CN111935062A - Method and model for calculating network security maturity - Google Patents

Method and model for calculating network security maturity Download PDF

Info

Publication number
CN111935062A
CN111935062A CN202010357576.9A CN202010357576A CN111935062A CN 111935062 A CN111935062 A CN 111935062A CN 202010357576 A CN202010357576 A CN 202010357576A CN 111935062 A CN111935062 A CN 111935062A
Authority
CN
China
Prior art keywords
maturity
network security
calculating
security
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010357576.9A
Other languages
Chinese (zh)
Inventor
胡维
梁露露
罗广超
韩冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Sumai Intelligent Technology Co Ltd
Original Assignee
Nanjing Sumai Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Sumai Intelligent Technology Co Ltd filed Critical Nanjing Sumai Intelligent Technology Co Ltd
Priority to CN202010357576.9A priority Critical patent/CN111935062A/en
Publication of CN111935062A publication Critical patent/CN111935062A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a method and a model for calculating network security maturity, which comprises the steps of establishing maturity model indexes; determining the weight of the maturity model index; calculating a maturity value; and (4) evaluating the maturity. By investigating and analyzing the conditions of all aspects of the enterprise, the current network security level, namely maturity, can be obtained by using the calculation method and the model. The invention can accurately evaluate the security degree of the enterprise network, and clearly determine the weak points of the enterprise network construction, and can provide a foundation for the network security construction modification.

Description

Method and model for calculating network security maturity
Technical Field
The invention relates to the technical field of network security, in particular to a method and a model for calculating network security maturity.
Background
Nowadays, people live in an information and network age. The internet has become of unprecedented importance in today's world development, and the world is evolving towards the world's trend towards the interconnection of everything. But the network security environment also becomes very complex and a wide variety of network security events occur daily. The first step of defending against network security attacks is that countries and enterprises need to establish own network defense lines. How to measure the network security construction success of the organizations becomes a problem that each organization must solve.
Disclosure of Invention
The invention aims to provide a method and a model for calculating network security maturity.
The above object of the present invention can be achieved by the following technical solutions:
18. the invention provides a method and a model for calculating network security maturity, which comprises the steps of establishing a network security maturity index; determining the weight of the maturity index; calculating a maturity value; and (5) evaluating the maturity.
In some embodiments of the invention, the maturity model index includes five fields: safety identification, safety protection, detection and evaluation, monitoring and analysis, and response recovery.
In some embodiments of the invention, 6 objects are included: system, organization structure, asset identification, risk management, vulnerability management, supply chain management, wherein the 6 objects respectively comprise mi(i is less than or equal to 6) safety control measures.
In some embodiments of the invention, 12 objects are included: access control, physical security, presentation authentication, network security, data security, security audit, configuration management, media protection, personnel security, consciousness training, system development, operation maintenance, wherein the 12 objects respectively comprise ni(i is less than or equal to 12) safety control measures.
In some embodiments of the invention, 5 objects are included: compliance management, grade protection, penetration test, safety inspection and risk assessment. Wherein the 5 objects respectively include ri(i is less than or equal to 5) safety control measures.
In some embodiments of the invention, 8 objects are included: the system comprises a monitoring system, physical access monitoring, personnel behavior monitoring, network attack monitoring, malicious code monitoring, spam monitoring, network state monitoring and application state monitoring. Wherein each of the 8 objects comprises qi(i is less than or equal to 8) safety control measures.
In some embodiments of the invention, a plurality of 6 objects are included: emergency response plan, disaster recovery management, security event report, security event disposition, communication optimization improvement, wherein the 6 objects respectively comprise ti(i is less than or equal to 6) safety control measures.
In some embodiments of the present invention, the weight of the index in the model can be adjusted according to the evaluation field and scope, and the weight can be divided into three levels according to the level of the index in the model: domain index weight, object index weight, measure index weight.
In some embodiments of the invention, the jth domain index weight may be expressed as
Figure BDA0002473998840000021
Satisfy the requirement of
Figure BDA0002473998840000022
Wherein, the value range of j is {1, 2, 3, 4,5, 6}, and the superscript d represents Domain; the weight of the kth object index in the jth domain can be expressed as
Figure BDA0002473998840000023
Satisfy the requirement of
Figure BDA0002473998840000024
The value range of k is determined by the number of objects in different domains, and the superscript o represents Object; the weight of the ith security measure for the kth object in the jth domain may be expressed as
Figure BDA0002473998840000025
Satisfy the requirement of
Figure BDA0002473998840000026
The value range of l is determined by the number of measures in different objects.
In some embodiments of the invention, each security measure is subjected to scoring and assignment, the score of each security measure is 0-5 minutes at an interval of 1, and a weighted average method is used for carrying out weighted calculation from the security measure to the object and then to the domain, so that the maturity value of the organization network system is obtained.
In some embodiments of the invention, maturity is divided into 5 grades.
In some embodiments of the invention, the network security maturity of an organization may be ranked in combination with the maturity value calculation.
In some embodiments of the invention, comprising: the network security maturity index establishing module; a weight determination module of the maturity index; a maturity value calculating module; and a maturity evaluation module.
In some embodiments of the present invention, the establishment module of the network security maturity index is configured to establish an index that needs to be used in the maturity evaluation, and the index is divided into 3 levels: the system comprises a domain, an object and a measure, wherein the domain comprises 6 indexes, each domain index comprises unequal number of object indexes, and each object index comprises unequal number of safety measure indexes.
In some embodiments of the invention, the weight determination module of the network security maturity indicator is used for determining the weight according to the assessment field and scope.
In some embodiments of the present invention, the module for calculating the maturity value calculates the maturity value from the security measure to the object to the domain using a weighted average method.
In some embodiments of the present invention, the maturity evaluation module divides the organization network security maturity into 5 grades, and combines the output result of the maturity numerical calculation module to grade the organization network security maturity.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a method for calculating network security maturity provided in an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for calculating network security maturity according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are therefore not to be considered limiting of the invention. Furthermore, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
For easy understanding, please refer to fig. 1, the network security maturity calculation model provided by the present invention includes a network security maturity index establishing module; a weight determination module of the maturity index; a maturity value calculating module; and a maturity evaluation module.
Preferably, the establishment module of the network security maturity index is used for establishing an index which needs to be used in the maturity evaluation. The indexes are divided into 3 levels: domain, object, measure. The field comprises 6 indexes, each field index comprises different numbers of object indexes, and each object index comprises different numbers of measure indexes.
In some embodiments of the invention, the weight determination module of the network security maturity index is used for determining the weight of each index in three levels of the maturity evaluation index according to the evaluation field and scope.
In some embodiments of the present invention, the module for calculating the maturity value obtains the maturity value of the organization network system by assigning a value to each safety measure index in the evaluation index and performing weighted calculation from the measure to the object to the domain by using a weighted average method.
In some embodiments of the present invention, the network security maturity assessment module classifies the network security maturity into 5 grades: initial execution stage [0,4), event driven stage [4,5.5), compliance driven stage [5.5,7), risk driven stage [7, 8.5), continuous improvement stage [8.5, 10 ]. And the network security maturity of the organization can be graded by combining the output result of the maturity numerical calculation module.
In some embodiments of the present invention, referring to fig. 2 for easy understanding, an embodiment of a method for calculating a return on investment of a network security measure is provided in the present invention, including:
step 101, establishing a network security maturity model index according to the research on the network security. Maturity model indices are divided into five domains (domains): safety identification, safety protection, detection and evaluation, monitoring and analysis, and response recovery.
The secure identification domain includes 6 objects (Object): system, organization architecture, asset identification, risk management, vulnerability management, and supply chain management. Wherein each of the 6 objects includes mi(i is less than or equal to 6) safety Control measures (Control).
In some embodiments of the invention, the security domain comprises 12 objects (Obj)ect): access control, physical security, presentation authentication, network security, data security, security auditing, configuration management, media protection, personnel security, awareness training, system development, operation maintenance. Wherein the 12 objects respectively include ni(i is less than or equal to 12) safety Control measures (Control).
The detection assessment field includes 5 objects (Object): compliance management, grade protection, penetration test, safety inspection and risk assessment. Wherein the 5 objects respectively include ri(i is less than or equal to 5) safety Control measures (Control).
In some embodiments of the invention, the analysis domain is monitored, comprising 8 objects (Object): the system comprises a monitoring system, physical access monitoring, personnel behavior monitoring, network attack monitoring, malicious code monitoring, spam monitoring, network state monitoring and application state monitoring. Wherein each of the 8 objects comprises qi(i is less than or equal to 8) safety Control measures (Control).
In some embodiments of the invention, the response recovery field, comprises 6 objects (Object): emergency response planning, disaster recovery management, security event reporting, security event handling, and communication optimization improvement. Wherein the 6 objects respectively include ti(i is less than or equal to 6) safety Control measures (Control).
And 102, adjusting the weight of the indexes in the model according to the evaluation field and range. According to the level of indexes in the model, the weights can be divided into three levels: domain index weight, object index weight, measure index weight.
The jth domain index weight may be expressed as
Figure BDA0002473998840000061
Satisfy the requirement of
Figure BDA0002473998840000062
Wherein the superscript d represents Domain; the weight of the kth object index in the jth domain can be expressed as
Figure BDA0002473998840000063
Satisfy the requirement of
Figure BDA0002473998840000064
The value range of k is determined by the number of objects in different domains, and the superscript o represents Object; the weight of the ith security measure for the kth object in the jth domain may be expressed as
Figure BDA0002473998840000065
Satisfy the requirement of
Figure BDA0002473998840000066
The value range of l is determined by the number of measures in different objects, and the superscript c represents Control.
103, scoring and assigning each safety measure for use
Figure BDA0002473998840000067
Represents the score of the l-th measure in the k-th object in the j-th domain. Wherein the score of each safety measure is 0-5, and the interval is 1. And then, performing weighted calculation from measures to objects to domains by using a weighted average method, thereby obtaining the maturity value of the organization network system. The specific calculation is divided into three steps, which are respectively as follows:
step one, calculating the fraction of the kth object in the jth domain:
Figure BDA0002473998840000071
step two, calculating the score of the jth domain:
Figure BDA0002473998840000072
step three, calculating the security maturity score of the organization network:
Figure BDA0002473998840000073
wherein a factor of 2 is present in the calculation of the security maturity score of the organization network in order to normalize the score to an upper limit of 10.
And step 104, dividing the network security maturity into 5 levels, namely an initial execution level [0,4 ], an event driving level [4,5.5 ], a compliance driving level [5.5,7 ], a risk driving level [7, 8.5 ] and a continuous improvement level [8.5, 10 ]. And combining the calculation result of the maturity value, the network security maturity of the organization can be graded.
In the embodiments provided in the present invention, it should be understood that the disclosed system and method can be implemented in other ways. For example, the above-described system embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and in actual implementation, there may be other divisions, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer system (which may be a personal computer, a server, or a network system) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an illustrative embodiment," "an example," "a specific example," or "some examples" or the like mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.

Claims (17)

1. A method for calculating network security maturity is characterized by comprising the steps of establishing a network security maturity index; determining the weight of the maturity index; calculating a maturity value; and (5) evaluating the maturity.
2. The method for calculating the network security maturity of claim 1, wherein the maturity model index comprises five fields: safety identification, safety protection, detection and evaluation, monitoring and analysis, and response recovery.
3. The method for calculating the network security maturity of claim 2, comprising 6 objects: system, organization structure, asset identification, risk management, vulnerability management, supply chain management, wherein the 6 objects respectively comprise mi(i is less than or equal to 6) safety control measures.
4. The method for calculating the network security maturity according to claim 2, comprising 12 objects: access control, physical security, presentation authentication, network security, data security, security audit, configuration management, media protection, personnel security, consciousness training, system development, operation maintenance, wherein the 12 objects respectively comprise ni(i is less than or equal to 12) safety control measures.
5. The method for calculating the network security maturity according to claim 2, comprising 5 objects: compliance management, level protection, penetration test, safety inspection and risk assessment, wherein the 5 objects respectively comprise ri(i is less than or equal to 5) safety control measures.
6. The method for calculating the network security maturity of claim 2, comprising 8 objects: a monitoring system, physical access monitoring, personnel behavior monitoring, network attack monitoring, malicious code monitoring, spam monitoring, network state monitoring and application state monitoring, wherein the 8 objects respectively comprise qi(i is less than or equal to 8) safety control measures.
7. The method for calculating the network security maturity of claim 2, comprising 6 objects: emergency response plan, disaster recovery management, security event reporting, security event disposition, communication optimization improvement, wherein the 6 objects respectively compriseti(i is less than or equal to 6) safety control measures.
8. The method for calculating the network security maturity according to claim 1, wherein the weight of the index in the model can be adjusted according to the evaluation field and scope, and the weight can be divided into three levels according to the level of the index in the model: domain index weight, object index weight, measure index weight.
9. The method for calculating the network security maturity of claim 8 wherein the jth domain index weight is expressed as
Figure FDA0002473998830000021
Satisfy the requirement of
Figure FDA0002473998830000022
Where j is an integer and the superscript d represents the field; the weight of the kth object index in the jth domain can be expressed as
Figure FDA0002473998830000023
Satisfy the requirement of
Figure FDA0002473998830000024
Figure FDA0002473998830000025
The value range of k is determined by the number of objects in different domains, and the superscript o represents Object; the weight of the ith security measure for the kth object in the jth domain may be expressed as
Figure FDA0002473998830000026
Satisfy the requirement of
Figure FDA0002473998830000027
The value range of l is determined by the number of measures in different objects.
10. The method for calculating the network security maturity according to claim 1, wherein the maturity value of the organization network system is obtained by performing score assignment on each security measure, wherein the score of each security measure is 0-5 points, the interval is 1, and performing weighted calculation from the security measure to the object and then to the domain by using a weighted average method.
11. The method for calculating the network security maturity of claim 1, wherein the maturity is divided into 5 levels.
12. The method for calculating network security maturity of claim 11 wherein the maturity value is combined to a numerical maturity value calculation result to rank the network security maturity of an organization.
13. A computational model of network security maturity, comprising: the network security maturity index establishing module; a weight determination module of the maturity index; a maturity value calculating module; and a maturity evaluation module.
14. The model for computing network security maturity of claim 13 wherein the module for establishing network security maturity indicators is configured to establish indicators that need to be used in maturity assessment, and the indicators are divided into 3 levels: the system comprises a domain, an object and a measure, wherein the domain comprises 6 indexes, each domain index comprises unequal number of object indexes, and each object index comprises unequal number of safety measure indexes.
15. The computational model of network security maturity of claim 13 wherein the weight determination module of network security maturity indicators is configured to evaluate the domain and scope.
16. The model of claim 13, wherein the module for calculating the maturity value calculates the maturity value from the security measure to the object to the domain by using a weighted average method.
17. The model of claim 13, wherein the maturity evaluation module classifies the organization network security maturity into 5 levels, and combines the output of the maturity value calculation module to grade the organization network security maturity.
CN202010357576.9A 2020-04-29 2020-04-29 Method and model for calculating network security maturity Pending CN111935062A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010357576.9A CN111935062A (en) 2020-04-29 2020-04-29 Method and model for calculating network security maturity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010357576.9A CN111935062A (en) 2020-04-29 2020-04-29 Method and model for calculating network security maturity

Publications (1)

Publication Number Publication Date
CN111935062A true CN111935062A (en) 2020-11-13

Family

ID=73317117

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010357576.9A Pending CN111935062A (en) 2020-04-29 2020-04-29 Method and model for calculating network security maturity

Country Status (1)

Country Link
CN (1) CN111935062A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113344472A (en) * 2021-08-04 2021-09-03 浙江乾冠信息安全研究院有限公司 Network security scoring method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180322292A1 (en) * 2017-05-02 2018-11-08 Dignity Health Cybersecurity maturity forecasting tool/dashboard
CN109246153A (en) * 2018-11-09 2019-01-18 中国银行股份有限公司 Network safety situation analysis model and network safety evaluation method
CN111047122A (en) * 2018-10-11 2020-04-21 北京国双科技有限公司 Enterprise data maturity evaluation method and device and computer equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180322292A1 (en) * 2017-05-02 2018-11-08 Dignity Health Cybersecurity maturity forecasting tool/dashboard
CN111047122A (en) * 2018-10-11 2020-04-21 北京国双科技有限公司 Enterprise data maturity evaluation method and device and computer equipment
CN109246153A (en) * 2018-11-09 2019-01-18 中国银行股份有限公司 Network safety situation analysis model and network safety evaluation method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113344472A (en) * 2021-08-04 2021-09-03 浙江乾冠信息安全研究院有限公司 Network security scoring method

Similar Documents

Publication Publication Date Title
US8700415B2 (en) Method and system for determining effectiveness of a compliance program
US20180020018A1 (en) Method and tool to quantify the enterprise consequences of cyber risk
CN111680863A (en) Network environment safety condition evaluation method based on analytic hierarchy process
CN108776861A (en) Railway Communication safety risk estimating method and device
CN104321794B (en) A kind of system and method that the following commercial viability of an entity is determined using multidimensional grading
CN107993144A (en) Customer risk grade determines method, apparatus, equipment and readable storage medium storing program for executing
CN111859393A (en) Risk assessment system and method based on situation awareness alarm
WO2010037030A1 (en) Evaluating loan access using online business transaction data
CN111865982B (en) Threat assessment system and method based on situation awareness alarm
Woods et al. Towards integrating insurance data into information security investment decision making
CN110111202A (en) The method and system of risk monitoring and control after a kind of loan
Orhan Building community resilience: Business preparedness lessons in the case of Adapazarı, Turkey
CN110620696A (en) Grading method and device for enterprise network security situation awareness
CN111865981A (en) Network security vulnerability assessment system and method
CN111553563A (en) Method and device for determining enterprise fraud risk
CN116842527A (en) Data security risk assessment method
Djalilov et al. Ownership, Risk and Efficiency in the Banking Sector of the ASEAN Countries
CN117061211A (en) Data processing method and system based on network security management
US20060248096A1 (en) Early detection and warning systems and methods
CN111935062A (en) Method and model for calculating network security maturity
CN112581291B (en) Risk assessment change detection method, apparatus, device and storage medium
CN114490259A (en) Supervision-oriented global event element extraction method
CN112861142A (en) Database risk level determination method and device, storage medium and electronic device
CN114553517B (en) Nonlinear weighted network security assessment method, device, equipment and storage medium
CN112651433B (en) Abnormal behavior analysis method for privileged account

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20201113