CN111275407A - Security requirement evaluation method, system, equipment and storage medium - Google Patents

Security requirement evaluation method, system, equipment and storage medium Download PDF

Info

Publication number
CN111275407A
CN111275407A CN202010092113.4A CN202010092113A CN111275407A CN 111275407 A CN111275407 A CN 111275407A CN 202010092113 A CN202010092113 A CN 202010092113A CN 111275407 A CN111275407 A CN 111275407A
Authority
CN
China
Prior art keywords
review
evaluation
list
feedback information
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202010092113.4A
Other languages
Chinese (zh)
Inventor
孔睿健
邓贞明
朱卫东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu Manyun Software Technology Co Ltd
Original Assignee
Jiangsu Manyun Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu Manyun Software Technology Co Ltd filed Critical Jiangsu Manyun Software Technology Co Ltd
Priority to CN202010092113.4A priority Critical patent/CN111275407A/en
Publication of CN111275407A publication Critical patent/CN111275407A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/10Requirements analysis; Specification techniques

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Physics & Mathematics (AREA)
  • Operations Research (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • General Business, Economics & Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a method, a system, equipment and a storage medium for evaluating safety requirements, wherein the evaluating method comprises the following steps: receiving a to-be-evaluated list, wherein the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to security requirement evaluation; sending each evaluation object to a corresponding evaluator terminal; receiving feedback information of the evaluator terminal to each review object, wherein the feedback information comprises the review state and the safety level of each review object; and establishing a review summary list according to the feedback information. According to the safety requirement evaluation method, the safety requirement evaluation is automatically triggered and the whole process of the safety requirement evaluation is tracked, so that the full coverage and online process of the core service of the safety requirement evaluation are realized, the evaluation efficiency is improved, and the waste of human resources is reduced.

Description

Security requirement evaluation method, system, equipment and storage medium
Technical Field
The invention relates to the field of internet, in particular to a security requirement evaluation method, a security requirement evaluation system, security requirement evaluation equipment and a storage medium based on a bypass mode.
Background
With the rapid development of enterprise information construction, the efficient and stable operation of the application system is directly related to the service continuity and the core competitiveness, and becomes an important precondition for the safe and stable operation of company services. At the same time, the application systems are also facing security threats from all aspects and ubiquitous potential risks. Among the potential safety hazards, the potential risks and threats possibly occurring in the internet mobile application system are various and complex, and throughout the whole life cycle of application system construction such as requirement proposing, design development, coding test, production operation and the like, omission in any stage may bring fatal threats to the safety of the application system, and further directly influences business management and occurrence of risk-inducing events. In the process, the safety requirement is proposed and analyzed to serve as a starting point of subsequent application system safety development and operation and maintenance activities, and the effective identification, the proposal, the analysis and the realization are very important.
In the process of popularizing safety demand management in practical application and test point, a demand management team brings the safety demand management into each link of a business demand management flow, wherein the key stage mainly comprises the following steps:
a. and (3) submitting business requirements: when a requirement proposing department compiles a business requirement, related contents of the safety requirement need to be clearly described in corresponding sections of a business requirement application form or a business requirement specification;
b. service requirement reception/service requirement acceptance: when receiving and accepting the business requirements, the demand management team checks the normative and the content of the business requirements, checks the related content of the safety requirements according to a safety requirement check sheet, and provides an opinion or a suggestion which is fed back to a requirement providing department for revision and perfection;
c. and (4) evaluating business requirements: the requirement management team pays more attention to and is responsible for organizing the safety requirement review work on the basis of the original business requirement review work, and the personnel participating in the safety requirement review mainly comprise a business requirement proposing department, a business administration department business team of the system, a development center requirement management team, a corresponding development team project manager and the like;
d. and (3) tracking service requirements: and the demand management team is responsible for tracking and feeding back the implementation situation, the implementation effect and the improvement measure of the safety demand.
In the face of rapid iterative development of an application system and the drastic increase of a large amount of safety requirement evaluation work, the prior art has the defects that the safety requirement evaluation work cannot be quantized, the evaluation result cannot be tracked in time through offline meeting type safety evaluation, manpower resource waste is caused, and the safety requirement evaluation of core services cannot be covered.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present invention and therefore may include information that does not constitute prior art known to a person of ordinary skill in the art.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide a safety requirement review method, a system, equipment and a storage medium, so that the full coverage and online process of the safety requirement review core service are realized, the review efficiency is improved, and the human resource cost is saved.
The embodiment of the invention provides a safety requirement evaluation method, which comprises the following steps:
receiving a to-be-evaluated list, wherein the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to security requirement evaluation;
sending each evaluation object to a corresponding evaluator terminal;
receiving feedback information of the evaluator terminal to each review object, wherein the feedback information comprises the review state and the safety level of each review object;
and establishing a review summary list according to the feedback information.
According to an embodiment of the present invention, the to-be-evaluated list further includes evaluation rules corresponding to the evaluation objects.
According to an embodiment of the present invention, the review rule corresponding to each review object is sent to the corresponding evaluator while each review object is sent to the corresponding evaluator.
According to an embodiment of the present invention, before the step of sending each of the review objects to the corresponding evaluator, the method further includes:
and performing type marking on each evaluation object in the to-be-evaluated list, and matching the corresponding evaluator according to the type marked by each evaluation object.
According to an embodiment of the present invention, before establishing the review summary list according to each piece of feedback information, the method further includes the following steps:
judging the evaluation state of the feedback information of each evaluation object;
and if the evaluation state of a evaluation object is pass, adding the feedback information of the evaluation object to the evaluation summary list.
According to an embodiment of the present invention, if the review status of a review object is pass, the method further comprises deleting the review object from the to-be-reviewed list.
According to an embodiment of the present invention, the security requirement review method further includes the following steps:
and if the evaluation state of the evaluation object of the feedback information is not passed, adding the evaluation object to the list to be evaluated.
According to an embodiment of the present invention, the security requirement review method further includes an updating step of the review object and/or an updating step of the review rule corresponding to the review object.
The embodiment of the invention also provides a safety requirement review system, which is applied to an established service system in a bypass mode and is used for realizing the safety requirement review method, and the safety requirement review system comprises the following steps:
the system comprises a to-be-evaluated list receiving module, a to-be-evaluated list receiving module and a safety requirement evaluating module, wherein the to-be-evaluated list receiving module is used for receiving a to-be-evaluated list which comprises a plurality of evaluation objects needing to be subjected to safety requirement evaluation;
the review sending module is used for sending each review object to the corresponding evaluator;
the feedback information receiving module is used for receiving feedback information of an evaluator on each review object, and the feedback information comprises the review state and the safety level of each review object;
and the review summary list module is used for establishing a review summary list according to the feedback information.
According to an embodiment of the present invention, the security requirement review system further includes a determination module, the determination module is configured to determine review states of the feedback information of each review object, and the review summary list module establishes a review summary list according to the determination of the determination module.
The embodiment of the invention also provides a safety requirement review device, which comprises:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the security requirements review method via execution of the executable instructions.
Embodiments of the present invention also provide a computer-readable storage medium storing a program that, when executed, implements the steps of the security requirement review method.
According to the safety requirement evaluation method, the system, the equipment and the storage medium, the safety requirement evaluation is automatically triggered and the whole process of the safety requirement evaluation is tracked, so that the full coverage and the online process of the core service of the safety requirement evaluation are realized, the safety evaluation can be recorded and traced, the evaluation efficiency is improved, and the waste of human resources is reduced.
Drawings
Other features, objects, and advantages of the invention will be apparent from the following detailed description of non-limiting embodiments, which proceeds with reference to the accompanying drawings and which is incorporated in and constitutes a part of this specification, illustrating embodiments consistent with the present application and together with the description serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a flow diagram of a security requirement review method according to an embodiment of the invention;
FIG. 2 is a schematic diagram of an interactive interface of a received pending review list according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an interactive interface for reviewing a summary list, in accordance with an embodiment of the present invention;
FIG. 4 is a schematic diagram of an interactive interface of a review status list according to an embodiment of the invention;
FIG. 5 is a schematic structural diagram of a security requirement review method according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a security requirement review device according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a computer-readable storage medium according to an embodiment of the present invention.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Fig. 1 is a flowchart of a security requirement review method according to an embodiment of the present invention, specifically, the review method includes the following steps:
s100: the method comprises the steps that a to-be-evaluated list receiving module receives a to-be-evaluated list, wherein the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to security requirement evaluation; for the convenience of the system user, the to-be-evaluated list receiving module of the security requirement evaluation system may further include an interactive interface module, and fig. 2 is an interactive interface schematic view of the received to-be-evaluated list according to an embodiment of the present invention.
The demand management team manages the safety demand, wherein the key stages mainly comprise:
s200: the review sending module sends each review object to the corresponding evaluator terminal; the to-be-evaluated list in the step S100 may further include an evaluation rule corresponding to each evaluation object, and at this time, the evaluation object may be sent to the corresponding evaluator, and the evaluation rule corresponding to each evaluation object may be sent to the corresponding evaluator. In an actual usage scenario, different companies adopt different policies, and thus the review rule may be specific content of the review rule, or may also be a review rule number corresponding to the review object, and the specific content of the review rule is received by the reviewer of the review object to refer to the company-related file by himself.
In some embodiments of the present invention, before the step S200 sends each of the review objects to the corresponding evaluator, the review method of an embodiment may further include a step of performing type tagging on each of the review objects in the to-be-reviewed list, and matching the corresponding evaluator according to the type tagged by each of the review objects, and of course, the system may prestore a matching relationship table between the type of the review object and the evaluator, and various corresponding contact ways of the evaluator. According to the safety requirement evaluation method, the evaluation object is automatically matched with the evaluator and then is sent, so that the search time of the evaluator can be shortened.
In some embodiments of the present invention, the step S200 may send each of the review objects to the corresponding evaluator directly after receiving the review object, or may set the review object to be a system trigger or a project threshold trigger (e.g., according to the working hours of the project). The safety requirement evaluation method provided by the invention has the advantages that the triggering condition is set to send the evaluation object to the evaluation personnel, so that the delay caused by the negligence of personnel can be reduced, and the timeliness of the evaluation process is effectively improved.
In the method, the specific evaluation work of the evaluators on the evaluation objects is offline, and after the step is executed, the system can adopt each method to send prompts to the evaluators so as to remind relevant evaluators to timely process the evaluation objects and feed corresponding evaluation results back to the system.
S300: a feedback information receiving module receives feedback information of the evaluator terminal to each review object, wherein the feedback information comprises the review state and the safety level of each review object;
s400: and the review summary list module establishes a review summary list according to the feedback information.
Before the step of S400, establishing a review summary list according to each piece of feedback information, the method further includes the following steps:
judging the evaluation state of the feedback information of each evaluation object;
and if the evaluation state of a evaluation object is pass, adding the feedback information of the evaluation object to the evaluation summary list. FIG. 3 is a schematic diagram of an interactive interface for reviewing a summarized list according to one embodiment of the invention,
if the evaluation state of a evaluation object is passed, deleting the evaluation object from the to-be-evaluated list.
And if the evaluation state of the evaluation object of the feedback information is not passed, adding the evaluation object to the list to be evaluated. It should be noted that the review state here does not pass the existing security evaluation, which may be that the review object does not pass; the appraiser may also think that the evaluation object needs to be modified, at this time, after the evaluation, the evaluation object added to the to-be-evaluated list may have the content modified by the authorized appraiser; the review state does not pass or may be a change of the review rule, and at this time, the review object may be added to the to-be-reviewed list while the review rule corresponding to the review object in the to-be-reviewed list is updated.
In the method, it is found that some review objects have modified requirements even before triggering, and in an embodiment, the safety requirement review method may further include an updating step of the review objects and/or an updating step of the review rules corresponding to the review objects.
For the evaluation objects sent to the evaluator, before the evaluator gives feedback, in order to facilitate the system user to know the status of each evaluation object, the safety requirement review method of the present invention may further include displaying a review status list to the user, see fig. 4.
In the safety requirement evaluation method, each evaluation object adopts the established unified evaluation rule, the change of the evaluation rule can be safely disclosed, and the landing performance of evaluation execution is enhanced; meanwhile, the system is in butt joint, and online flow safety evaluation is realized, so that the safety evaluation can be recorded and traced.
The embodiment of the present invention further provides a security requirement review system, which is applied to an established service system in a bypass manner, and is used for implementing the above security requirement review method, including:
the system comprises a to-be-evaluated list receiving module M100, a safety requirement evaluating module M and a safety requirement evaluating module M, wherein the to-be-evaluated list receiving module M100 is used for receiving a to-be-evaluated list, and the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to safety requirement evaluation;
the review sending module M200 is used for sending each review object to the corresponding evaluator;
the feedback information receiving module M300 is configured to receive feedback information of an evaluator on each review object, where the feedback information includes a review state and a security level of each review object;
and the review summary list module M400 is used for establishing a review summary list according to each piece of feedback information.
Further, in this embodiment, the to-be-evaluated list further includes evaluation rules corresponding to the evaluation objects. The review sending module M200 is configured to send each review object to the corresponding evaluator, and send the review rule corresponding to each review object to the corresponding evaluator.
Further, the review sending module M200 is further configured to perform type tagging on each review object in the to-be-reviewed list, match the corresponding evaluator according to the type tagged by each review object, and send each review object to the corresponding evaluator according to the matching by the review sending module M200.
The safety requirement evaluation system of the embodiment of the invention also comprises a judgment module, wherein the judgment module is used for judging the evaluation state of the feedback information of each evaluation object; the review summary list module M400 establishes a review summary list according to the judgment of the judgment module. Specifically, before the step of establishing the review summary list by the review summary list module M400 according to each piece of feedback information, the following steps are adopted:
the judging module judges the evaluation state of the feedback information of each evaluation object;
if the review status of a review object is pass, the review summary list module M400 adds the feedback information of the review object to the review summary list.
If the review state of a review object is pass, the to-be-reviewed list receiving module M100 is further configured to delete the review object from the to-be-reviewed list.
If the review state of the review object of the feedback information is not passed, the to-be-reviewed list receiving module M100 adds the review object to the to-be-reviewed list.
Further, in this embodiment, the to-be-evaluated list receiving module M100 is further configured to update the evaluation object and/or update the evaluation rule corresponding to the evaluation object.
The safety requirement review system of the embodiment of the invention also comprises an interactive interface module, wherein the interactive interface module is used for displaying the list to be reviewed, the review state list and/or the review summary list.
The safety requirement evaluation system automatically triggers the safety requirement evaluation in the existing project management system in a bypass mode under the condition of not changing the original project process, and classifies and grades the safety requirement evaluation according to the type of the project, thereby realizing online streamlined safety evaluation.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: at least one processing unit 610, at least one memory unit 620, a bus 630 connecting the different platform components (including the memory unit 620 and the processing unit 610), a display unit 640, etc.
Wherein the storage unit stores program code executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of the present specification. For example, processing unit 610 may perform the steps as shown in fig. 1.
The storage unit 620 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)6201 and/or a cache memory unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 may be one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. The network adapter 660 may communicate with other modules of the electronic device 600 via the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage platforms, to name a few.
The embodiment of the invention also provides a computer readable storage medium for storing a program, wherein the program is executed to realize the steps of the sorting safety requirement evaluation method. In some possible embodiments, the aspects of the present invention may also be implemented in the form of a program product comprising program code for causing a terminal device to perform the steps according to various exemplary embodiments of the present invention described in the above-mentioned electronic prescription flow processing method section of this specification, when the program product is run on the terminal device.
Referring to fig. 7, a program product 800 for implementing the above method according to an embodiment of the present invention is described, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
In summary, the present invention provides a method, a system, a device and a storage medium for evaluating security requirements, wherein the method comprises the following steps: receiving a to-be-evaluated list, wherein the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to security requirement evaluation; sending each evaluation object to a corresponding evaluator terminal; receiving feedback information of the evaluator terminal to each review object, wherein the feedback information comprises the review state and the safety level of each review object; and establishing a review summary list according to the feedback information. The safety requirement evaluation method realizes the full coverage and online process of the core business of the safety requirement evaluation by automatically triggering the safety requirement evaluation and tracking the full process of the safety requirement evaluation, so that the safety evaluation can be recorded and traced, the evaluation efficiency is improved, and the waste of human resources is reduced.
The foregoing is a more detailed description of the invention in connection with specific preferred embodiments and it is not intended that the invention be limited to these specific details. It will be evident to those skilled in the art that the present application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned. Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the apparatus claims may also be implemented by one unit or means in software or hardware. The terms first, second, etc. are used to denote names, but not any particular order.

Claims (12)

1. A safety requirement review method is characterized by comprising the following steps:
receiving a to-be-evaluated list, wherein the to-be-evaluated list comprises a plurality of evaluation objects needing to be subjected to security requirement evaluation;
sending each evaluation object to a corresponding evaluator terminal;
receiving feedback information of the evaluator terminal to each review object, wherein the feedback information comprises the review state and the safety level of each review object;
and establishing a review summary list according to the feedback information.
2. The security requirement review method of claim 1, wherein the to-be-reviewed list further comprises review rules corresponding to each of the review objects.
3. The safety requirement review method according to claim 2, wherein the review rule corresponding to each review object is sent to the corresponding evaluator while each review object is sent to the corresponding evaluator.
4. The security requirement review method of claim 1, wherein before the step of sending each of the review objects to the corresponding evaluator, the method further comprises:
and performing type marking on each evaluation object in the to-be-evaluated list, and matching the corresponding evaluator according to the type marked by each evaluation object.
5. The security requirement review method of claim 2, wherein before establishing a review summary list according to each feedback information, the method further comprises the following steps:
judging the evaluation state of the feedback information of each evaluation object;
and if the evaluation state of a evaluation object is pass, adding the feedback information of the evaluation object to the evaluation summary list.
6. The security requirement review method of claim 5, further comprising deleting a review object from the to-be-reviewed list if the review status of the review object is pass.
7. The security requirement review method of claim 5, further comprising the steps of:
and if the evaluation state of the evaluation object of the feedback information is not passed, adding the evaluation object to the list to be evaluated.
8. The safety requirement review method according to claim 6, further comprising an updating step of the review object and/or an updating step of the review rule corresponding to the review object.
9. A security requirement review system that is applied in a bypass manner to an established business system, comprising:
the system comprises a to-be-evaluated list receiving module, a to-be-evaluated list receiving module and a safety requirement evaluating module, wherein the to-be-evaluated list receiving module is used for receiving a to-be-evaluated list which comprises a plurality of evaluation objects needing to be subjected to safety requirement evaluation;
the review sending module is used for sending each review object to the corresponding evaluator;
the feedback information receiving module is used for receiving feedback information of an evaluator on each review object, and the feedback information comprises the review state and the safety level of each review object;
and the review summary list module is used for establishing a review summary list according to the feedback information.
10. The safety requirement review system of claim 9, further comprising a determination module, wherein the determination module is configured to determine a review status of the feedback information of each review object, and the review summary list module establishes a review summary list according to the determination of the determination module.
11. A security requirement review device, comprising:
a processor;
a memory having stored therein executable instructions of the processor;
wherein the processor is configured to perform the steps of the security requirements review method of any of claims 1 to 8 via execution of the executable instructions.
12. A computer-readable storage medium storing a program which, when executed, performs the steps of the security requirement review method of any of claims 1 to 8.
CN202010092113.4A 2020-02-14 2020-02-14 Security requirement evaluation method, system, equipment and storage medium Withdrawn CN111275407A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010092113.4A CN111275407A (en) 2020-02-14 2020-02-14 Security requirement evaluation method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010092113.4A CN111275407A (en) 2020-02-14 2020-02-14 Security requirement evaluation method, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN111275407A true CN111275407A (en) 2020-06-12

Family

ID=71002549

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010092113.4A Withdrawn CN111275407A (en) 2020-02-14 2020-02-14 Security requirement evaluation method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111275407A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112132545A (en) * 2020-09-25 2020-12-25 北京乐学帮网络技术有限公司 Evaluation system, information pushing method and device and electronic equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112132545A (en) * 2020-09-25 2020-12-25 北京乐学帮网络技术有限公司 Evaluation system, information pushing method and device and electronic equipment

Similar Documents

Publication Publication Date Title
US8375370B2 (en) Application/service event root cause traceability causal and impact analyzer
CN109460664B (en) Risk analysis method and device, electronic equipment and computer readable medium
US8271949B2 (en) Self-healing factory processes in a software factory
US8782598B2 (en) Supporting a work packet request with a specifically tailored IDE
US8671007B2 (en) Work packet enabled active project management schedule
US8930883B2 (en) Life cycle of a work packet in a software factory
US8140367B2 (en) Open marketplace for distributed service arbitrage with integrated risk management
US8898619B2 (en) Software factory readiness review
US9189757B2 (en) Monitoring and maintaining balance of factory quality attributes within a software factory environment
US8359566B2 (en) Software factory
US8327318B2 (en) Software factory health monitoring
US8566777B2 (en) Work packet forecasting in a software factory
US8332807B2 (en) Waste determinants identification and elimination process model within a software factory operating environment
US20100023920A1 (en) Intelligent job artifact set analyzer, optimizer and re-constructor
CN110782129B (en) Business progress monitoring method, device and system and computer readable storage medium
US8660878B2 (en) Model-driven assignment of work to a software factory
US20140096105A1 (en) Determining competence levels of teams working within a software
CN111145009A (en) Method and device for evaluating risk after user loan and electronic equipment
CN110827157B (en) Data processing method and device, storage medium and electronic equipment
CN112182220A (en) Customer service early warning analysis method, system, equipment and medium based on deep learning
CN111782186A (en) Workflow management method, system, device and storage medium
CN111275407A (en) Security requirement evaluation method, system, equipment and storage medium
CN113902449A (en) Enterprise online transaction system risk early warning method and device and electronic equipment
US20210334096A1 (en) Detecting bias in artificial intelligence software by analysis of source code contributions
CN109472518B (en) Block chain-based sales behavior evaluation method and device, medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20200612