CN111460459A - Risk information processing method and device - Google Patents

Risk information processing method and device Download PDF

Info

Publication number
CN111460459A
CN111460459A CN202010249828.6A CN202010249828A CN111460459A CN 111460459 A CN111460459 A CN 111460459A CN 202010249828 A CN202010249828 A CN 202010249828A CN 111460459 A CN111460459 A CN 111460459A
Authority
CN
China
Prior art keywords
threat
evaluated
risk
assignment
faced
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010249828.6A
Other languages
Chinese (zh)
Inventor
雷雨
申远远
张�诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN202010249828.6A priority Critical patent/CN111460459A/en
Publication of CN111460459A publication Critical patent/CN111460459A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a method and a device for processing risk information, wherein the method comprises the steps of determining a plurality of threats faced by a system to be evaluated according to the characteristics of the system to be evaluated, and determining the magnitude of a risk influence range according to risk influence range parameters; according to each threat, determining the vulnerability corresponding to each threat; respectively assigning values to each threat, the vulnerability corresponding to each threat and the magnitude of the risk influence range; and calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range. According to the method and the device, the risk value of each threat is calculated according to the threats, the vulnerabilities corresponding to the threats and the influence ranges, so that the risk faced by the system to be evaluated can be accurately identified through the risk value of each threat, and the safety of the system to be evaluated is improved.

Description

Risk information processing method and device
Technical Field
The present application relates to the field of system security technologies, and in particular, to a method and an apparatus for processing risk information.
Background
With the development of the computer technology field, the security of the computer system is more and more emphasized. In practical applications, a computer system often faces many security problems, and if an attacker destroys the computer system by using a security vulnerability existing in the computer system, a security event is caused, resulting in loss.
In order to avoid the occurrence of the security event, security risk assessment needs to be performed on the computer system according to risk factors such as threats and vulnerabilities, so as to identify risks faced by the computer system, and further improve the security of the computer system.
Disclosure of Invention
Based on the defects of the prior art, the application provides a method and a device for processing risk information, so as to obtain a risk value of each threat faced by a system to be evaluated according to risk factors such as the threat, the vulnerability corresponding to the threat and the influence range, and identify the risk faced by a computer system.
The first aspect of the present application discloses a method for processing risk information, including:
determining a plurality of threats faced by a system to be evaluated according to the characteristics of the system to be evaluated, and determining the magnitude of a risk influence range of the system to be evaluated according to the risk influence range parameters of the system to be evaluated;
determining the vulnerability corresponding to each threat according to each threat faced by the system to be evaluated;
assigning values to each threat faced by the system to be evaluated, the vulnerability corresponding to each threat and the magnitude of the risk influence range respectively according to a preset assignment rule;
and calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
Optionally, in the method for processing risk information, the determining, according to characteristics of a system to be evaluated, a plurality of threats faced by the system to be evaluated includes:
determining the category of a system to be evaluated according to the characteristics of the system to be evaluated;
matching a plurality of threats corresponding to the category of the system to be evaluated from a threat list according to the category of the system to be evaluated to obtain a plurality of threats faced by the system to be evaluated; the threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat.
Optionally, in the method for processing risk information, the calculating a risk value of each threat of the system to be evaluated according to an assignment of each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range includes:
calculating to obtain a risk value of each vulnerability corresponding to each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of each vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range;
and aiming at each threat of the system to be evaluated, selecting a maximum value from all vulnerability risk values corresponding to the threat as a risk value of the threat.
Optionally, in the method for processing risk information, the calculating, according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat, and the assignment of the magnitude of the risk influence range, a risk value of each vulnerability corresponding to each threat of the system to be evaluated includes:
respectively aiming at each threat faced by the system to be evaluated, substituting the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range into a first formula to obtain the risk value of each vulnerability corresponding to each threat faced by the system to be evaluated;
wherein the first formula comprises: y isi,j=Li×Xi,j×H;Yi,jThe jth vulnerability corresponding to the ith threat faced by the system to be evaluatedLiAssigning a value to the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
Optionally, in the method for processing risk information, after calculating a risk value of each threat of the system to be evaluated according to an assignment of each threat that the system to be evaluated may face, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range, the method further includes:
and selecting the maximum value from the risk values of all threats of the system to be evaluated as the risk value of the system to be evaluated.
Optionally, in the method for processing risk information, the assigning, according to a preset assignment rule, each threat faced by the system to be evaluated, the vulnerability corresponding to each threat, and the magnitude of the risk influence range respectively includes:
assigning a value of 0 to a threat which does not exist in the actual application in the threats faced by the system to be evaluated, and assigning the threats except the threat which does not exist in the actual application as corresponding preset values;
assigning the vulnerability which does not exist in the actual application to be 0 in the vulnerabilities faced by the system to be evaluated, and assigning the vulnerabilities except the vulnerability which does not exist in the actual application to be corresponding preset values;
and assigning the magnitude of the risk influence range as a corresponding preset value.
The second aspect of the present application discloses a risk information processing apparatus, including:
the system comprises a first determining unit, a second determining unit and a judging unit, wherein the first determining unit is used for determining a plurality of threats faced by a system to be evaluated according to the characteristics of the system to be evaluated and determining the magnitude of a risk influence range of the system to be evaluated according to the risk influence range parameters of the system to be evaluated;
the second determining unit is used for determining the vulnerability corresponding to each threat according to each threat faced by the system to be evaluated;
the evaluation unit is used for evaluating each threat faced by the system to be evaluated, the vulnerability corresponding to each threat and the magnitude of the risk influence range respectively according to a preset evaluation rule;
and the calculation unit is used for calculating a risk value of each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
Optionally, in the processing apparatus of risk information, the first determining unit includes:
the first determining subunit is used for determining the category of the system to be evaluated according to the characteristics of the system to be evaluated;
the matching subunit is used for matching a plurality of threats corresponding to the category of the system to be evaluated from a threat list according to the category of the system to be evaluated to obtain a plurality of threats faced by the system to be evaluated; the threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat.
Optionally, in the processing apparatus of risk information, the calculating unit includes:
the first calculation subunit is configured to calculate, according to an assignment of each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range, a risk value of each vulnerability corresponding to each threat of the system to be evaluated;
and the selecting subunit is used for selecting a maximum value from all vulnerability risk values corresponding to the threats as the risk value of the threats aiming at each threat of the system to be evaluated.
Optionally, in the processing apparatus of risk information, the first calculating subunit includes:
the second calculation subunit is configured to substitute, for each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range into a first formula, so as to obtain a risk value of each vulnerability corresponding to each threat faced by the system to be evaluated;
wherein the first formula comprises: y isi,j=Li×Xi,j×H;Yi,jThe risk value of the jth vulnerability corresponding to the ith threat faced by the system to be evaluated LiAssigning a value to the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
Optionally, in the processing apparatus of risk information, the method further includes:
and the selecting unit is used for selecting a maximum value from the risk values of all threats of the system to be evaluated as the risk value of the system to be evaluated.
Optionally, in the processing apparatus for risk information, the assignment unit includes:
the first assignment subunit is configured to assign a threat belonging to a threat that does not exist in actual application, among threats faced by the system to be evaluated, to 0, and assign threats other than the threat that does not exist in the actual application, to a corresponding preset value;
the second assignment subunit is used for assigning the vulnerability belonging to the non-existent vulnerability in the actual application to 0 in the vulnerabilities faced by the system to be evaluated, and assigning the vulnerabilities except the non-existent vulnerability in the actual application to corresponding preset values;
and the third assignment subunit is used for assigning the magnitude of the risk influence range to a corresponding preset value.
It can be seen from the foregoing technical solutions that, in the method for processing risk information provided in the embodiments of the present application, a plurality of threats that may be faced by a system to be evaluated are determined according to characteristics of the system to be evaluated, a magnitude of a risk influence range of the system to be evaluated is determined according to a risk influence range parameter of the system to be evaluated, a vulnerability corresponding to each threat is determined according to each threat that may be faced by the system to be evaluated, and then, according to a preset assignment rule, an assignment is performed on each threat that may be faced by the system to be evaluated, a vulnerability corresponding to each threat, and a magnitude of a risk influence range. And finally, calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range, which may be faced by the system to be evaluated. The risk value of each threat of the system to be evaluated, which is obtained by calculation in the embodiment of the application, is obtained by calculation according to risk factors such as the threat, the vulnerability corresponding to the threat and the influence range, so that the risk of the system to be evaluated can be accurately identified through the risk value of each threat of the system to be evaluated, and the safety of the system to be evaluated is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for processing risk information disclosed in an embodiment of the present application;
fig. 2 is a schematic flowchart of a method for determining a threat faced by a system to be evaluated according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating a method for assigning threat, vulnerability, and risk impact magnitudes disclosed in an embodiment of the present application;
FIG. 4 is a schematic flow chart illustrating a method for calculating a risk value of a threat according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a risk information processing apparatus according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the embodiment of the present application discloses a method for processing risk information, which specifically includes the following steps:
s101, determining a plurality of threats faced by the system to be evaluated according to the characteristics of the system to be evaluated, and determining the magnitude of the risk influence range of the system to be evaluated according to the risk influence range parameters of the system to be evaluated.
Wherein a threat refers to a potential source that may have negative consequences for an asset or organization. The risk influence range refers to an influence surface which can be involved in the system, is damaged or is spread when a safety event occurs, and the larger the risk influence range of the system is, the higher the risk of the system is. Risk refers to the actual security issues faced by the system. Both the threat and the scope of influence are among the risk factors.
The characteristics of the system to be evaluated can be application-side characteristics of the system to be evaluated (such as mobile phone-side characteristics, card swiping machine terminal characteristics, and computer-side characteristics), business-side characteristics of the system to be evaluated (such as finance types, e-commerce types, and news media types), characteristics of technologies used by the system to be evaluated (such as artificial intelligence technologies and virtual reality technologies), characteristics of application network types of the system to be evaluated (such as cloud networks and local area networks), and the like. Since the different systems under evaluation have different characteristics, the threats faced are different. For each feature of the system under evaluation, a plurality of threats corresponding to the feature can be determined. For example, if the business property of a certain system to be evaluated is characterized by being financial, the system to be evaluated faces the threat faced by the financial system. Financial systems are generally faced with transaction verification threats, dynamic account amount tampering threats, data clearing threats and the like.
It should be noted that the threat faced by the system to be evaluated, which is determined according to the characteristics of the system to be evaluated, is a threat that the system to be evaluated may face, but is not a threat that the system to be evaluated actually faces. For example, an application side of a certain system to be evaluated is characterized by a mobile phone client side class, and threats which may be faced by the mobile phone client side class include operation threats and malicious behavior threats. The malicious behavior threat mainly judges whether the client software has malicious behaviors such as system authorization, user operation monitoring, user privacy stealing and the like. As to whether such malicious behavior exists in the system under evaluation, subsequent further identification is required.
The risk influence range parameter refers to a parameter capable of determining an influence surface caused by a security event of the system to be evaluated, and specifically may be the number of users, the group of users, and the like of the system to be evaluated. If the number of the users of the system to be evaluated is more, the influence surface of the system to be evaluated when a safety event occurs is larger, and the risk is larger. If the group of the system to be evaluated is mainly the staff of the privacy organization, the influence surface of the system to be evaluated when a security accident occurs is also large. Wherein, the range parameter of the influence factor can be set according to different systems to be evaluated. For example, the number of people used may be used as the risk influence range parameter for the system to be evaluated for the general users, and the group may be used as the risk influence range parameter for the system to be evaluated for the special functional organization. Of course, a plurality of risk influence range parameters may be set, and the magnitude of the risk influence range may be determined by combining the plurality of influence range parameters.
The magnitude of the risk impact range is used to illustrate the extent of the risk impact range caused when a security event occurs in the system under evaluation. For example, if the risk influence range parameter is the number of users, the magnitude of the risk influence range of the system under evaluation with the number of users being less than 10 ten thousand may be set to low, the magnitude of the risk influence range of the system under evaluation with the number of users being 10 ten thousand to 50 ten thousand may be set to medium, and the magnitude of the risk influence range of the system under evaluation with the number of users being 50 ten thousand or more may be set to high. That is, the higher the magnitude of the risk influence range, the larger the risk influence range of the system to be evaluated is.
It should be noted that, the execution sequence for determining the magnitude of the risk influence range of the system to be evaluated according to the multiple threats faced by the system to be evaluated and the risk influence range parameters of the system to be evaluated do not affect the implementation of the embodiment of the present application, and the determination of the threats and the determination of the magnitude of the influence range may also be executed simultaneously.
Specifically, when step S101 is executed, information of the system to be evaluated is first obtained, where the information of the system to be evaluated at least includes characteristic information of the system to be evaluated and a risk influence range parameter of the system to be evaluated. And then, determining a plurality of threats faced by the system to be evaluated according to the preset corresponding relation between the characteristics of the system to be evaluated and the threats, and determining the magnitude of the risk influence range of the system to be evaluated according to the preset corresponding relation between the risk influence range parameters of the system to be evaluated and the magnitude of the risk influence range.
Optionally, referring to fig. 2, in an embodiment of the present application, an implementation manner of determining multiple threats faced by a system to be evaluated according to characteristics of the system to be evaluated includes:
s201, determining the category of the system to be evaluated according to the characteristics of the system to be evaluated.
Specifically, the feature information of the system to be evaluated is obtained, wherein the number of the obtained feature information may be one or more. And aiming at each kind of characteristic information, identifying the characteristic information, and determining the category of the system to be evaluated under each kind of characteristic. For example, the service property feature of the system to be evaluated is obtained, the service property feature of the system to be evaluated is identified, and if the service property feature of the system to be evaluated belongs to the financial property, the category to which the system to be evaluated belongs is determined to be the financial category. For another example, the characteristics of the application network type of the system to be evaluated are obtained, the characteristics of the application network type of the system to be evaluated are identified, and the class of the system to be evaluated under the characteristics of the application network type is determined to be the cloud network.
S202, according to the category of the system to be evaluated, matching a plurality of threats corresponding to the category of the system to be evaluated from the threat list to obtain a plurality of threats faced by the system to be evaluated.
The threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat. And matching a plurality of threats corresponding to the category of the system to be evaluated from the threat list aiming at the category of each characteristic of the system to be evaluated.
For example, referring to table one, if it is determined in step S201 that the application characteristic of a certain system to be evaluated is a mobile phone client class and the business property characteristic is a financial class, the threat category faced by the system to be evaluated also includes a basic class (i.e., the basic threat that all systems may face), a client class and a financial class. The basic classes of threats include Internet Protocol (Internet Protocol) attack threats, hacker intrusion threats, virus threats, Web page (Web) attack threats, and the like. The threats of the client class include operation threats, malicious behaviors and the like. The financial threats comprise user traversal threats, transaction serious threats, dynamic account amount tampering threats and the like.
Table one:
Figure BDA0002435090200000081
Figure BDA0002435090200000091
Figure BDA0002435090200000101
it should be noted that the threat list can be edited and adjusted at any time. For example, when a new technology appears, the threat that will be caused after the new technology is introduced can be added into the threat list, so as to improve the accuracy of risk identification of the system to be evaluated.
S102, according to each threat faced by the system to be evaluated, the vulnerability corresponding to each threat is determined.
Vulnerability refers to a vulnerability that a system may exploit by a threat. Due to the fact that the vulnerability and the threats are correlated, when the vulnerability of the system to be evaluated is identified, the vulnerability corresponding to each threat can be identified and determined, and then the current vulnerability of the system to be evaluated is obtained.
Specifically, the association between each threat and the vulnerability may be stored in the database, and after the multiple threats faced by the system to be evaluated are determined in step S102, the vulnerability corresponding to each threat is searched from the database. There may be one vulnerability or a plurality of vulnerabilities corresponding to each threat.
Compared with a mode of determining the vulnerability of the system to be evaluated directly according to the information of the system to be evaluated, the mode of determining the vulnerability according to the relevance between the threat and the vulnerability can be faster and more accurate.
For example, referring to table one, there are approximately 4 vulnerabilities corresponding to the operation threats, which are to check whether the update function of the application version of the client software is normal; an evaluator analyzes the audit tool in a test and verification mode, and analyzes whether the mobile application is not informed to a user during installation, operation and updating, and other applications are automatically installed; uninstalling the installed client software and checking whether the program file has residue; and checking whether a plug-in function exists in the client, if so, performing normative check on the plug-in provided in the running client, wherein the plug-in allows a user to autonomously select whether to uninstall, and no residue exists after uninstallation. The 4 vulnerabilities corresponding to operational threats described above are possible vulnerabilities that exist during the operation of the system under evaluation.
And S103, assigning the magnitude of each threat, the vulnerability corresponding to each threat and the risk influence range of the system to be evaluated according to a preset assignment rule.
The assignment for each threat is mainly used for explaining the risk degree brought by the threat, the assignment for each vulnerability is used for explaining the risk degree brought by the vulnerability, and the assignment for the magnitude of the risk influence range is also used for explaining the risk degree brought by the risk influence range. The preset assignment rules specify a rule for assigning each threat, a rule for assigning the vulnerability corresponding to each threat, and a rule for assigning the magnitude of the risk influence range of the system to be evaluated. And the rule for assigning each threat is mainly set according to the risk degree brought by the threat to-be-evaluated system. If a threat is more harmful to the system being evaluated, the higher the threat's value will be. And setting the assignment rule of the vulnerability corresponding to each threat according to the risk degree brought by the vulnerability. And the assignment rule of the magnitude of the risk influence range is as follows: the higher the magnitude of the risk impact horizon (i.e., the larger the risk impact horizon), the greater the value assigned to the magnitude of the risk impact horizon.
Optionally, referring to fig. 3, in an embodiment of the present application, an implementation manner of executing step S103 includes:
s301, assigning 0 to the threats which do not exist in the actual application in the threats faced by the system to be evaluated, and assigning the threats except the threats which do not exist in the actual application to corresponding preset values.
For each threat of the system to be evaluated determined in step S101, the system to be evaluated is identified, whether the threat exists in the actual application of the system to be evaluated is determined, if the threat exists in the actual application, the threat is assigned as a corresponding preset value, and if the threat does not exist in the actual application, the threat is assigned as 0, that is, the threat is considered not to bring a risk to the system to be evaluated. For example, if a trojan threat is identified in the system to be evaluated, a value of 0 may be assigned to the trojan threat faced by the system to be evaluated.
It should be noted that the preset value corresponding to each threat is set according to the risk degree brought by the threat to the system to be evaluated, and the larger the risk degree that the threat may cause to the system to be evaluated is, the larger the set value is, that is, the greater the risk is.
S302, assigning the vulnerability which does not exist in the practical application to be 0 in the vulnerabilities faced by the system to be evaluated, and assigning the vulnerabilities except the vulnerability which does not exist in the practical application to be corresponding preset values.
For each vulnerability of the system to be evaluated determined in step S102, the system to be evaluated is identified, whether the vulnerability exists in the actual application of the system to be evaluated is determined, if the vulnerability exists in the actual application, the vulnerability is assigned as a corresponding preset value, and if the vulnerability does not exist in the actual application of the system to be evaluated, the vulnerability is assigned as 0, that is, the vulnerability is considered not to bring a risk to the system to be evaluated.
For example, referring to table one, a certain system to be evaluated faces a threat of a client class, and the threat of the client class includes an operation threat and a malicious behavior threat. The vulnerability corresponding to the operation threat checks whether the updating function of the application version of the client software is normal; an evaluator analyzes the audit tool in a test and verification mode, and analyzes whether the mobile application is not informed to a user during installation, operation and updating, and other applications are automatically installed; uninstalling the installed client software and checking whether the program file has residue; and checking whether a plug-in function exists in the client, if so, performing normative check on the plug-in provided in the running client, wherein the plug-in allows a user to autonomously select whether to uninstall, and no residue exists after uninstallation. If the system to be evaluated does not have the plug-in function in the actual application, the vulnerability is assigned as 0, wherein the vulnerability is 'checking whether the plug-in function exists in the client side, if so, the plug-in provided in the running client side is subjected to normative check, and the plug-in allows a user to independently select whether to uninstall and has no residue after uninstallation'.
It should be noted that the preset value corresponding to each vulnerability is set according to the risk degree brought by the vulnerability to the system to be evaluated, and the larger the damage degree of the vulnerability to the system to be evaluated is, the larger the set value is, that is, the greater the risk is.
And S303, assigning the magnitude of the risk influence range to a corresponding preset value.
The higher the magnitude of the risk influence range is, the higher the risk degree brought to the system to be evaluated is from the influence surface of the risk, and the higher the corresponding preset value is.
It should be noted that the order of executing steps S301, S302, and S303 does not affect the implementation of the embodiment of the present application, and steps S301, S302, and S303 may also be executed simultaneously.
And S104, calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
Aiming at each threat, in the embodiment of the application, a risk value of each threat of the system to be evaluated is obtained by establishing a relation among three risk factors, namely the threat, the vulnerability corresponding to the threat and the risk influence range. For each threat, if the risk value of the threat is higher, the threat may cause more harm to the system to be evaluated. And then the system to be evaluated can eliminate the loophole according to the risk value of each threat, and the safety of the system to be evaluated is improved.
It should be noted that the risk value of each threat obtained in step S104 is used to describe the risk level of the threat, and is not used to describe the risk level of the entire system to be evaluated. In practical applications, for some users who only need to evaluate the risk degree of the partial threat of the system to be evaluated, the risk value of the threat required by the user, which is obtained in step S104, may be provided to the user, and the user may further improve the corresponding security for the threat according to the magnitude of the risk value. For example, if the risk value of the hacker intrusion threat of a certain system to be evaluated is high, the risk value of the hacker intrusion threat can be reduced by strengthening the vulnerability corresponding to the hacker intrusion threat, that is, by regularly upgrading and patching the operating system and the software, and in addition, the risk value of the threat can also be reduced by reducing the magnitude of the risk influence range.
In the prior art, when a system to be evaluated is subjected to security evaluation, the system to be evaluated is usually evaluated only by one risk factor, and when only one risk factor is considered, the obtained risk value cannot completely reflect the risk degree of the system to be evaluated. For example, when evaluating a system to be evaluated in consideration of only threat factors, a less accurate risk value may be obtained due to lack of analysis of vulnerability (vulnerability) where the threat is exploited and analysis of risk impact range. For example, when only threat factors are used for evaluating a system to be evaluated, the calculated risk value is low because the system faces fewer threats, but the number of people used by the system is very large, exceeding 1000 ten thousand, the influence surface is very large when a security event occurs, and the risk value calculated through the threats is obviously lower than the actual risk value of the system. For example, when the system to be evaluated is evaluated only by considering the threat factors, the system is identified to be faced with virus threat, and the risk value of the system is calculated. In practical application, the system to be evaluated can detect and investigate the malicious programs regularly, namely the vulnerability corresponding to the virus threat is low, so that the risk value calculated by the system is higher than the actual risk value of the system.
In the embodiment of the application, three factors of threat, vulnerability and risk influence range are considered at the same time, and the risk value of the threat with higher accuracy is obtained by establishing the relation among the threat, the vulnerability corresponding to the threat and the magnitude of the risk influence range, so that the requirement of identifying the risk of the system to be evaluated is better met, and the safety of the system to be evaluated is further improved.
For example, the assignment of the threat A is x, the threat A corresponds to a vulnerability B and a vulnerability C, the assignment of the vulnerability B is y, the assignment of the vulnerability C is z, and the assignment of the magnitude of the risk influence range of the system to be evaluated is h, so the risk value L of the threat A can be calculated according to x, y, z and h, and the risk value L of the threat A is obtained by establishing the relation among the magnitudes of the threat A, the vulnerability B, the vulnerability C and the risk influence range through the values of x, y, z and h.
Optionally, referring to fig. 4, in an embodiment of the present application, an implementation of step S104 is performed, including:
s401, calculating to obtain a risk value of each vulnerability corresponding to each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
Specifically, for each threat, a risk value of each vulnerability corresponding to the threat is obtained through assignment of the threat, assignment of each vulnerability corresponding to the threat, and assignment of the magnitude of the risk influence range. The risk value of the corresponding vulnerability of the threat is used for explaining the risk degree of the threat to the system to be evaluated under the vulnerability.
For example, if a system to be evaluated faces a user traversal threat in finance, the value of the threat is a, and all users sharing dynamic account transaction under the threat have three vulnerabilities of whether the users have unique client identifiers, whether the client numbers/identification codes are regular character strings which can be guessed, and whether an anti-traversal mechanism is provided. If the vulnerability of the traversal-prevention mechanism is assigned as b, then according to the assignment a, the assignment b and the assignment of the magnitude of the risk influence range of the system, the risk value of the user traversal threat under the vulnerability of the traversal-prevention mechanism can be obtained, and the risk value can indicate the risk of the user traversal threat to the system to be evaluated under the vulnerability of the traversal-prevention mechanism.
S402, aiming at each threat of the system to be evaluated, selecting the maximum value from all vulnerability risk values corresponding to the threat as the risk value of the threat.
The degree of harm each threat can bring to the system to be evaluated is limited, so the maximum value can be selected from all vulnerability risk values corresponding to the threats as the risk value of the threat. For example, threat a corresponds to vulnerability B and vulnerability C. Through the step S401, it is calculated that the risk value of the threat a under the vulnerability B is x, the risk value x indicates the risk degree that the threat a under the vulnerability B will bring to the system to be evaluated, and the risk value of the threat a under the vulnerability C is y, the risk value y indicates the risk degree that the threat a under the vulnerability C will bring to the system to be evaluated, and the risk degree that the threat a brings to the system to be evaluated will not exceed the maximum risk degree under the vulnerability B and the vulnerability C, so the risk value of the threat a is the larger value of x and y.
Specifically, referring to table two, the correspondence between each threat in the system to be evaluated, the vulnerability of each threat, and the assignment of the magnitude of the risk influence range may be represented by the evaluation matrix of the system to be evaluated shown in table two. The systems under evaluation in table two are co-planar with threat 1 and threat 2. In the same system to be evaluated, the magnitude assignment of the risk influence range corresponding to each vulnerability is the same. The risk value of threat 1 in table two is the maximum of the risk values of vulnerability 1, vulnerability 2, and vulnerability 3, and the risk value of threat 2 is the maximum of the risk value of vulnerability 4 and the risk value of vulnerability 5. And the risk value of the system to be evaluated is obtained according to the risk value of the threat 1 and the risk value of the threat 2.
Table two:
Figure BDA0002435090200000151
Figure BDA0002435090200000161
optionally, in a specific embodiment of the present application, an implementation manner of executing step S401 includes:
and substituting the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range into a first formula respectively aiming at each threat faced by the system to be evaluated to obtain the risk value of each vulnerability corresponding to each threat faced by the system to be evaluated.
Wherein the first formula comprises: y isi,j=Li×Xi,j×H。Yi,jThe risk value of the jth vulnerability corresponding to the ith threat faced by the system to be evaluated LiAssigning a value for the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
It should be noted that the calculation formula of the risk value of each vulnerability corresponding to each threat may be various, including but not limited to what is proposed in the embodiments of the present application.
Optionally, in a specific embodiment of the present application, after step S104, the method further includes:
and selecting the maximum value from the risk values of all threats of the system to be evaluated as the risk value of the system to be evaluated.
Since the overall risk degree of the system to be evaluated is limited and does not exceed the maximum risk degree caused by the threats faced by the system to be evaluated, the overall risk degree of the system to be evaluated can be represented by the maximum value among the risk values of all the threats of the system to be evaluated. For example, referring to table two, a system under evaluation has two threats, threat 1 and threat 2, co-planar. The risk value of the system to be evaluated is thus the maximum of the risk value of threat 1 and the risk value of threat 2.
Optionally, the risk value of the system to be evaluated may also be divided into risk levels, for example, a system with a risk value greater than or equal to a is determined as a high risk level, a system with a risk value less than a and greater than or equal to b is determined as a medium risk level, and a system with a risk value less than b is determined as a low risk level. The risk degree of the system to be evaluated is described through the risk magnitude, and different security strategies are adopted to improve the security of the system to be evaluated aiming at the systems to be evaluated with different risk magnitudes.
In the method for processing risk information provided in the embodiment of the application, a plurality of threats possibly faced by a system to be evaluated are determined according to characteristics of the system to be evaluated, the magnitude of the risk influence range of the system to be evaluated is determined according to risk influence range parameters of the system to be evaluated, the vulnerability corresponding to each threat is determined according to each threat possibly faced by the system to be evaluated, and then each threat possibly faced by the system to be evaluated, the vulnerability corresponding to each threat, and the magnitude of the risk influence range are assigned according to preset assignment rules. And finally, calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range, which may be faced by the system to be evaluated. The risk value of each threat of the system to be evaluated, which is obtained by calculation in the embodiment of the application, is obtained by calculation according to risk factors such as the threat, the vulnerability corresponding to the threat and the influence range, so that the risk of the system to be evaluated can be accurately identified through the risk value of each threat of the system to be evaluated, and the safety of the system to be evaluated is further improved.
Referring to fig. 5, based on the method for processing risk information provided in the embodiment of the present application, the embodiment of the present application further discloses a device for processing risk information, which includes: a first determination unit 501, a second determination unit 502, an assignment unit 503, and a calculation unit 504.
The first determining unit 501 is configured to determine, according to characteristics of the system to be evaluated, a plurality of threats faced by the system to be evaluated, and determine, according to a risk influence range parameter of the system to be evaluated, a magnitude of a risk influence range of the system to be evaluated.
Optionally, in a specific embodiment of the present application, the first determining unit includes: a first determining subunit and a matching subunit.
The first determining subunit is used for determining the category of the system to be evaluated according to the characteristics of the system to be evaluated.
And the matching subunit is used for matching a plurality of threats corresponding to the category of the system to be evaluated from the threat list according to the category of the system to be evaluated, so as to obtain a plurality of threats faced by the system to be evaluated. The threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat.
The second determining unit 502 is configured to determine, according to each threat faced by the system to be evaluated, a vulnerability corresponding to each threat.
The assigning unit 503 is configured to assign values to each threat faced by the system to be evaluated, the vulnerability corresponding to each threat, and the magnitude of the risk impact range according to a preset assigning rule.
The calculating unit 504 is configured to calculate a risk value of each threat of the system to be evaluated according to an assignment of each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of a risk influence range.
Optionally, in a specific embodiment of the present application, the calculating unit 504 includes: a first calculating subunit and a selecting subunit.
And the first calculating subunit is used for calculating to obtain a risk value of each vulnerability corresponding to each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat, and the assignment of the magnitude of the risk influence range.
Optionally, in a specific embodiment of the present application, the first calculating unit includes:
and the second calculating subunit is used for substituting the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range into the first formula respectively aiming at each threat faced by the system to be evaluated to obtain the risk value of each vulnerability corresponding to each threat faced by the system to be evaluated.
Wherein the first formula comprises: y isi,j=Li×Xi,j×H;Yi,jThe risk value of the jth vulnerability corresponding to the ith threat faced by the system to be evaluated LiAssigning a value for the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
And selecting a subunit, which is used for selecting a maximum value from all vulnerability risk values corresponding to the threats as a threat risk value aiming at each threat of the system to be evaluated.
Optionally, in a specific embodiment of the present application, the processing device of risk information further includes:
and the selecting unit is used for selecting the maximum value from the risk values of all threats of the system to be evaluated as the risk value of the system to be evaluated.
Optionally, in a specific embodiment of the present application, the assigning unit includes: a first assignment subunit, a second assignment subunit, and a third assignment subunit.
And the first assignment subunit is used for assigning the threats belonging to the system to be evaluated, which do not exist in the actual application, to 0, and assigning the threats except the threats which do not exist in the actual application to corresponding preset values.
And the second assignment subunit is used for assigning the vulnerability belonging to the non-existent vulnerability in the actual application in the vulnerabilities faced by the system to be evaluated as 0, and assigning the vulnerabilities except the non-existent vulnerability in the actual application as corresponding preset values.
And the third assignment subunit is used for assigning the magnitude of the risk influence range to a corresponding preset value.
The specific principle and the implementation process of the risk information processing apparatus disclosed in the embodiment of the present application are the same as those of the risk information processing method disclosed in the embodiment of the present application, and reference may be made to corresponding parts in the risk information processing method disclosed in the embodiment of the present application, which are not described herein again.
In the device for processing risk information provided in the embodiment of the present application, a first determining unit 501 determines, according to characteristics of a system to be evaluated, a plurality of threats that the system to be evaluated may face, and determines, according to risk influence range parameters of the system to be evaluated, magnitude levels of risk influence ranges of the system to be evaluated, then a second determining unit 502 determines, according to each threat that the system to be evaluated may face, vulnerability corresponding to each threat, and an assigning unit 503 assigns, according to a preset assignment rule, values to each threat that the system to be evaluated may face, vulnerability corresponding to each threat, and magnitude levels of risk influence ranges. Finally, the calculating unit 504 calculates a risk value of each threat of the system to be evaluated according to an assignment of each threat that the system to be evaluated may face, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of a risk influence range. In the embodiment of the present application, the risk value of each threat of the system to be evaluated, which is calculated by the calculating unit 504, is calculated according to the risk factors, such as the threat, the vulnerability corresponding to the threat, and the influence range, so that the risk faced by the system to be evaluated can be accurately identified through the risk value of each threat of the system to be evaluated, and the security of the system to be evaluated is further improved.
Those skilled in the art can make or use the invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A method for processing risk information is characterized by comprising the following steps:
determining a plurality of threats faced by a system to be evaluated according to the characteristics of the system to be evaluated, and determining the magnitude of a risk influence range of the system to be evaluated according to the risk influence range parameters of the system to be evaluated;
determining the vulnerability corresponding to each threat according to each threat faced by the system to be evaluated;
assigning values to each threat faced by the system to be evaluated, the vulnerability corresponding to each threat and the magnitude of the risk influence range respectively according to a preset assignment rule;
and calculating to obtain a risk value of each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
2. The method according to claim 1, wherein the determining a plurality of threats faced by the system under evaluation according to characteristics of the system under evaluation comprises:
determining the category of a system to be evaluated according to the characteristics of the system to be evaluated;
matching a plurality of threats corresponding to the category of the system to be evaluated from a threat list according to the category of the system to be evaluated to obtain a plurality of threats faced by the system to be evaluated; the threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat.
3. The method according to claim 1, wherein the calculating a risk value of each threat of the system under evaluation according to the assignment of each threat faced by the system under evaluation, the assignment of the vulnerability corresponding to each threat, and the assignment of the magnitude of the risk impact range includes:
calculating to obtain a risk value of each vulnerability corresponding to each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of each vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range;
and aiming at each threat of the system to be evaluated, selecting a maximum value from all vulnerability risk values corresponding to the threat as a risk value of the threat.
4. The method according to claim 3, wherein the calculating a risk value of each vulnerability corresponding to each threat of the system to be evaluated according to an assignment of each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk impact range includes:
respectively aiming at each threat faced by the system to be evaluated, substituting the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range into a first formula to obtain the risk value of each vulnerability corresponding to each threat faced by the system to be evaluated;
wherein the first formula comprises: y isi,j=Li×Xi,j×H;Yi,jThe risk value of the jth vulnerability corresponding to the ith threat faced by the system to be evaluated LiAssigning a value to the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
5. The method according to any one of claims 1 to 4, wherein after calculating a risk value of each threat of the system under evaluation according to an assignment of each threat that the system under evaluation may face, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk impact range, the method further comprises:
and selecting the maximum value from the risk values of all threats of the system to be evaluated as the risk value of the system to be evaluated.
6. The method according to any one of claims 1 to 4, wherein the assigning, according to a preset assignment rule, each threat faced by the system to be evaluated, the vulnerability corresponding to each threat, and the magnitude of the risk impact range respectively comprises:
assigning a value of 0 to a threat which does not exist in the actual application in the threats faced by the system to be evaluated, and assigning the threats except the threat which does not exist in the actual application as corresponding preset values;
assigning the vulnerability which does not exist in the actual application to be 0 in the vulnerabilities faced by the system to be evaluated, and assigning the vulnerabilities except the vulnerability which does not exist in the actual application to be corresponding preset values;
and assigning the magnitude of the risk influence range as a corresponding preset value.
7. An apparatus for processing risk information, comprising:
the system comprises a first determining unit, a second determining unit and a judging unit, wherein the first determining unit is used for determining a plurality of threats faced by a system to be evaluated according to the characteristics of the system to be evaluated and determining the magnitude of a risk influence range of the system to be evaluated according to the risk influence range parameters of the system to be evaluated;
the second determining unit is used for determining the vulnerability corresponding to each threat according to each threat faced by the system to be evaluated;
the evaluation unit is used for evaluating each threat faced by the system to be evaluated, the vulnerability corresponding to each threat and the magnitude of the risk influence range respectively according to a preset evaluation rule;
and the calculation unit is used for calculating a risk value of each threat of the system to be evaluated according to the assignment of each threat faced by the system to be evaluated, the assignment of the vulnerability corresponding to each threat and the assignment of the magnitude of the risk influence range.
8. The apparatus of claim 7, wherein the first determining unit comprises:
the first determining subunit is used for determining the category of the system to be evaluated according to the characteristics of the system to be evaluated;
the matching subunit is used for matching a plurality of threats corresponding to the category of the system to be evaluated from a threat list according to the category of the system to be evaluated to obtain a plurality of threats faced by the system to be evaluated; the threat list is used for explaining the corresponding relation between the category of the system to be evaluated and the threat.
9. The apparatus of claim 7, wherein the computing unit comprises:
the first calculation subunit is configured to calculate, according to an assignment of each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range, a risk value of each vulnerability corresponding to each threat of the system to be evaluated;
and the selecting subunit is used for selecting a maximum value from all vulnerability risk values corresponding to the threats as the risk value of the threats aiming at each threat of the system to be evaluated.
10. The apparatus of claim 9, wherein the first computing subunit comprises:
the second calculation subunit is configured to substitute, for each threat faced by the system to be evaluated, an assignment of a vulnerability corresponding to each threat, and an assignment of a magnitude of the risk influence range into a first formula, so as to obtain a risk value of each vulnerability corresponding to each threat faced by the system to be evaluated;
wherein the first formula comprises: y isi,j=Li×Xi,j×H;Yi,jThe risk value of the jth vulnerability corresponding to the ith threat faced by the system to be evaluated LiAssigning a value to the ith threat faced by the system to be evaluated; xi,jAssigning a j-th vulnerability corresponding to the ith threat faced by the system to be evaluated; and H is the assignment of the magnitude of the risk influence range of the system to be evaluated.
CN202010249828.6A 2020-04-01 2020-04-01 Risk information processing method and device Pending CN111460459A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010249828.6A CN111460459A (en) 2020-04-01 2020-04-01 Risk information processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010249828.6A CN111460459A (en) 2020-04-01 2020-04-01 Risk information processing method and device

Publications (1)

Publication Number Publication Date
CN111460459A true CN111460459A (en) 2020-07-28

Family

ID=71681287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010249828.6A Pending CN111460459A (en) 2020-04-01 2020-04-01 Risk information processing method and device

Country Status (1)

Country Link
CN (1) CN111460459A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966918A (en) * 2021-03-01 2021-06-15 北京明略软件系统有限公司 Method, device and equipment for determining risk influence range
CN117172791A (en) * 2023-11-02 2023-12-05 中保车服科技服务股份有限公司 Risk assessment method, system, storage medium and equipment for transaction system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120123822A1 (en) * 2010-11-17 2012-05-17 Projectioneering, LLC Computerized complex system event assessment, projection and control
US20120180133A1 (en) * 2011-01-10 2012-07-12 Saudi Arabian Oil Company Systems, Program Product and Methods For Performing a Risk Assessment Workflow Process For Plant Networks and Systems
CN106656996A (en) * 2016-11-09 2017-05-10 航天科工智慧产业发展有限公司 Information safety risk assessment method
CN106713333A (en) * 2016-12-30 2017-05-24 北京神州绿盟信息安全科技股份有限公司 Information system risk assessment method and apparatus
CN106790198A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of method for evaluating information system risk and system
CN107819771A (en) * 2017-11-16 2018-03-20 国网湖南省电力有限公司 A kind of Information Security Risk Assessment Methods and system based on assets dependence
CN110110528A (en) * 2019-05-15 2019-08-09 广东电网有限责任公司 Safety risk estimating method, device and the equipment of information system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120123822A1 (en) * 2010-11-17 2012-05-17 Projectioneering, LLC Computerized complex system event assessment, projection and control
US20120180133A1 (en) * 2011-01-10 2012-07-12 Saudi Arabian Oil Company Systems, Program Product and Methods For Performing a Risk Assessment Workflow Process For Plant Networks and Systems
CN106656996A (en) * 2016-11-09 2017-05-10 航天科工智慧产业发展有限公司 Information safety risk assessment method
CN106713333A (en) * 2016-12-30 2017-05-24 北京神州绿盟信息安全科技股份有限公司 Information system risk assessment method and apparatus
CN106790198A (en) * 2016-12-30 2017-05-31 北京神州绿盟信息安全科技股份有限公司 A kind of method for evaluating information system risk and system
CN107819771A (en) * 2017-11-16 2018-03-20 国网湖南省电力有限公司 A kind of Information Security Risk Assessment Methods and system based on assets dependence
CN110110528A (en) * 2019-05-15 2019-08-09 广东电网有限责任公司 Safety risk estimating method, device and the equipment of information system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112966918A (en) * 2021-03-01 2021-06-15 北京明略软件系统有限公司 Method, device and equipment for determining risk influence range
CN117172791A (en) * 2023-11-02 2023-12-05 中保车服科技服务股份有限公司 Risk assessment method, system, storage medium and equipment for transaction system

Similar Documents

Publication Publication Date Title
US6895383B2 (en) Overall risk in a system
Nayak et al. Some vulnerabilities are different than others: Studying vulnerabilities and attack surfaces in the wild
US9021595B2 (en) Asset risk analysis
CN102710598B (en) System and method for reducing security risk in computer network
US8549649B2 (en) Systems and methods for sensitive data remediation
CN104067283A (en) Identifying trojanized applications for mobile environments
US11019494B2 (en) System and method for determining dangerousness of devices for a banking service
JP2007172221A (en) Quarantine system, quarantine device, quarantine method, and computer program
US8402537B2 (en) Detection accuracy tuning for security
EP3172692A1 (en) Remedial action for release of threat data
CN111460459A (en) Risk information processing method and device
WO2021247913A1 (en) Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement
JP2002189643A (en) Method and device for scanning communication traffic
JP2008250728A (en) Information leakage monitoring system and information leakage monitoring method
JP6800744B2 (en) Whitelisting device
CN115640581A (en) Data security risk assessment method, device, medium and electronic equipment
JP2018147444A (en) Computer system for executing analysis program and method for monitoring execution of analysis program
Rencelj Ling et al. Estimating time-to-compromise for industrial control system attack techniques through vulnerability data
EP3441930A1 (en) System and method of identifying potentially dangerous devices during the interaction of a user with banking services
CN117354060B (en) Method, system and medium for detecting loopholes of cloud computing IaaS layer
US11574049B2 (en) Security system and method for software to be input to a closed internal network
CN117290823B (en) APP intelligent detection and safety protection method, computer equipment and medium
Yu et al. Scheduling and Deploying Distributed Sandboxes for Cyber-Attack Detection
Bayenov et al. CLASSIFICATION OF ATTACK DETECTION SYSTEMS AND VULNERABILITY ANALYSIS OF COMPUTER NETWORKS
JP2021099729A (en) Unauthorized access detection system and unauthorized access detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination