CN111582714A - Method, device, equipment and storage medium for evaluating effectiveness of network security measures - Google Patents
Method, device, equipment and storage medium for evaluating effectiveness of network security measures Download PDFInfo
- Publication number
- CN111582714A CN111582714A CN202010376855.XA CN202010376855A CN111582714A CN 111582714 A CN111582714 A CN 111582714A CN 202010376855 A CN202010376855 A CN 202010376855A CN 111582714 A CN111582714 A CN 111582714A
- Authority
- CN
- China
- Prior art keywords
- risk
- network security
- sub
- actual
- risk value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The application discloses a method, a device, equipment and a storage medium for evaluating the effectiveness of network security measures, wherein the method comprises the following steps: acquiring a first actual risk value of an enterprise under a preset risk scene of network security before network security measures are implemented; acquiring a second actual risk value of the enterprise under a preset risk scene after implementing network security measures, wherein the configuration process of the network security measures comprises the following steps: determining based on the rectification budget of the enterprise and the relative risk corresponding to the preset risk scene; based on the effectiveness calculation formula, the effectiveness of the network security measures is calculated according to the first actual risk value and the second actual risk value, the effectiveness of the network security measures can be evaluated, and the technical problem of how to effectively evaluate the network security measures is solved.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an apparatus, a device, and a storage medium for evaluating validity of a network security measure.
Background
With the development of network technology, the internet is used in many fields, so that the internet becomes especially important in the current society. Meanwhile, the network security of the internet is also highly valued by people.
The internet can bring serious loss to enterprises after risk events occur. In the prior art, in order to prevent a risk event in the internet, a corresponding network security measure is often formulated to effectively manage the risk event in the internet. The early evaluation before the network security measure is put into use has important guiding significance for formulating the network security measure, but how to effectively evaluate the network security measure becomes a technical problem to be solved urgently by technical personnel in the field.
Disclosure of Invention
In view of this, the present application provides a method, an apparatus, a device and a storage medium for evaluating validity of a network security measure, which can evaluate the validity of the network security measure.
The first aspect of the present application provides a method for evaluating validity of a network security measure, including:
acquiring a first actual risk value of an enterprise under a preset risk scene of network security before network security measures are implemented;
acquiring a second actual risk value of the enterprise under the preset risk scene after the network security measure is implemented, wherein the configuration process of the network security measure comprises the following steps: determining based on the correction budget of the enterprise and the relative risk corresponding to the preset risk scene;
calculating the effectiveness of the network security measure according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula, wherein the effectiveness calculation formula is as follows:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
Optionally, before the obtaining of the network security measure, the first actual risk value of the enterprise in the preset risk scenario of the network security specifically includes:
acquiring a sub-first actual risk value corresponding to each sub-risk scene in preset risk scenes before the enterprise implements network security measures;
and summing all the sub first actual risk values to obtain the first actual risk value.
Optionally, the obtaining of the sub-first actual risk value corresponding to each sub-risk scenario in the preset risk scenarios before the enterprise implements the network security measure specifically includes:
acquiring actual sub-risk probability and actual sub-risk loss corresponding to each sub-risk scene in the preset risk scenes before network security measures are implemented by an enterprise;
determining a corresponding sub first actual risk value according to the sub risk actual probability and the sub risk actual loss based on a risk value calculation formula, wherein the risk value calculation formula is as follows:
rgi=pgi*lgi;
in the formula, rgiFor the sub-first actual risk value, p, corresponding to the sub-risk scenario igiThe actual probability of sub-risk corresponding to the sub-risk scene i, lgiThe sub-risk scenario i corresponds to the sub-risk actual loss.
Optionally, after the network security measure is implemented, the obtaining of the second actual risk value of the enterprise in the preset risk scenario specifically includes:
acquiring the rectification change rate corresponding to each sub-risk scene in the preset risk scenes after the enterprise implements network security measures;
calculating a second actual risk value of the enterprise under the preset risk scene according to the rectification change rate and the corresponding sub first actual risk value based on a first formula, wherein the first formula is as follows:
where n is the number of sub-risk scenarios, friCorrection change rate, f, corresponding to sub-risk scenario iri=fpi*fli,fpiAs the actual probability p of a sub-riskgiCorresponding correction rate of change, fliActual loss for child riskgiThe corresponding rate of change of rectification.
Optionally, the configuration process of the network security measure specifically includes:
acquiring a sub-relative risk value corresponding to each sub-risk scene in the preset risk scenes;
selecting a preset number of sub-relative risk values from the largest sub-relative risk value in all the sub-relative risk values in a descending manner, and taking the sub-risk scene corresponding to the selected sub-relative risk value as an rectification scene;
based on a rectification priority coefficient calculation formula, calculating rectification priority coefficients corresponding to the vulnerabilities according to rectification cost and occurrence frequency corresponding to the vulnerabilities in each rectification scene;
and based on a preset rectification selection method, performing rectification selection of the vulnerability by combining the rectification budget of the enterprise and all the rectification priority coefficients, and taking the rectification measure corresponding to the selected vulnerability as the network security measure.
Optionally, the rectification priority coefficient calculation formula is:
in the formula, η is the modification priority coefficient, C is the modification cost corresponding to the vulnerability, and f is the occurrence frequency corresponding to the vulnerability.
Optionally, the preset rectification and modification selecting method includes:
the smaller the adjustment priority coefficient is, the higher the selection priority is, and for the equal priority coefficient, the lower the adjustment cost is.
A second aspect of the present application provides an apparatus for evaluating validity of a network security measure, including:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first actual risk value of an enterprise in a preset risk scene of network security before network security measures are implemented;
a second obtaining unit, configured to obtain a second actual risk value of the enterprise in the preset risk scenario after the network security measure is implemented, where a configuration process of the network security measure includes: determining based on the correction budget of the enterprise and the relative risk corresponding to the preset risk scene;
the evaluation unit is used for calculating the effectiveness of the network security measures according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula, wherein the effectiveness calculation formula is as follows:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
A third aspect of the present application provides a validity evaluation apparatus for network security measures, including: a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for evaluating the validity of the network security measure according to the first aspect according to instructions in the program code.
A fourth aspect of the present application provides a storage medium for storing a program code for executing the method for evaluating the validity of a network security measure according to the first aspect.
According to the technical scheme, the embodiment of the application has the following advantages:
the application provides a method for evaluating the effectiveness of network security measures, which comprises the following steps: acquiring a first actual risk value of an enterprise under a preset risk scene of network security before network security measures are implemented; acquiring a second actual risk value of the enterprise under a preset risk scene after implementing network security measures, wherein the configuration process of the network security measures comprises the following steps: determining based on the rectification budget of the enterprise and the relative risk corresponding to the preset risk scene; and calculating the effectiveness of the network security measures according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula.
According to the method and the device, the first actual risk value and the second actual risk value which correspond to the network security measure before and after the network security measure is implemented by the enterprise are obtained, and then the effectiveness corresponding to the network security measure can be calculated according to the effectiveness calculation formula and by combining the first actual risk value and the second actual risk value, so that the effectiveness evaluation of the network security measure is realized, and the technical problem of how to effectively evaluate the network security measure is solved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
Fig. 1 is a schematic flowchart illustrating a first embodiment of a method for evaluating validity of a network security measure according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a second embodiment of a method for evaluating validity of a network security measure in an embodiment of the present application;
fig. 3 is a schematic structural diagram of an embodiment of an apparatus for evaluating validity of network security measures in this embodiment.
Detailed Description
The embodiment of the application provides a method, a device, equipment and a storage medium for evaluating the effectiveness of network security measures, and solves the technical problem of how to effectively evaluate the network security measures.
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
For easy understanding, please refer to fig. 1, in which fig. 1 is a schematic flowchart illustrating a first embodiment of a method for evaluating network security effectiveness according to an embodiment of the present application.
As shown in fig. 1, an embodiment of a method for evaluating validity of a network security measure in this embodiment specifically includes:
In this embodiment, first, a first actual risk value of an enterprise in a preset risk scenario of network security is obtained before network security measures are implemented.
The preset risk scene is obtained by classifying according to security events which have occurred in the world and according to different event consequences, and summarizing. The technical personnel in the field can design the corresponding preset risk scene according to the use requirement of the technical personnel.
102, acquiring a second actual risk value of the enterprise under a preset risk scene after implementing the network security measure, wherein the configuration process of the network security measure comprises the following steps: and determining the relative risk corresponding to the preset risk scene based on the correction budget of the enterprise.
After network security measures are determined based on the adjustment budget of the enterprise and relative risks corresponding to preset risk scenes, a second actual risk value of the enterprise in the preset risk scenes after the network security measures are implemented is obtained.
The effectiveness evaluation is to guide the formulation and implementation of the network security measures, and therefore, the effectiveness evaluation of the network security measures is generally performed before the actual implementation of the network security measures, that is, the second actual risk value in this step is an estimated risk value estimated by the enterprise after implementing the network security measures, and for the specific calculation of the second actual risk value, specific description will be made in the following embodiments, which is not repeated herein.
And 103, calculating the effectiveness of the network security measures according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula.
It should be noted that the effectiveness calculation formula is:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
Because the investment in the aspect of network security construction does not bring direct benefits to enterprises, the effective concept represents the ratio of the reduction of the actual risk value to the total rectification cost after certain cost is invested for network security construction.
In this embodiment, a first actual risk value and a second actual risk value corresponding to the network security measure before and after the network security measure is implemented by the enterprise are obtained, and then the effectiveness corresponding to the network security measure can be calculated according to an effectiveness calculation formula and by combining the first actual risk value and the second actual risk value, so that the effectiveness evaluation of the network security measure is realized, and the technical problem of how to effectively evaluate the network security measure is solved.
The above is a first embodiment of a method for evaluating validity of a network security measure provided in the embodiment of the present application, and the following is a second embodiment of the method for evaluating validity of a network security measure provided in the embodiment of the present application, please refer to fig. 2 specifically.
As shown in fig. 2, an embodiment of the method for evaluating the effectiveness of a network security measure in this embodiment specifically includes:
In this embodiment, before the enterprise implements the network security measure, the first actual sub-risk value in the preset risk scenario is calculated after summing the sub-actual risk values corresponding to each sub-risk scenario in the preset risk scenario, so that the sub-actual risk value corresponding to each sub-risk scenario is calculated first, and the sub-actual risk value is calculated through the sub-risk actual probability and the sub-actual risk loss, so that the sub-risk actual probability and the sub-risk actual loss corresponding to each sub-risk scenario are obtained first.
rgi=pgi*lgi;
In the formula, rgiFor the sub-first actual risk value, p, corresponding to the sub-risk scenario igiThe actual probability of sub-risk corresponding to the sub-risk scene i, lgiThe sub-risk scenario i corresponds to the sub-risk actual loss.
Determining the actual probability p of the sub-risk corresponding to the sub-risk scene igiActual loss of sum risk lgiThen, the sub first actual risk value r corresponding to the sub risk scenario i can be determinedgi。
And step 203, summing all the sub first actual risk values to obtain a first actual risk value.
All the sub-first actual risk values r are obtainedgiThereafter, all sub-first actual risk values r are assignedgiSumming to obtain a first actual risk value, i.e. by formula
A first actual risk value is obtained, where n is the number of sub-risk scenarios.
And 204, acquiring the adjustment change rate corresponding to each sub-risk scene in the preset risk scene after the enterprise implements the network security measures.
It should be noted that the configuration process of the network security measure specifically includes:
acquiring a sub-relative risk value corresponding to each sub-risk scene in preset risk scenes;
selecting a preset number of sub-relative risk values from the largest sub-relative risk value in all the sub-relative risk values in a descending manner, and taking the sub-risk scene corresponding to the selected sub-relative risk value as an rectification scene;
based on a rectification priority coefficient calculation formula, calculating rectification priority coefficients corresponding to the vulnerabilities according to rectification cost and occurrence frequency corresponding to the vulnerabilities in each rectification scene, wherein the rectification priority coefficient calculation formula is as follows:
in the formula, eta is a rectification priority coefficient, C is a rectification cost corresponding to the vulnerability, and f is the occurrence frequency corresponding to the vulnerability;
and based on a preset rectification selection method, combining the rectification budget of the enterprise and all rectification priority coefficients to carry out rectification selection of the vulnerability, and taking the rectification measure corresponding to the selected vulnerability as a network security measure.
It is understood that vulnerability refers to a weak link (also referred to as a vulnerability) in an asset or group of assets that may be exploited by a threat; these vulnerabilities may be located in various aspects of the physical environment, organizations, business processes, personnel, administration, hardware, software, and communications facilities.
The preset number can be set as required, and is not described herein again.
The preset rectification selection method comprises the following steps:
the smaller the adjustment priority coefficient is, the higher the selection priority is, and for the equal priority coefficient, the lower the adjustment cost is.
And step 205, calculating a second actual risk value of the enterprise under the preset risk scene according to the rectification change rate and the corresponding sub first actual risk value based on a first formula.
The first formula is:
where n is the number of sub-risk scenarios, friCorrection change rate, f, corresponding to sub-risk scenario iri=fpi*fli,fpiAs the actual probability p of a sub-riskgiCorresponding correction rate of change, fliActual loss for child riskgiThe corresponding rate of change of rectification.
And step 206, calculating the effectiveness of the network security measures according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula.
The effectiveness calculation formula is as follows:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
It should be noted that step 206 is the same as the description of step 103 in the first embodiment, and reference may be specifically made to the description of step 103, which is not described herein again.
In this embodiment, all the sub-risk scenarios may be classified, for example, including business interruption, data security, and software lasso, and after classification, calculation and analysis are facilitated.
In this embodiment, a first actual risk value and a second actual risk value corresponding to the network security measure before and after the network security measure is implemented by the enterprise are obtained, and then the effectiveness corresponding to the network security measure can be calculated according to an effectiveness calculation formula and by combining the first actual risk value and the second actual risk value, so that the effectiveness evaluation of the network security measure is realized, and the technical problem of how to effectively evaluate the network security measure is solved.
The second embodiment of the method for evaluating the validity of the network security measure provided in the embodiment of the present application is an application example of the apparatus for evaluating the validity of the network security measure provided in the embodiment of the present application.
Step S1, in the present application example, the sub relative probability p of all sub risk scenes in the preset risk scene is quantified in combination with the self condition of the enterpriseriRelative loss of seed lriAnd a sub relative risk value rriWherein i is the ith sub-risk scenario, and r represents relative;
step S2, calculating the sub-actual probability p of each sub-risk scene of the enterprisegiActual loss of seed lgiAnd a sub-first actual risk rgiAnd calculating a first actual risk value R through all the sub first actual risk values, wherein the calculation formula is as follows:
wherein g represents true.
And step S3, according to the sub relative risk value, combining the whole budget change of the enterprise to make network security measures. The sub-relative risk value and the vulnerability corresponding to the sub-risk scenario are used here, and the specific steps are as follows:
s31, performing descending order arrangement on the sub relative risk values of all the sub risk scenes, and selecting the scenes with the top 30% of the arrangement as rectification scenes;
step S32, counting the occurrence frequency of the corresponding vulnerability in the rectification scene;
step S33, investigation is carried out to obtain the rectification cost required by rectification of each vulnerability;
step S34 according to
Calculating an rectification priority coefficient for each vulnerability, wherein η is the rectification priority coefficient, C is the rectification cost corresponding to the vulnerability, and f is the occurrence frequency corresponding to the vulnerability;
step S35, the lower the vulnerability of the priority coefficient, the higher the rectification priority; for the vulnerability of the equal priority coefficient, the adjustment cost is preferably lower;
step S36, for the adjustment and modification of the conformity of the laws and regulations, it is not according to the above-mentioned sequencing rule, and it is necessary to take the corresponding measures to meet the requirements of the laws and regulations at the top, such as passing the equal guarantor evaluation, passing the certification of the related information security management system (ISO27001), etc.;
and step S37, combining the enterprise adjustment budget, selecting the adjustment measures according to the adjustment priority ranking method in the step S5, and taking the selected adjustment measures as network security measures.
Step S4, calculating the actual probability, actual loss and actual risk value of each sub-risk scenario during the security event after the enterprise implements the network security measures, and further determining a second actual risk value, the specific implementation steps are as follows:
step S41, assuming the planned corrective measures (namely, the network security measures), the corresponding vulnerability will be completely eliminated, and the sub relative probability p 'of each sub risk scene i is obtained through the step I'riRelative loss of l'riAnd sub relative Risk value r'ri;
Step S42, combining sub relative probability p 'of each sub risk scene before rectification'riRelative loss of l'riCalculating the change rate f after the correction of each sub-risk scenepiAnd fliThe calculation formula is as follows;
step S43, combining the change rate and the sub-actual probability p of each sub-risk scene before rectificationgiActual loss of seed lgiAnd a sub-first actual risk value rgiCalculating the sub-actual probability p 'of each sub-risk scene after modification'giL 'actual loss of son'giSub second actual Risk value r'giThe calculation formula is as follows;
p'ri=fpi*pri;
l'ri=fli*lri;
r'ri=p'gi*l'gi=fpi*pri*fli*lri
step S44, after the adjustment measures are taken, the calculation formula of the second actual risk value R' possessed by the enterprise is as follows:
wherein f isri=fpi*fli。
Step S5, calculating the effectiveness of the network security measure according to the first actual risk value, the second actual risk value and the total rectification cost corresponding to the network security measure, wherein the calculation formula is as follows:
referring to fig. 3, fig. 3 is a schematic structural diagram of an embodiment of an apparatus for evaluating validity of network security measures in an embodiment of the present application, and as shown in fig. 3, the embodiment of the apparatus for evaluating validity of network security measures in the embodiment specifically includes:
a first obtaining unit 301, configured to obtain a first actual risk value of an enterprise in a preset risk scenario of network security before implementing network security measures;
a second obtaining unit 302, configured to obtain a second actual risk value of the enterprise in a preset risk scenario after implementing the network security measure, where a configuration process of the network security measure includes: determining based on the rectification budget of the enterprise and the relative risk corresponding to the preset risk scene;
the evaluation unit 303 is configured to calculate, based on an effectiveness calculation formula, effectiveness of the network security measure according to the first actual risk value and the second actual risk value, where the effectiveness calculation formula is:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
In this embodiment, a first actual risk value and a second actual risk value corresponding to the network security measure before and after the network security measure is implemented by the enterprise are obtained, and then the effectiveness corresponding to the network security measure can be calculated according to an effectiveness calculation formula and by combining the first actual risk value and the second actual risk value, so that the effectiveness evaluation of the network security measure is realized, and the technical problem of how to effectively evaluate the network security measure is solved.
The embodiment of the present application further provides an embodiment of an effectiveness evaluation device for network security measures, where the effectiveness evaluation device for network security measures in this embodiment includes: a processor and a memory; the memory is used for storing the program codes and transmitting the program codes to the processor; the processor is configured to execute the method for evaluating the effectiveness of the network security measure according to the first embodiment or the second embodiment according to instructions in the program code.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The embodiment of the present application further provides an embodiment of a storage medium, where the storage medium is used to store a program code, and the program code is used to execute the validity evaluation method of the network security measure in the first embodiment or the second embodiment.
The terms "first," "second," "third," "fourth," and the like in the description of the application and the above-described figures, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be understood that in the present application, "at least one" means one or more, "a plurality" means two or more. "and/or" for describing an association relationship of associated objects, indicating that there may be three relationships, e.g., "a and/or B" may indicate: only A, only B and both A and B are present, wherein A and B may be singular or plural. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of single item(s) or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, "a and b", "a and c", "b and c", or "a and b and c", wherein a, b, c may be single or plural.
In the several embodiments provided in the present application, it should be understood that the disclosed system, commodity loading server and method may be implemented in other ways. For example, the above-described embodiments of the merchandise loading server are merely illustrative, and for example, the division of a unit is only one logical division, and there may be other divisions when the actual implementation is performed, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed coupling or direct coupling or communication connection between each other may be an indirect coupling or communication connection through some interfaces, commodity loading server or unit, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.
Claims (10)
1. A method for evaluating the effectiveness of network security measures is characterized by comprising the following steps:
acquiring a first actual risk value of an enterprise under a preset risk scene of network security before network security measures are implemented;
acquiring a second actual risk value of the enterprise under the preset risk scene after the network security measure is implemented, wherein the configuration process of the network security measure comprises the following steps: determining based on the correction budget of the enterprise and the relative risk corresponding to the preset risk scene;
calculating the effectiveness of the network security measure according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula, wherein the effectiveness calculation formula is as follows:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
2. The method for evaluating the effectiveness of network security measures according to claim 1, wherein the obtaining of the first actual risk value of the enterprise in the preset risk scenario of network security before implementing the network security measures specifically comprises:
acquiring a sub-first actual risk value corresponding to each sub-risk scene in preset risk scenes before the enterprise implements network security measures;
and summing all the sub first actual risk values to obtain the first actual risk value.
3. The method for evaluating the effectiveness of network security measures according to claim 2, wherein the obtaining of the sub-first actual risk value corresponding to each sub-risk scenario in the preset risk scenarios before the enterprise implements the network security measures specifically comprises:
acquiring actual sub-risk probability and actual sub-risk loss corresponding to each sub-risk scene in the preset risk scenes before network security measures are implemented by an enterprise;
determining a corresponding sub first actual risk value according to the sub risk actual probability and the sub risk actual loss based on a risk value calculation formula, wherein the risk value calculation formula is as follows:
rgi=pgi*lgi;
in the formula, rgiFor the sub-first actual risk value, p, corresponding to the sub-risk scenario igiThe actual probability of sub-risk corresponding to the sub-risk scene i, lgiThe sub-risk scenario i corresponds to the sub-risk actual loss.
4. The method for evaluating the effectiveness of network security measures according to claim 3, wherein the obtaining of the second actual risk value of the enterprise in the preset risk scenario after the network security measures are implemented specifically includes:
acquiring the rectification change rate corresponding to each sub-risk scene in the preset risk scenes after the enterprise implements network security measures;
calculating a second actual risk value of the enterprise under the preset risk scene according to the rectification change rate and the corresponding sub first actual risk value based on a first formula, wherein the first formula is as follows:
where n is the number of sub-risk scenarios, friCorrection change rate, f, corresponding to sub-risk scenario iri=fpi*fli,fpiAs the actual probability p of a sub-riskgiCorresponding correction rate of change, fliIs aActual loss of risk lgiThe corresponding rate of change of rectification.
5. The method for evaluating the effectiveness of a network security measure according to claim 1, wherein the configuring process of the network security measure specifically comprises:
acquiring a sub-relative risk value corresponding to each sub-risk scene in the preset risk scenes;
selecting a preset number of sub-relative risk values from the largest sub-relative risk value in all the sub-relative risk values in a descending manner, and taking the sub-risk scene corresponding to the selected sub-relative risk value as an rectification scene;
based on a rectification priority coefficient calculation formula, calculating rectification priority coefficients corresponding to the vulnerabilities according to rectification cost and occurrence frequency corresponding to the vulnerabilities in each rectification scene;
and based on a preset rectification selection method, performing rectification selection of the vulnerability by combining the rectification budget of the enterprise and all the rectification priority coefficients, and taking the rectification measure corresponding to the selected vulnerability as the network security measure.
6. The method of claim 5, wherein the formula for calculating the correction priority coefficient is as follows:
in the formula, η is the modification priority coefficient, C is the modification cost corresponding to the vulnerability, and f is the occurrence frequency corresponding to the vulnerability.
7. The method for evaluating the effectiveness of network security measures according to claim 5, wherein the preset modifying and selecting method comprises:
the smaller the adjustment priority coefficient is, the higher the selection priority is, and for the equal priority coefficient, the lower the adjustment cost is.
8. An apparatus for evaluating validity of a network security measure, comprising:
the system comprises a first acquisition unit, a second acquisition unit and a third acquisition unit, wherein the first acquisition unit is used for acquiring a first actual risk value of an enterprise in a preset risk scene of network security before network security measures are implemented;
a second obtaining unit, configured to obtain a second actual risk value of the enterprise in the preset risk scenario after the network security measure is implemented, where a configuration process of the network security measure includes: determining based on the correction budget of the enterprise and the relative risk corresponding to the preset risk scene;
the evaluation unit is used for calculating the effectiveness of the network security measures according to the first actual risk value and the second actual risk value based on an effectiveness calculation formula, wherein the effectiveness calculation formula is as follows:
in the formula, the effective is the effectiveness of the network security measure, R is a first actual risk value, R' is a second actual risk value, and Cost is the total rectification Cost corresponding to the network security measure.
9. The validity evaluation device of the network security measure is characterized by comprising a processor and a memory;
the memory is used for storing program codes and transmitting the program codes to the processor;
the processor is configured to execute the method for assessing the validity of a network security measure according to any one of claims 1 to 7 according to instructions in the program code.
10. A storage medium characterized by storing a program code for executing the method for evaluating the validity of the network security measure according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376855.XA CN111582714A (en) | 2020-05-07 | 2020-05-07 | Method, device, equipment and storage medium for evaluating effectiveness of network security measures |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010376855.XA CN111582714A (en) | 2020-05-07 | 2020-05-07 | Method, device, equipment and storage medium for evaluating effectiveness of network security measures |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111582714A true CN111582714A (en) | 2020-08-25 |
Family
ID=72112052
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010376855.XA Pending CN111582714A (en) | 2020-05-07 | 2020-05-07 | Method, device, equipment and storage medium for evaluating effectiveness of network security measures |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111582714A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113656123A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Information evaluation method, device and system for equal protection evaluation |
| CN116383856A (en) * | 2023-05-24 | 2023-07-04 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040236676A1 (en) * | 2003-03-14 | 2004-11-25 | Kabushiki Kaisha Toshiba | Disaster risk assessment system, disaster risk assessment support method, disaster risk assessment service providing system, disaster risk assessment method, and disaster risk assessment service providing method |
| CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
| CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
| CN109167786A (en) * | 2018-09-03 | 2019-01-08 | 罗杰雄 | A kind of Information Security Management System |
| CN110682875A (en) * | 2019-09-19 | 2020-01-14 | 中国第一汽车股份有限公司 | Vehicle safety risk assessment method and device and vehicle |
-
2020
- 2020-05-07 CN CN202010376855.XA patent/CN111582714A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040236676A1 (en) * | 2003-03-14 | 2004-11-25 | Kabushiki Kaisha Toshiba | Disaster risk assessment system, disaster risk assessment support method, disaster risk assessment service providing system, disaster risk assessment method, and disaster risk assessment service providing method |
| CN107528850A (en) * | 2017-09-05 | 2017-12-29 | 西北大学 | A kind of optimal prevention policies analysis system and method based on improvement ant group algorithm |
| CN109146240A (en) * | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
| CN109167786A (en) * | 2018-09-03 | 2019-01-08 | 罗杰雄 | A kind of Information Security Management System |
| CN110682875A (en) * | 2019-09-19 | 2020-01-14 | 中国第一汽车股份有限公司 | Vehicle safety risk assessment method and device and vehicle |
Non-Patent Citations (1)
| Title |
|---|
| 袁静;任卫红;李明;黎水林;: "油田企业信息安全风险评估模型研究" * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113656123A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Information evaluation method, device and system for equal protection evaluation |
| CN113656123B (en) * | 2021-07-28 | 2023-05-16 | 上海纽盾科技股份有限公司 | Information evaluation method, device and system for equal-protection evaluation |
| CN116383856A (en) * | 2023-05-24 | 2023-07-04 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
| CN116383856B (en) * | 2023-05-24 | 2023-08-29 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11409911B2 (en) | Methods and systems for obfuscating sensitive information in computer systems | |
| CN113545026B (en) | Systems and methods for vulnerability assessment and remedial action identification | |
| US9129132B2 (en) | Reporting and management of computer systems and data sources | |
| Saraf et al. | Generalized multi‐release modelling of software reliability growth models from the perspective of two types of imperfect debugging and change point | |
| Brint et al. | Reducing data requirements when selecting key performance indicators for supply chain management: The case of a multinational automotive component manufacturer | |
| US20050272022A1 (en) | Method and Apparatus for Project Valuation, Prioritization, and Performance Management | |
| WO2018075945A1 (en) | System and method for benchmarking service providers | |
| US9015792B2 (en) | Reporting and management of computer systems and data sources | |
| CN111582714A (en) | Method, device, equipment and storage medium for evaluating effectiveness of network security measures | |
| EP3025248A1 (en) | Service-level agreement analysis | |
| US10990985B2 (en) | Remote supervision of client device activity | |
| US20130262473A1 (en) | Systems, methods, and apparatus for reviewing file management | |
| CN109345065A (en) | One kind evading loss analysis method and device, storage medium, computer equipment | |
| Schneider et al. | Robust measurement of (heavy-tailed) risks: Theory and implementation | |
| US8881299B2 (en) | Dynamic community generator | |
| JP4790573B2 (en) | A computer system that estimates the credibility of telephone subscribers based on telephone numbers | |
| CN116468316A (en) | Enterprise digital authority management system and management method | |
| US20200021496A1 (en) | Method, apparatus, and computer-readable medium for data breach simulation and impact analysis in a computer network | |
| KR102531633B1 (en) | Pharmaceutical industry technology asset evaluation system and method using technology asset contribution | |
| US20200265354A1 (en) | Decision Making Entity Analytics Methods and Systems | |
| WO2008065399A1 (en) | Organisation assessment and representation system and method | |
| US20130215118A1 (en) | Operation status visualization system, operation status visualization method, and information storage medium storing program | |
| CN111506826A (en) | User recommendation method, device, equipment and storage medium based on intimacy | |
| US20240005435A1 (en) | Supply chain risk information generation device and supply chain risk information generation system | |
| US20080082456A1 (en) | System and Method for Assessing and Improving the Performance of an Organization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |