information system security test
Whole function point quantity in the quantity and the information system of point calculates the function point covering obtained in the safety test
Rate;According to whole demand for security quantity in demand for security quantity and the information system are had verified that in the information system, calculate
Obtain the demand for security verifying rate in the safety test;According to the function dot coverage and the demand for security verifying rate,
Calculate the test width for obtaining the safety test.
Specifically, verifying coverage rate of the main examination safety test of test width evaluation to demand for security, safety test pair
The coverage rate of system function point, calculation are as follows:
Test width=function dot coverage * α1+ demand for security verifying rate * α2。
Function dot coverage=(brake point quantity/system repertoire point quantity) * 100%.
Demand for security verifying rate=(having verified that demand for security quantity/system whole demand for security quantity) * 100%.
Wherein, α1And α2For weighted value, can be adjusted according to system actual conditions.
On the basis of the above embodiments, investigation rate and edge service are threatened according to core business function in safety test
The step of function threatens investigation rate, obtains the test depth of information system security test, specifically includes: obtaining the safety test
In, the information system core business function threatens investigation rate and edge service function to threaten investigation rate;According to the core industry
Function of being engaged in threatens investigation rate and edge service function to threaten investigation rate, calculates the test depth obtained in the safety test.
Wherein, it obtains in the safety test, the information system core business function threatens investigation rate and edge service
Function threatens the step of investigation rate to specifically include:
According to formula: core business function threatens investigation rate=(threat verifying quantity/core business of core business function 1
The threat threat verifying threat of quantity/core business function 2 of quantity+core business function 2 of function 1 quantity+...+core business function
N threatens verifying quantity/core business function n to threaten quantity) * 100%/n, it calculates and obtains the information system core business function
Threaten investigation rate.
According to formula: edge service function threatens investigation rate=(threat verifying quantity/edge service of edge service function 1
The threat of the function 1 quantity+threat verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function
M threatens verifying quantity/edge service function m to threaten quantity) * 100%/m, it calculates and obtains the information system edge service function
Threaten investigation rate;Wherein, m and n is positive integer.
Specifically, the depth of the main examination safety test of test depth evaluation, examination are directed to the investigation of system security threat
Situation.Calculation is as follows:
Test depth=core business function threatens investigation rate * β1+ edge service function threatens investigation rate * β2
Core business function threatens investigation rate=(threat verifying threat of quantity/core business function 1 of core business function 1
The threat verifying threat of quantity/core business function 2 of quantity+core business function 2 quantity+...+core business function n threatens verifying
Quantity/core business function n threatens quantity) * 100%/n.
Edge service function threatens investigation rate=(the threat verifying of the edge service function 1 quantity/threat of edge service function 1
Quantity+threat the verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function m threatens verifying
Quantity/edge service function m threatens quantity) * 100%/m, it calculates and obtains the information system edge service function threat investigation
Rate.Wherein, β1And β2For weighted value, can be adjusted according to information system actual conditions;M and n is positive integer.
On the basis of the above embodiments, described according to the test width and the test depth, combining information system
Complexity, calculate obtain information system security test quality evaluation the step of, specifically include: according to formula: safety test can
By degree=1/ system complexity of test width * test depth *, calculates and obtain information system security test reliability, according to described
Information system security tests reliability and obtains the information system security test evaluation.
The method also includes: by the access channel of the information system, hierarchical protection rank, data sensitive degree,
Business continuance and framework complexity calculate the system complexity for obtaining the information system.
Described the step of calculating the system complexity for obtaining the information system, specifically includes: according to formula: system complex
Degree=access channel * γ1+ hierarchical protection rank * γ2+ data sensitive degree * γ3+ business continuance * γ4+ framework complexity *
γ5, it calculates and obtains the information system complexity, in formula, γ1、γ2、γ3、γ4And γ5For weighted value.
Specifically, influence of the main examination operation system complexity of system complexity evaluation to safety test reliability, meter
It is as follows to calculate formula:
System complexity=access channel * γ1+ hierarchical protection grade * γ2+ data sensitive degree * γ3+ business continuance *
γ4+ framework complexity * γ5
Wherein, the difference of system access channel, the value-at-risk for resulting in the same security breaches is different, accesses channel value
Principle is as shown in table 2:
Table 2
Access channel | Value |
Internet access | 2.24 |
Intranet access | 1.01 |
According to hierarchical protection grade separation, hierarchical protection level-one, second level, three-level, level Four are chosen as information system security
Protection class grade scale, table 3 are hierarchical protection rank value principle:
Table 3
Hierarchical protection grade | Value |
Hierarchical protection level-one | 1.01 |
Hierarchical protection second level | 2.32 |
Hierarchical protection three-level | 3.76 |
Hierarchical protection level Four | 4.35 |
Data are divided into external disclosure, internal use, internal sensitive three ranks, data according to the access authority of data
Sensitivity value principle is as shown in table 4:
Table 4
Data sensitive degree | Value |
External disclosure | 0.67 |
Internal use | 2.23 |
It is internal sensitive | 3.45 |
Classification of the reference " supervision of commercial banking continuity is guided " to operation interrupt event, business continuance value are former
Then as shown in table 5:
Table 5
Business continuance grade | Value |
Larger operation interrupt event | 1.02 |
Great operation interrupt event | 1.89 |
Especially big operation interrupt event | 3.23 |
Framework complexity value principle is as shown in table 6:
Table 6
Type of architecture | Value |
Single application framework | 0.81 |
Vertical applications framework | 2.22 |
Distributed Application framework | 3.12 |
Streaming application architecture | 3.85 |
The problems such as by the method, solution current safety test is uncontrollable, can not ensure test effect and completeness.Pass through
The reliability of information system security test is calculated, to evaluate the quality for information system security test, and then assesses information system
The residual risk of system.
In another embodiment of the invention, it is illustrated with project A and project B, before the test begins, it is desirable that project A and item
Mesh B tester requires according to the present embodiment, records test function point, records core business function and non-core services respectively
Function threatens verification process, the contents such as demand for security verification result and corresponding business function, and is finally submitted in the form of report,
It is reported by assessment item A and project B safety test, final result is as shown in table 7:
Table 7
The apparent project A and project B that reflects of result above tests the gap of quality, but is not included in the model
Tester tests experience, horizontal consideration, because the experience of people, level are irregular, it is difficult to consider, so finally also needing
Increase an additional conditions, exactly before project starts, tested unit needs that tester is arranged admission control, examination test
Experience, technical capability of personnel etc., to ensure that safety test meets minimum security requirement.
With reference to Fig. 3, Fig. 3 is that the structure for the information system security test QA system that one embodiment of the invention provides is shown
It is intended to, provided system includes: test width computing module 31, test depth computing module 32 and evaluation module 33.
Wherein, test width computing module 31 according to system function dot coverage and demand for security in safety test for testing
Card rate obtains the test width of information system security test;
Test depth computing module 32 is used to threaten investigation rate and edge industry according to core business function in safety test
Function of being engaged in threatens investigation rate, obtains the test depth of information system security test;
Evaluation module 33 is used for according to the test width and the test depth, the complexity of combining information system, meter
It calculates and obtains information system security test quality evaluation.
Information system security provided in an embodiment of the present invention tests QA system, specifically executes above-mentioned each information system
It is real please to be specifically detailed in above-mentioned each information system security test quality evaluating method for safety test quality evaluating method embodiment process
The content of example is applied, details are not described herein.
System provided in an embodiment of the present invention, the evaluation to information system security test, by the phase for choosing safety test
Data and the corresponding complexity of information system are closed, safety test is assessed, the data of selection simply easily obtain, is public
Formula calculates simplicity, and general enterprises can be quoted, meanwhile, from " function point ", " demand for security ", " security threat ", " system complex
Degree " four elements evaluate safety test quality, guarantee the completeness of safety test, and test by record security and threaten verifying
Process allows conventional security test to visualize.
Fig. 4 illustrates the structural schematic diagram of a kind of electronic equipment, as shown in figure 4, the server may include: processor
(processor) 410, communication interface (Communications Interface) 420, memory (memory) 430 and bus
440, wherein processor 410, communication interface 420, memory 430 complete mutual communication by bus 440.Communication interface
440 can be used for the information transmission between server and smart television.Processor 410 can call the logic in memory 430
Instruction, to execute following method: according to system function dot coverage in safety test and demand for security verifying rate, obtaining information system
The test width of system safety test;Investigation rate and edge service function is threatened to threaten according to core business function in safety test
Investigation rate obtains the test depth of information system security test;According to the test width and the test depth, combining information
The complexity of system calculates and obtains information system security test quality evaluation.
The present embodiment also provides a kind of computer program product, and the computer program product includes being stored in non-transient meter
Computer program on calculation machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is counted
When calculation machine executes, computer is able to carry out method provided by above-mentioned each method embodiment, for example, according in safety test
System function dot coverage and demand for security verifying rate obtain the test width of information system security test;According to safety test
Middle core business function threatens investigation rate and edge service function to threaten investigation rate, obtains the test of information system security test
Depth;According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security
Test quality evaluation.
The present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer readable storage medium
Computer instruction is stored, the computer instruction makes the computer execute method provided by above-mentioned each method embodiment, example
It such as include: that information system security test is obtained according to system function dot coverage in safety test and demand for security verifying rate
Test width;It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains
The test depth of information system security test;According to the test width and the test depth, the complexity of combining information system
Degree calculates and obtains information system security test quality evaluation.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (10)
1. a kind of information system security tests quality evaluating method characterized by comprising
According to system function dot coverage in safety test and demand for security verifying rate, the test of information system security test is obtained
Width;
It threatens investigation rate and edge service function to threaten investigation rate according to core business function in safety test, obtains information system
The test depth of system safety test;
According to the test width and the test depth, the complexity of combining information system calculates and obtains information system security
Test quality evaluation.
2. the method according to claim 1, wherein it is described according to system function dot coverage in safety test and
It the step of demand for security verifying rate, the test width of acquisition information system security test, specifically includes:
According to function point quantity whole in the quantity and the information system of detection function point in the information system, calculate
Obtain the function dot coverage in the safety test;
According to whole demand for security quantity in demand for security quantity and the information system are had verified that in the information system, calculate
Obtain the demand for security verifying rate in the safety test;
According to the function dot coverage and the demand for security verifying rate, the test width for obtaining the safety test is calculated.
3. the method according to claim 1, wherein described threaten row according to core business function in safety test
The step of looking into rate and edge service function threatens investigation rate, obtaining the test depth of information system security test, specifically includes:
It obtains in the safety test, the information system core business function threatens investigation rate and edge service function to threaten row
Look into rate;
It threatens investigation rate and edge service function to threaten investigation rate according to the core business function, calculates the acquisition safety and survey
Test depth in examination.
4. according to the method described in claim 3, it is characterized in that, described obtain in the safety test, the information system
The step of core business function threatens investigation rate and edge service function to threaten investigation rate specifically includes:
According to formula: core business function threatens investigation rate=(threat verifying quantity/core business function 1 of core business function 1
The threat threat verifying threat of quantity/core business function 2 of quantity+core business function 2 quantity+...+core business function n is threatened
Verify quantity/core business function n and threaten quantity) * 100%/n, it calculates and obtains the information system core business function threat
Investigation rate;
According to formula: edge service function threatens investigation rate=(threat verifying quantity/edge service function 1 of edge service function 1
Threat quantity+threat the verifying of the edge service function 2 quantity/threat of edge service function 2 quantity+...+edge service function m is threatened
Verify quantity/edge service function m and threaten quantity) * 100%/m, it calculates and obtains the information system edge service function threat
Investigation rate;
Wherein, m and n is positive integer.
5. the method according to claim 1, wherein described according to the test width and the test depth,
The complexity of combining information system calculates the step of obtaining information system security test quality evaluation, specifically includes:
According to formula: safety test reliability=1/ system complexity of test width * test depth * calculates and obtains information system
Safety test reliability tests reliability according to the information system security and obtains the information system security test evaluation.
6. according to the method described in claim 5, it is characterized in that, the method also includes:
It is complicated by the access channel of the information system, hierarchical protection rank, data sensitive degree, business continuance and framework
Degree calculates the system complexity for obtaining the information system.
7. according to the method described in claim 6, it is characterized in that, described calculate the system complexity for obtaining the information system
The step of specifically include:
According to formula: system complexity=access channel * γ1+ hierarchical protection rank * γ2+ data sensitive degree * γ3+ business connects
Continuous property * γ4+ framework complexity * γ5, it calculates and obtains the information system complexity, in formula, γ1、γ2、γ3、γ4And γ5For
Weighted value.
8. a kind of information system security tests QA system characterized by comprising
Width computing module is tested, for obtaining according to system function dot coverage in safety test and demand for security verifying rate
The test width of information system security test;
Test depth computing module, for threatening investigation rate and edge service function according to core business function in safety test
Investigation rate is threatened, the test depth of information system security test is obtained;
Evaluation module, for according to the test width and the test depth, the complexity of combining information system to be calculated and obtained
Information system security tests quality evaluation.
9. a kind of electronic equipment including memory, processor and stores the calculating that can be run on a memory and on a processor
Machine program, which is characterized in that the processor realizes the information system as described in any one of claim 1 to 7 when executing described program
The step of system safety test quality evaluating method.
10. a kind of non-transient computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer
Realizing the information system security test quality evaluating method as described in any one of claim 1 to 7 when program is executed by processor
Step.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910189747.9A CN109902021B (en) | 2019-03-13 | 2019-03-13 | Information system safety test quality evaluation method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910189747.9A CN109902021B (en) | 2019-03-13 | 2019-03-13 | Information system safety test quality evaluation method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109902021A true CN109902021A (en) | 2019-06-18 |
CN109902021B CN109902021B (en) | 2021-03-02 |
Family
ID=66952139
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910189747.9A Active CN109902021B (en) | 2019-03-13 | 2019-03-13 | Information system safety test quality evaluation method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109902021B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110377518A (en) * | 2019-07-17 | 2019-10-25 | 招商银行股份有限公司 | Whole process scan method, device, equipment and readable storage medium storing program for executing |
CN110851344A (en) * | 2019-09-17 | 2020-02-28 | 恒生电子股份有限公司 | Big data testing method and device based on computational formula complexity and electronic equipment |
CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100898748B1 (en) * | 2007-08-01 | 2009-05-25 | 한국철도기술연구원 | Testing method for software safety evaluation of train control system |
CN101493870A (en) * | 2008-12-17 | 2009-07-29 | 武汉大学 | Credible platform module test device |
CN101604288A (en) * | 2009-07-10 | 2009-12-16 | 北京航空航天大学 | A kind of method for evaluating software quality based on test data |
CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
WO2017108924A1 (en) * | 2015-12-21 | 2017-06-29 | Safran Electronics & Defense | Method for detecting computer module testability problems |
CN107797929A (en) * | 2017-10-26 | 2018-03-13 | 北京广利核系统工程有限公司 | The statistical method and device of FPGA emulation testing function coverage |
-
2019
- 2019-03-13 CN CN201910189747.9A patent/CN109902021B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100898748B1 (en) * | 2007-08-01 | 2009-05-25 | 한국철도기술연구원 | Testing method for software safety evaluation of train control system |
CN101493870A (en) * | 2008-12-17 | 2009-07-29 | 武汉大学 | Credible platform module test device |
CN101604288A (en) * | 2009-07-10 | 2009-12-16 | 北京航空航天大学 | A kind of method for evaluating software quality based on test data |
CN101950271A (en) * | 2010-10-22 | 2011-01-19 | 中国人民解放军理工大学 | Modeling technology-based software security test method |
WO2017108924A1 (en) * | 2015-12-21 | 2017-06-29 | Safran Electronics & Defense | Method for detecting computer module testability problems |
CN107797929A (en) * | 2017-10-26 | 2018-03-13 | 北京广利核系统工程有限公司 | The statistical method and device of FPGA emulation testing function coverage |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110377518A (en) * | 2019-07-17 | 2019-10-25 | 招商银行股份有限公司 | Whole process scan method, device, equipment and readable storage medium storing program for executing |
CN110377518B (en) * | 2019-07-17 | 2023-07-25 | 招商银行股份有限公司 | Full-flow scanning method, device, equipment and readable storage medium |
CN110851344A (en) * | 2019-09-17 | 2020-02-28 | 恒生电子股份有限公司 | Big data testing method and device based on computational formula complexity and electronic equipment |
CN110851344B (en) * | 2019-09-17 | 2023-09-08 | 恒生电子股份有限公司 | Big data testing method and device based on complexity of calculation formula and electronic equipment |
CN110908912A (en) * | 2019-11-25 | 2020-03-24 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
CN110908912B (en) * | 2019-11-25 | 2023-11-21 | 中国人寿保险股份有限公司 | Software security threat analysis method and system |
Also Published As
Publication number | Publication date |
---|---|
CN109902021B (en) | 2021-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Dahen et al. | Scaling models for the severity and frequency of external operational loss data | |
US10445496B2 (en) | Product risk profile | |
CN109902021A (en) | A kind of information system security test quality evaluating method and system | |
Lis et al. | Cyberattacks on critical infrastructure: An economic perspective | |
Ioana | STUDY REGARDING THE IMPACT OF THE AUDIT COMMITTEE CHARACTERISTICS ON COMPANY PERFORMANCE. | |
Al-Okaily et al. | Information technology governance and online banking in Bahrain | |
US20220188828A1 (en) | Transaction generation for analytics evaluation | |
CN113095931A (en) | Post-loan risk monitoring method and device and computer equipment | |
Legowo et al. | Risk management; risk assessment of information technology security system at bank using ISO 27001 | |
Kattai | Credit risk model for the Estonian banking sector | |
Milenia et al. | Analysis of the effect of sharia compliance and islamic corporate governance on fraud in islamic banks in Indonesia 2017-2019 | |
US10771347B2 (en) | Method, apparatus, and computer-readable medium for data breach simulation and impact analysis in a computer network | |
Dobolyi et al. | Modeling consumer-perceived web application fault severities for testing | |
Komoto et al. | Assessing business processes by checking transaction documents for inconsistency risks | |
Afgan | Resilience of company management system | |
Ekananda | Misinvoicing analysis in ASEAN-China free trade agreement (ACFTA) | |
Suroso et al. | Risk Management of Debtor Information System At Bank XYZ Using OCTAVE Allegro Method | |
Anghelache et al. | „Operational risk–an assessment at international level‟ | |
Dewi et al. | Factors influencing the effectiveness of credit card fraud prevention in Indonesian issuing banks | |
Douthett Jr et al. | The association between auditor size and bank regulator ratings | |
Cao et al. | Modeling Inverse Demand Function with Explainable Dual Neural Networks | |
Lin et al. | The optimal operational risk capital requirement by applying the advanced measurement approach | |
Tum | Continuous Audit: From the concept towards the implementation | |
DOMNIŞORU et al. | AUDITOR INDEPENDENCE, AUDIT COMMITTEE QUALITY AND INTERNAL CONTROL WEAKNESSES. | |
RAHMANI et al. | TRUST BASED SECURITY MODEL FOR CLOUD SYSTEMS IN AN ORGANIZATION |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |