CN109919438A - Insurance risk appraisal procedure and system before network security insurance is protected - Google Patents

Insurance risk appraisal procedure and system before network security insurance is protected Download PDF

Info

Publication number
CN109919438A
CN109919438A CN201910087022.9A CN201910087022A CN109919438A CN 109919438 A CN109919438 A CN 109919438A CN 201910087022 A CN201910087022 A CN 201910087022A CN 109919438 A CN109919438 A CN 109919438A
Authority
CN
China
Prior art keywords
score value
network
insurance
information
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910087022.9A
Other languages
Chinese (zh)
Inventor
张俊峰
舒首衡
俞优
黄震中
陆臻
何升文
顾健
翁越龙
刘文钢
蔡仲�
孙晓明
蒋星兰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xuanji Information Technology Co Ltd
Shanghai Jiaweisi Information Technology Co Ltd
Third Research Institute of the Ministry of Public Security
Original Assignee
Beijing Xuanji Information Technology Co Ltd
Shanghai Jiaweisi Information Technology Co Ltd
Third Research Institute of the Ministry of Public Security
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xuanji Information Technology Co Ltd, Shanghai Jiaweisi Information Technology Co Ltd, Third Research Institute of the Ministry of Public Security filed Critical Beijing Xuanji Information Technology Co Ltd
Priority to CN201910087022.9A priority Critical patent/CN109919438A/en
Publication of CN109919438A publication Critical patent/CN109919438A/en
Pending legal-status Critical Current

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

Insurance risk appraisal procedure and system before protecting the invention discloses a kind of insurance of network security, described method includes following steps: owner's company-related information of the quasi- network system of insuring of acquisition, and according to first score value of associated information calculation;The quasi- equipment safety control and measure relevant information that network system has been taken of insuring of acquisition, and calculate the second score value;Security scan and availability and safety monitoring, and computing system current safety health degree are carried out to quasi- network system of insuring, obtain third score value;Calculating is weighted and averaged to first score value, the second score value, third score value, final score value is obtained, compared with preset threshold, obtains risk evaluation result.The present invention has filled up insurance risk before network security insurance is protected and has assessed this blank field, according to network risks of both the software and hardware of objective world, improves the objectivity of assessment, accuracy and quantifiable, evaluation work also has more operability.

Description

Insurance risk appraisal procedure and system before network security insurance is protected
Technical field
The present invention relates to network security assurance technology fields, and in particular to a kind of preceding insurance risk of network security insurance guarantor Appraisal procedure and system.
Background technique
In general, network risks are divided into first party and third parties risks.The insurance coverage that insurance products provide can cover The wherein risk that one side or both sides is directed to.The assets of enterprise oneself, including number money are covered for the declaration form of first party Service disconnection caused by production, network paralysis, network fraud, reputation loss, cyber thefts etc.;For third-party declaration form packet The assets for including other people assets, especially client generally include safety and privacy leakage, multiple multimedia language, third party's data The risks such as loss.
The insurance coverage of network security insurance at present generally includes: sensitive data leaks (personal and business data), hacker Invasion, computer virus, employee's malicious sabotage data or processing data are improper, Data Theft, network security thrashing, count The third party that calculation machine systematic failures are caused claims damages or caused service disconnection, or even the guarantor of related ransom money is extorted including network Barrier.
All in all, network security insurance is external very flourishing, and at home from the point of view of, carry out this respect insurance meter The insurance company and few drawn, people are not also high to the acceptance of this kind of product.The reason is that various: being on the one hand legislation Specification, is on the one hand that the uncertainty and risk that insurance company may bear is larger, furthermore user (enterprise, individual) is for this block Acceptance may be also not high.
Why network security insurance can not develop at home, and mainly uncertainty and risk is big, fixed without network security The standard of damage;In addition it is also rested in domestic most users understanding and payes attention to hardware, despises in the level of data, and network security Main target be the secrecy for guaranteeing data, completely and undeniably.
As emerging product, the client's awareness degree of enterprise network security insurance at present at home is lower, but with domestic phase Sound and science and technology, data and computer the continuous development of laws and regulations is closed, the sense of risk of client can be looked forward to promotion The market of industry network security insurance will sustainable growth in future.
In recent years, clearly, whether large-scale transnational enterprise or small-sized local are public for the trend that network risks came back Department, operation cost all significantly rise because of the increase of network risks.Because the origin cause of formation and fuse cord of network risks often become Change, company management person is more difficult correctly to recognize the risk essence that they are faced, and can not confirm oneself it is desirable which The insurance products of seed type.In this context, further promotion is had for the demand of network security insurance.
For enterprise, in the case where enterprise has occurred and that safety accident, network security insurance can reduce enterprise Monetary losses.It is compared with monetary loss, really it is important that anticipation risk.Therefore insurance risk before network security insurance is protected Assessment is just particularly important.It is currently directed to risk assessment before the insuring of network system, there are no architecture and standardization Evaluation measures, all estimated substantially with empirical value based on, accuracy and quantifiable all lower.
Summary of the invention
The purpose of the present invention is what is be achieved through the following technical solutions.
Specifically, according to an aspect of the invention, there is provided preceding insurance risk assessment side is protected in a kind of insurance of network security Method includes the following steps:
Owner's company-related information of the quasi- network system of insuring of acquisition, and divided according to the associated information calculation first Value;
The quasi- equipment safety control and measure relevant information that network system has been taken of insuring of acquisition, and calculate the second score value;
Security scan and availability and safety monitoring are carried out to quasi- network system of insuring, and computing system is current Safe and healthy degree obtains third score value;
Calculating is weighted and averaged to first score value, the second score value, third score value, obtains final score value, and it is default Threshold value comparison obtains risk evaluation result.
Preferably, target crawl is carried out using web crawlers method, thus the owner enterprise of the quasi- network system of insuring of acquisition Industry relevant information.
Preferably, the web crawlers method includes the following steps:
(1), using Dewey Decimal Classification, the stage is extracted in web page characteristics, rapidly finds out web page text and Anchor Text Keyword similar in keyword subject;
(2), theme candidate link feature text is extracted;
(3), classified using Naive Bayes Classifier to candidate link theme edge text, obtain theme Related web page;If text belongs to specific subject, corresponding candidate link using weight of classifying as priority value, with The size order of priority is inserted into queue of creeping, and crawler preferentially accesses the big link of classification value, if text is not belonging to specific master Topic, then abandon candidate link;
(4), its corresponding technorati authority and centrad are calculated with HITS algorithm to the Web link information of related web page, Information, reversed webpage, the brother's link of backward chaining, URL link nearby of comprehensive Anchor Text, Anchor Text, prejudges webpage to be crawled With the degree of correlation of theme.
Preferably, the extraction theme candidate link feature text includes the following steps:
(1) word segmentation processing is carried out to the Anchor Text of webpage and text, removes stop words, obtains keyword;
(2) the Du Wei class number of keyword is searched;
(3) theme candidate link feature text is extracted with the characteristic of Dewey decimal classification and combination two-dimensional coordinate; Using the length of keyword class number as X-axis, keyword classification number as Y-axis, by the corresponding Du Weishi of keyword into point Class number draws corresponding point in two-dimensional coordinate;
(4) the corresponding keyword conduct of key point in two-dimensional coordinate around Anchor Text key point and Anchor Text is extracted Theme candidate link feature text.
Preferably, it is accounted for according to the enterprises ' industry correlation accounting factor, the scope of the enterprise correlation accounting factor, system property correlation Specific factor obtains first score value by linear fit.
Preferably, the equipment safety control and measure relevant information include: system Construction physical environment, system storage Information type, system compliance situation, system information safety management system situation, system security department and post setting situation, System security system and specification foundation and performance, system emergency response personnel and prediction scheme situation.
Preferably, the second score value is calculated by the following safety management parameters of linear fit:
(1) information system essential information parameter, including system Construction physical environment, system to store information type, system etc. Ensure safety level information, security setup control message authentication information;
(2) network security daily management information parameter, including personal management and asset management;
(3) network safety prevention information parameter, including network perimeter security protection and web portal security protection;
(4) network security emergency information parameter, including emergency preplan and system data back-up;
(5) network security educational training information parameter.
Preferably, described pair of quasi- network system of insuring carries out security scan and availability and safety monitoring, packet It includes:
The System Security Vulnerability scanning is attacked using the method for drain sweep tool and manual verification from SQL injection detection, across station Hit detection, the detection of web application scenarios, the hiding field of the detection page, third party software misconfiguration context of detection detection system safety Property;
The availability and safety monitoring by monitoring system availability, serve port availability, the page is doubtful usurps Change, sensitive word, dead chain, dislike chain, DNS kidnaps the monitoring data collected one week.
Preferably, the average weighted calculation formula is as follows:
Wherein y indicates final score value, and X1, X2, X3 respectively indicate the first score value, the second score value, third score value;α indicates quasi- The owner's company-related information coefficient for network system of insuring;β indicates the equipment safety control that quasi- network system of insuring has been taken And measure relevant information system;γ indicates system current safety health degree coefficient.
According to another aspect of the present invention, a kind of preceding insurance risk assessment system of network security insurance guarantor is additionally provided, Including following module:
First acquisition computing module, for acquiring owner's company-related information of quasi- network system of insuring, and according to institute State the first score value of associated information calculation;
Second acquisition computing module, for acquiring the quasi- equipment safety control and measure phase that network system has been taken of insuring Information is closed, and calculates the second score value;
Third acquires computing module, for carrying out security scan and availability and safety to quasi- network system of insuring Property monitoring, and computing system current safety health degree obtains third score value;
Evaluation module obtains most for being weighted and averaged calculating to first score value, the second score value, third score value Whole score value obtains risk evaluation result compared with preset threshold.
The present invention has the advantages that the present invention, which has filled up insurance risk before network security insurance is protected, assesses this blank neck Domain improves the objectivity of assessment, accuracy and can measure according to network risks of both the software and hardware of objective world The property changed, evaluation work also have more operability.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are general for this field Logical technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to this hair Bright limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Attached drawing 1 shows insurance risk assessment before a kind of insurance of network security according to an embodiment of the present invention is protected Method flow diagram.
Insurance risk is commented before a kind of network security insurance that attached drawing 2 shows another embodiment according to the present invention is protected Estimate method flow diagram.
The network system owner enterprise correlation scale that attached drawing 3 shows another embodiment according to the present invention is engaged in Trade information assessment models schematic diagram.
Attached drawing 4 shows the network system security protection and equipment management measure of another embodiment according to the present invention Relevant information assessment models schematic diagram.
Attached drawing 5 show another embodiment according to the present invention network system current health and safe condition it is real-time Detection information assessment models schematic diagram.
Attached drawing 6 shows insurance risk assessment before a kind of insurance of network security according to an embodiment of the present invention is protected System diagram.
Specific embodiment
The illustrative embodiments of the disclosure are more fully described below with reference to accompanying drawings.Although showing this in attached drawing Disclosed illustrative embodiments, it being understood, however, that may be realized in various forms the disclosure without that should be illustrated here Embodiment is limited.It is to be able to thoroughly understand the disclosure on the contrary, providing these embodiments, and can incite somebody to action The scope of the present disclosure is fully disclosed to those skilled in the art.
The preceding method and system for carrying out insurance risk assessment is protected about network security insurance the invention discloses a kind of.Institute The method of stating includes: the safety precaution and safety for obtaining quasi- insure owner's company-related information of network system, system and having taken Management equipment and measure relevant information, system current health and safe condition real-time detection information;Above- mentioned information are utilized respectively The risk assessment algorithm constructed in advance is assessed, and obtained assessed value is finally weighted and averaged calculating, obtains system most Whole insurance risk assessed value.When the value is higher than given threshold, system can accept and insure;When the value is lower than given threshold When, it is believed that system safety hazards are excessively high, can not accept, and secondary evaluation carried out after must carrying out safety rectification, until up to standard.
Embodiment 1
As shown in Figure 1, being commented to protect preceding insurance risk according to a kind of insurance of network security of another embodiment of the present invention Estimate method flow diagram.The specific method is as follows for the embodiment of the present invention as shown in the figure:
Owner's company-related information of S1, the quasi- network system of insuring of acquisition, and according to the associated information calculation first Score value.
In an embodiment of the present invention, the relevant information can include but is not limited to: company size is engaged in industry, public affairs Turnover accounting, the property of system, associate's quantity etc. on department's turnover, line.
In a preferred embodiment of the invention, above-mentioned acquisition carries out target crawl using web crawlers technology.Web crawlers (be otherwise known as webpage spider, network robot, more frequent to be known as webpage follower among the community FOAF), be it is a kind of by According to certain rule, the program or script of web message are automatically grabbed.There are also ants for the rarely needed name of other Ant, automatic indexing, simulation program or worm.
Web crawlers is according to system structure and realizes technology, can substantially be divided into following several types: universal network crawler (General Purpose Web Crawler), focused web crawler (Focused Web Crawler), increment type network are climbed Worm (Incremental Web Crawler), Deep Web Crawler (Deep Web Crawler).Actual network crawler system Usually several crawler technologies combine realization.
Universal network crawler is also known as the whole network crawler (Scalable Web Crawler), and object of creeping is from some seed URL Entire Web is extended to, predominantly portal search engine and large-scale Web service provider acquires data.Since business is former Cause, their technical detail are seldom announced and are come out.Creep range and the enormous amount of this kind of web crawlers, for creep speed It is more demanding with memory space, it is relatively low for the sequence requirement for the page of creeping, simultaneously because the page to be refreshed is too many, Concurrent working mode is generallyd use, but needs the long period that could refresh a page.Although there are certain defect, general network Network crawler is suitable for searching for extensive theme for search engine, there is stronger application value.
Focused web crawler (Focused Crawler), also known as theme network crawler (Topical Crawler), refer to The web crawlers for those and the theme related pages pre-defined of selectively creeping.It compares, focuses with universal network crawler Crawler only needs to creep the page relevant to theme, dramatically saves hardware and Internet resources, the page of preservation is also due to number Updating decision less is measured, can also meet the needs of some specific crowds are to specific area information well.
Focused web crawler is compared with universal network crawler, increases link evaluation module and resource content evaluation module.It is poly- The key that burnt crawler crawl policy is realized is to evaluate the importance of content of pages and link, and different methods is calculated important Property it is different, thus cause the access order of link also different.
Since the present invention is towards specific data source, theme network crawler algorithm is used.The present invention webpage just Text, nearby information, reversed webpage, brother's link of backward chaining, URL link combine for Anchor Text, Anchor Text, use one Kind mixing crawl policy.The characteristics of webpage to be grabbed for every step, improved using the URL prediction technique of differentiation webpage with The degree of correlation of theme.Specifically, including the following steps: present invention employs unique theme network crawler algorithm
(1), using Dewey Decimal Classification, the stage is extracted in web page characteristics, rapidly finds out web page text and Anchor Text Keyword similar in keyword subject.For example, by the way that the webpage comprising address name can be found out rapidly and comprising the name Anchor Text.
(2), theme candidate link feature text is extracted.The realization process of the step includes following four steps:
(1) word segmentation processing is carried out to the Anchor Text of webpage and text, removes stop words, obtains keyword;
(2) the Du Wei class number of keyword is searched;
(3) theme candidate link feature text is extracted with the characteristic of Dewey decimal classification and combination two-dimensional coordinate. Using the length of keyword class number as X-axis, keyword classification number as Y-axis, by the corresponding Du Weishi of keyword into point Class number draws corresponding point in two-dimensional coordinate.
(4) the corresponding keyword conduct of key point in two-dimensional coordinate around Anchor Text key point and Anchor Text is extracted Theme candidate link feature text.
(3), classified using Naive Bayes Classifier to candidate link theme edge text, obtain theme Related web page.If text belongs to specific subject, corresponding candidate link using weight of classifying as priority value, with The size order of priority is inserted into queue of creeping, and crawler preferentially accesses the big link of classification value, if text is not belonging to specific master Topic, then abandon candidate link.For example, if text belongs to this theme of address name, its higher priority is just assigned, but such as Fruit text is not belonging to address name theme, just abandons candidate link therein.
(4), its corresponding technorati authority is calculated with HITS algorithm to the Web link information of related web page (authority) and centrad (hub), comprehensive Anchor Text, Anchor Text nearby information, reversed webpage, backward chaining brother link It connects, URL link, prejudges the degree of correlation of webpage and theme to be crawled.
For example, the degree of correlation of webpage and address name to be crawled can accurately be prejudged out by the step very much, Although some webpages include address name, the degree of correlation might not be very high, and can abandon.
It is looked forward to according to the owner of the network system risk probability sample of precondition to collected quasi- network system of insuring Industry relevant information carries out calculating the first score value X1.
It according to a preferred embodiment of the present invention, can be according to enterprises ' industry phase during calculating the first score value It closes the accounting factor, the scope of the enterprise correlation accounting factor, the system property correlation accounting factor and obtains described first by linear fit Score value.
In the present invention, for example, according to the statistics of big data, based on net being had occurred and that in reality or may occurring The enterprises ' industry correlation accounting factor is divided into network security risk high risk industries, middle danger industry, low danger and gone by network security incident Industry.
High risk industries: internet financial industry, information technology data service industry, state enterprise, medical industry, online Education etc., such enterprises ' industry correlation accounting factor score is often below 50 points, due to there is sensitive letter in such industry Breath, potential risk are big.
Middle danger industry: manufacturing industry, transport service, internet works software, Internet technology, news etc., such industry exist sensitive Information, but disturbance degree is lower, potential risk is lower, and often score 60-80 points of such enterprises ' industry correlation accounting factor score.
Low danger industry: internet security, sport, community service, scientific research and technological service, chemical industry manufacture etc., it is such Industry is due to use scope, and security protection ability is stronger, can resist risk, and potential risk is minimum, such enterprises ' industry phase Accounting factor score is closed commonly greater than 90 points.
The scope of the enterprise correlation accounting factor includes scope of the enterprise and unit property.For example, scope of the enterprise be generally divided into it is especially big It is type, large size, medium-sized, small-sized, miniature;The risk of medium-sized and small enterprises be it is relatively high, oversized enterprise is in terms of network security Consciousness it is highest, the risk of response be it is minimum, since influence power is smaller, potential risks are relatively low for minuscule-type-enterprise, then should The item scope of the enterprise correlation accounting factor is higher.Unit property is divided into government/public institution, state-owned enterprise, overseas-funded enterprise, private Enterprise etc., since influence power is bigger, network security potential risk is very high for government/public institution, then this scope of the enterprise correlation The accounting factor is relatively low.
The system property correlation accounting factor include system to enterprise's bring turnover income accounting, enterprise staff number, Enterprise technology headcount, enterprise network security headcount etc..System turnover income accounting is bigger, then risk is bigger;Enterprise Network security employee accounting is bigger in industry employee, then risk is smaller, this scope of the enterprise correlation accounting factor is higher.
S2, the quasi- equipment safety control and measure relevant information that network system has been taken of insuring of acquisition, and calculate second point Value.
According to an embodiment of the invention, the equipment safety control and measure relevant information include but is not limited to: system is built If physical environment, system to store information type, system compliance situation, system information safety management system situation, system are safe Department and post setting situation, system security system and specification foundation and performance, system emergency response personnel and pre- merit Condition etc..
According to an embodiment of the invention, calculating the second score value X2 according to by the following safety management parameters of linear fit.
(1) information system essential information parameter:
A) system Construction physical environment: the physical environment of Information System configuration generally comprise local construction, host lease, Four kinds of IDC trustship, public cloud situations;The risk of public cloud be it is minimum, the risk of host lease be it is highest, risk height Compare: host lease > IDC trustship > local construction > public cloud carries out default score value to four kinds of system Construction physical environments.
B) system to store information type: information system storage class generally comprise personally identifiable information, payment card information, Personal health information, intellectual property information, username and password, wherein payment card information risk highest, intellectual property information wind Danger is minimum, carries out default score value to information type.
C) system etc. ensures safety level information: the level information that ensures safety such as system is divided into two classes, has passed through security level and has protected Shield, does not pass through protection based on security rank;Have etc. by protection based on security rank protect level-one, etc. protect second level, etc. protect three-level, etc. protect level Four Situations such as, the security protection ability of the higher system of rank is higher, and corresponding risk is lower.
D) security setup control message (ISO270001) authentication information: system information safety management system authentication information is It can effectively protect information resources, protection IT application process health, orderly, sustainable development.This can be embodied to a certain extent System security protection ability.Show that Risk of Information System is low by certification.
(2) network security daily management information parameter
A) personal management: whether the daily personal management of network security includes that network security is daily has special network peace Whether full personnel and release mechanism, the accountability in the daily personal management post of network security are established, network security daily management Whether the safe and secret agreement of emphasis post personnel is signed, and the daily personal management of network security security regulations of leaving the post to leave office are negatives System and external staff access whether the important areas such as computer room establish examination and approval system, and the above thin item is to the daily pipe of network security Manage risk subdivision.The perfect system of safety is established, the Security Officer for having profession is that play the role of reduction to risk.
B) asset management: asset management is asset management system, the equipment directly to system in network security daily management It maintenance maintenance and scraps management system and whether establishes statistics, the perfect foundation of asset management is that reduction network security risk is important Factor.
(3) network safety prevention information parameter
A) network perimeter security protects: network perimeter security protection is a kind of safeguard measure of network security, mainly from three A aspect collects the ability that relevant information embodies network perimeter security protection.Network safety prevention deployed with devices is as embodiment The important embodiment of network perimeter security protective capacities, if deployment firewall, intrusion detection/defensive equipment, security audit are set Standby, Anti Virus Gateway, anti-Denial of Service attack equipment etc. is that have certain reduction effect to network security risk, is embodied in this Item score value will increase;It is also concerning network security that whether device security policy configuration, which configures, and configuration greatly reduces wind on demand Danger, is embodied in score value and then becomes larger;Secure Network Assecc log retention is easy for routine safety protection, helps to reduce network peace Full blast danger.
B) web portal security protects: web portal security protection is the measure of direct guard system safety, if installation web application Firewall, the anti-tamper tool of webpage, if safety detection periodically is carried out to website, these thin items are all to embody web portal security to prevent The ability of shield, the system for being mounted with above-mentioned safeguard, the system network safety risk then reduce, this score value then becomes larger.
(4) network security emergency information parameter
A) emergency preplan: emergency preplan is important embodiment in network security emergency response work, and enterprise is in emergency preplan Do some preparations, occurrence risk also can development without any confusion resume work, reduce risk bring loss, establish emergency preplan, Then network security emergency item score value becomes larger.
B) system data back-up: in maintenance system routine safety, system backup and system data back-up contribute to send out Raw risk carries out looking into scarce leak repairing, takes back-up arrangement, then the entry value is bigger.
(5) network security educational training information parameter
Network security educational training is to promote business system safety, and enterprise personnel is allowed to know about the thin of network security Section, in routine maintenance procedure, the setting for training number and training object is to influence this score value, more in training number, training Instruction object range is bigger, then the score value is higher.
S3, security scan and availability and safety monitoring are carried out to quasi- network system of insuring, and computing system is worked as Preceding safe and healthy degree obtains third score value X3.
In an embodiment of the present invention, illustrate the calculation of third score value: the safe drain sweep physical examination of system utilizes leakage The method for sweeping tool and manual verification is hidden from SQL injection detection, cross-site attack detection, the detection of web application scenarios, the detection page Field, third party software misconfiguration context of detection detection system safety are hidden, such as finds high risk loophole, then this is direct It fails, user needs to rectify and improve and repair again relevant vulnerability and reaches the requirement of system safety detection.Availability and safety monitoring Be by monitoring system availability, serve port availability, the page it is doubtful distort, sensitive word, dead chain, dislike chain, DNS is kidnapped etc. Aspect collects one week monitoring data, and availability and safety monitoring score value are calculated from data.Research and application number According to when the availability monitoring discovery system page can not be opened, then this score value is directly below threshold value;Availability monitors system hair The existing page access time is greater than 5 seconds, then this subtracts 5;Greater than 10 seconds, then this subtracted 20;Sensitive word is found in content of pages monitoring Number after duplicate removal, one sensitive word of every discovery subtract 5 point, at most subtract 50 point;It finds to exist in the page in content of pages monitoring dead Chain, the number after duplicate removal each subtract 1 point, at most subtract 20 points;Safety monitoring discovery it is doubtful distort page duplicate removal after each subtract 5 points, at most subtract 50 point;Each subtract 20 it was found that malicious link, after duplicate removal point;Safety in one week and availability monitoring are always set up separately It is 100 points, calculates above-mentioned each entry value, obtain one week monitoring score, system physical examination score and safety in one week and availability score Monitoring rate is 4:6, by weighted calculation, obtains X3.
S4, calculating is weighted and averaged to first score value, the second score value, third score value, obtains final score value, with Preset threshold compares, and obtains risk evaluation result.
The average weighted calculation formula is as follows:
Wherein y indicates final score value, and X1, X2, X3 respectively indicate the first score value, the second score value, third score value;α indicates quasi- The owner's company-related information coefficient for network system of insuring (empirical value is usually 0.2);β indicates quasi- and has insured network system The equipment safety control and measure relevant information system taken (empirical value is usually 0.4);γ indicates system current safety health It spends coefficient (empirical value is usually 0.4).
When y is greater than preset threshold, then it is assumed that the safety of the quasi- network system of insuring to be assessed is higher, can permit It insures, if y is less than preset threshold, then it is assumed that the safety of the quasi- network system of insuring to be assessed is lower, does not allow to throw It protects.
Certainly, if secondary comment can be carried out after quasi- network system of insuring carries out the safety rectifications of above-mentioned various aspects Estimate, allows to insure after up to standard.
Through the foregoing embodiment, method of the invention has filled up insurance risk before network security insurance is protected and has assessed this sky White collar domain, according to network risks of both the software and hardware of objective world, improve the objectivity of assessment, accuracy and Quantifiable, evaluation work also has more operability.
Embodiment 2
It is similar with the general framework of embodiment 1 in the embodiment, difference from Example 1 is only illustrated below.
Wherein, a kind of network security insurance that attached drawing 2 shows another embodiment according to the present invention is insured wind before protecting Dangerous appraisal procedure flow chart.In this embodiment, it establishes network system owner enterprise correlation scale respectively first and is engaged in row Industry information evaluation model, network system security protection and equipment management measure relevant information assessment models, network system are currently good for Then health and safe condition real-time detection information evaluation model calculate separately point of network system to be insured according to each model Value, if there is the calculating score value of a model cannot then insure lower than default corresponding threshold value.When the calculating point of all three models When value is above corresponding preset threshold (including first threshold, second threshold, third threshold value), three weighted averages are calculated Value, then more corresponding 4th threshold value again, can insure if being higher than the 4th threshold value, cannot insure if being lower than. It is calculated after system rectification of insuring again according to flow chart, just allows to insure until up to standard.
The network system owner enterprise correlation scale that attached drawing 3 shows another embodiment according to the present invention is engaged in Trade information assessment models schematic diagram.The model includes company size, is engaged in that industry, company's turnover, the turnover accounts on line Than, the property of system, associate's quantity etc..Other technologies information is similar with embodiment 1, and details are not described herein.
Attached drawing 4 shows the network system security protection and equipment management measure of another embodiment according to the present invention Relevant information assessment models schematic diagram.The equipment safety control and measure relevant information include but is not limited to: system Construction object Manage environment, system to store information type, system compliance situation, system information safety management system situation, system security department And post setting situation, system security system and specification establish and performance, system emergency response personnel and prediction scheme situation Deng.Other technologies information is similar to Example 1, and details are not described herein.
Attached drawing 5 show another embodiment according to the present invention network system current health and safe condition it is real-time Detection information assessment models schematic diagram.The model includes security scan physical examination data, one week availability and safety system Monitoring data of uniting etc..Other technologies information is similar to Example 1, and details are not described herein.
Through the foregoing embodiment, method of the invention has filled up insurance risk before network security insurance is protected and has assessed this sky White collar domain, according to network risks of both the software and hardware of objective world, improve the objectivity of assessment, accuracy and Quantifiable, evaluation work also has more operability.
Embodiment 3
As shown in fig. 6, according to another aspect of the present invention, wind of insuring before a kind of network security insurance is protected is additionally provided Dangerous assessment system, including following module:
First acquisition computing module 11, for acquiring owner's company-related information of quasi- network system of insuring, and according to First score value of associated information calculation;
Second acquisition computing module 12, for acquiring the quasi- equipment safety control and measure that network system has been taken of insuring Relevant information, and calculate the second score value;
Third acquires computing module 13, for carrying out security scan and availability and peace to quasi- network system of insuring Full property monitoring, and computing system current safety health degree, obtain third score value;
Evaluation module 14 is obtained for being weighted and averaged calculating to first score value, the second score value, third score value Final score value obtains risk evaluation result compared with preset threshold.
Through the foregoing embodiment, system of the invention has filled up insurance risk before network security insurance is protected and has assessed this sky White collar domain, according to network risks of both the software and hardware of objective world, improve the objectivity of assessment, accuracy and Quantifiable, evaluation work also has more operability.
It should be understood that
Algorithm and display be not inherently related to any certain computer, virtual bench or other equipment provided herein. Various fexible units can also be used together with teachings based herein.As described above, it constructs required by this kind of device Structure be obvious.In addition, the present invention is also not directed to any particular programming language.It should be understood that can use various Programming language realizes summary of the invention described herein, and the description done above to language-specific is to disclose this The preferred forms of invention.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that implementation of the invention Example can be practiced without these specific details.In some instances, well known method, knot is not been shown in detail Structure and technology, so as not to obscure the understanding of this specification.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of the various inventive aspects, In the above description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single reality sometimes It applies in example, figure or descriptions thereof.However, the disclosed method should not be interpreted as reflecting the following intention: being wanted Ask protection the present invention claims features more more than feature expressly recited in each claim.More precisely, such as As following claims reflect, inventive aspect is all features less than single embodiment disclosed above. Therefore, it then follows thus claims of specific embodiment are expressly incorporated in the specific embodiment, wherein each right is wanted Ask itself all as a separate embodiment of the present invention.
Those skilled in the art will understand that adaptivity can be carried out to the module in the equipment in embodiment Ground changes and they is arranged in one or more devices different from this embodiment.It can be the module in embodiment Or unit or assembly is combined into a module or unit or component, and furthermore they can be divided into multiple submodule or sons Unit or sub-component.It, can be with other than such feature and/or at least some of process or unit exclude each other Using any combination to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and such as All process or units of any method or apparatus of the displosure are combined.Unless expressly stated otherwise, this specification Each feature disclosed in (including the accompanying claims, abstract and drawings) can be by providing identical, equivalent, or similar purpose Alternative features replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments means in the present invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed It is one of any can in any combination mode come using.
Various component embodiments of the invention can be implemented in hardware, or to transport on one or more processors Capable software module is realized, or is implemented in a combination thereof.It will be understood by those of skill in the art that can be in practice The creating device of virtual machine according to an embodiment of the present invention is realized using microprocessor or digital signal processor (DSP) In some or all components some or all functions.The present invention is also implemented as described here for executing Method some or all device or device programs (for example, computer program and computer program product).This The program that the realization of sample is of the invention can store on a computer-readable medium, or can have one or more signal Form.Such signal can be downloaded from an internet website to obtain, and perhaps be provided on the carrier signal or with any Other forms provide.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and this Field technical staff can be designed alternative embodiment without departing from the scope of the appended claims.In claim In, any reference symbol between parentheses should not be configured to limitations on claims.Word "comprising" is not excluded for depositing In element or step not listed in the claims.Word "a" or "an" located in front of the element does not exclude the presence of multiple Such element.The present invention can be by means of including the hardware of several different elements and by means of properly programmed calculating Machine is realized.In the unit claims listing several devices, several in these devices can be by same Hardware branch embodies.The use of word first, second, and third does not indicate any sequence.It can be by these word solutions It is interpreted as title.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited to This, anyone skilled in the art in the technical scope disclosed by the present invention, the variation that can readily occur in or replaces It changes, should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with the guarantor of the claim It protects subject to range.

Claims (10)

  1. Insurance risk appraisal procedure before 1. a kind of network security insurance is protected, which comprises the steps of:
    Owner's company-related information of the quasi- network system of insuring of acquisition, and according to first score value of associated information calculation;
    The quasi- equipment safety control and measure relevant information that network system has been taken of insuring of acquisition, and calculate the second score value;
    Security scan and availability and safety monitoring are carried out to quasi- network system of insuring, and computing system current safety is strong Kang Du obtains third score value;
    Calculating is weighted and averaged to first score value, the second score value, third score value, final score value is obtained, with preset threshold Compare, obtains risk evaluation result.
  2. Insurance risk appraisal procedure before 2. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    Target crawl is carried out using web crawlers method, thus owner's company-related information of the quasi- network system of insuring of acquisition.
  3. Insurance risk appraisal procedure before 3. a kind of network security insurance as claimed in claim 2 is protected, it is characterised in that: the net Network crawler method includes the following steps:
    (1), using Dewey Decimal Classification, the stage is extracted in web page characteristics, rapidly finds out web page text and Anchor Text keyword Keyword similar in theme;
    (2), theme candidate link feature text is extracted;
    (3), classified using Naive Bayes Classifier to candidate link theme edge text, it is related to obtain theme Webpage;If text belongs to specific subject, corresponding candidate link is using weight of classifying as priority value, with priority Size order insertion creep queue, crawler preferentially accesses the big link of classification value and loses if text is not belonging to specific subject Abandon candidate link;
    (4), its corresponding technorati authority and centrad, comprehensive anchor are calculated with HITS algorithm to the Web link information of related web page Information, reversed webpage, the brother's link of backward chaining, URL link nearby of text, Anchor Text, prejudges webpage and theme to be crawled The degree of correlation.
  4. Insurance risk appraisal procedure before 4. a kind of network security insurance as claimed in claim 3 is protected, it is characterised in that: described to mention Theme candidate link feature text is taken to include the following steps:
    (1) word segmentation processing is carried out to the Anchor Text of webpage and text, removes stop words, obtains keyword;
    (2) the Du Wei class number of keyword is searched;
    (3) theme candidate link feature text is extracted with the characteristic of Dewey decimal classification and combination two-dimensional coordinate;It checks on The length of keyword class number is as X-axis, and keyword classification number is as Y-axis, by the corresponding Du Weishi of keyword into classification number Code draws corresponding point in two-dimensional coordinate;
    (4) the corresponding keyword of key point in two-dimensional coordinate around Anchor Text key point and Anchor Text is extracted as theme time Select chain feature text.
  5. Insurance risk appraisal procedure before 5. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    Pass through line according to the enterprises ' industry correlation accounting factor, the scope of the enterprise correlation accounting factor, the system property correlation accounting factor Property is fitted to obtain first score value.
  6. Insurance risk appraisal procedure before 6. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    The equipment safety control and measure relevant information include: system Construction physical environment, system to store information type, system Compliance situation, system information safety management system situation, system security department and post setting situation, system security system and Specification is established and performance, system emergency response personnel and prediction scheme situation.
  7. Insurance risk appraisal procedure before 7. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    The second score value is calculated by the following safety management parameters of linear fit:
    (1) security personnel such as information system essential information parameter, including system Construction physical environment, system to store information type, system Full level information, security setup control message authentication information;
    (2) network security daily management information parameter, including personal management and asset management;
    (3) network safety prevention information parameter, including network perimeter security protection and web portal security protection;
    (4) network security emergency information parameter, including emergency preplan and system data back-up;
    (5) network security educational training information parameter.
  8. Insurance risk appraisal procedure before 8. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    Described pair of quasi- network system of insuring carries out security scan and availability and safety monitoring, comprising:
    The System Security Vulnerability scanning is examined using the method for drain sweep tool and manual verification from SQL injection detection, cross-site attack It surveys, the detection of web application scenarios, the detection page hiding field, third party software misconfiguration context of detection detection system safety;
    The availability and safety monitoring by monitoring system availability, serve port availability, the page it is doubtful distort, it is sensitive Word, dead chain, the monitoring data for disliking chain, DNS abduction collection one week.
  9. Insurance risk appraisal procedure before 9. a kind of network security insurance according to claim 1 is protected, which is characterized in that
    The average weighted calculation formula is as follows:
    Wherein y indicates final score value, and X1, X2, X3 respectively indicate the first score value, the second score value, third score value;α indicates quasi- and insures Owner's company-related information coefficient of network system;β indicates the quasi- equipment safety control and arrange that network system has been taken of insuring Apply relevant information system;γ indicates system current safety health degree coefficient.
  10. Insurance risk assessment system before 10. a kind of network security insurance is protected, which is characterized in that including following module:
    First acquisition computing module, for acquiring owner's company-related information of quasi- network system of insuring, and according to the phase It closes information and calculates the first score value;
    Second acquisition computing module, for acquiring the quasi- equipment safety control and measure correlation letter that network system has been taken of insuring Breath, and calculate the second score value;
    Third acquires computing module, for carrying out security scan and availability and safety prison to quasi- network system of insuring It surveys, and computing system current safety health degree, obtains third score value;
    Evaluation module obtains final point for being weighted and averaged calculating to first score value, the second score value, third score value Value, compared with preset threshold, obtains risk evaluation result.
CN201910087022.9A 2019-01-29 2019-01-29 Insurance risk appraisal procedure and system before network security insurance is protected Pending CN109919438A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910087022.9A CN109919438A (en) 2019-01-29 2019-01-29 Insurance risk appraisal procedure and system before network security insurance is protected

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910087022.9A CN109919438A (en) 2019-01-29 2019-01-29 Insurance risk appraisal procedure and system before network security insurance is protected

Publications (1)

Publication Number Publication Date
CN109919438A true CN109919438A (en) 2019-06-21

Family

ID=66961066

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910087022.9A Pending CN109919438A (en) 2019-01-29 2019-01-29 Insurance risk appraisal procedure and system before network security insurance is protected

Country Status (1)

Country Link
CN (1) CN109919438A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111382454A (en) * 2020-03-10 2020-07-07 广东工业大学 Network identity protection method and device, electronic equipment and storage medium
CN113407805A (en) * 2021-07-16 2021-09-17 山东北斗科技信息咨询有限公司 Big data based policy acquisition, cleaning and automatic accurate pushing method
CN115643107A (en) * 2022-12-13 2023-01-24 北京源堡科技有限公司 Network security risk assessment method and device, computer equipment and storage medium
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111382454A (en) * 2020-03-10 2020-07-07 广东工业大学 Network identity protection method and device, electronic equipment and storage medium
CN111382454B (en) * 2020-03-10 2021-03-16 广东工业大学 Network identity protection method and device, electronic equipment and storage medium
CN113407805A (en) * 2021-07-16 2021-09-17 山东北斗科技信息咨询有限公司 Big data based policy acquisition, cleaning and automatic accurate pushing method
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system
CN115643107A (en) * 2022-12-13 2023-01-24 北京源堡科技有限公司 Network security risk assessment method and device, computer equipment and storage medium
CN115643107B (en) * 2022-12-13 2023-04-21 北京源堡科技有限公司 Network security risk assessment method, device, computer equipment and storage medium

Similar Documents

Publication Publication Date Title
Fraile et al. Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study
CN109919438A (en) Insurance risk appraisal procedure and system before network security insurance is protected
CN113542279B (en) Network security risk assessment method, system and device
Chandra et al. A taxonomy of cybercrime: Theory and design
Bressler et al. Protecting your company's intellectual property assets from cyber-espionage
US20190356686A1 (en) Digital auditing system and method for detecting unauthorized activities on websites
Pérez-Morón Eleven years of cyberattacks on Chinese supply chains in an era of cyber warfare, a review and future research agenda
Plachkinova A Taxonomy for Risk Assessment of Cyberattacks on Critical Infrastructure (TRACI)
Hurlburt " Good Enough" Security: The Best We'll Ever Have
Chang et al. Mining the networks of telecommunication fraud groups using social network analysis
Frincke Embedding forensic capabilities into networks: addressing inefficiencies in digital forensics investigations
Ezeji et al. Cyber-related crime in South Africa: extent and perspectives of state’s roleplayers
Richards et al. Computer security incidents against Australian businesses: Predictors of victimisation
Ayo et al. Information security risks assessment: A case study
Febriyani et al. Security awareness strategy for Phishing email scams: A Case Study one of a company in Singapore
Gordon Economic and national security effects of cyber attacks against small business communities
Jumale Impact of Ethical Hacking on Business and Governments
Sun et al. Cybercrime Incident Reporting System
Srimoolanathan Protecting privacy: are today's national laws a boon or bane?
Gombiro et al. A conceptual framework for detecting financial crime in mobile money transactions
Christensen et al. An Achilles heel: denial of service attacks on Australian critical information infrastructures
KR102239376B1 (en) System of security level assessment for chemcial facility
KR102240737B1 (en) Method of security vulnerability assessment for chemcial facility
Ziro et al. Research of the Information Security Audit System in Organizations
Toapanta et al. Analysis of appropriate security processes to mitigate risk in a popular election system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190621