CN112804212B - Information security assessment system - Google Patents
Information security assessment system Download PDFInfo
- Publication number
- CN112804212B CN112804212B CN202011632146.XA CN202011632146A CN112804212B CN 112804212 B CN112804212 B CN 112804212B CN 202011632146 A CN202011632146 A CN 202011632146A CN 112804212 B CN112804212 B CN 112804212B
- Authority
- CN
- China
- Prior art keywords
- information
- module
- evaluation
- security
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/14—Network analysis or design
- H04L41/145—Network analysis or design involving simulating, designing, planning or modelling of a network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
An information security evaluation system comprises a network security analysis subsystem and an information security evaluation subsystem; the network security analysis subsystem comprises a network security processor, a network anomaly analysis module, an identity identification module, a virus scanning module, a network patrol module, a key generation module, a key decryption module and a verification module; the network security analysis subsystem is in communication connection with the information security evaluation subsystem, and the information security evaluation subsystem comprises an evaluation standard generation module, an information acquisition module, an information storage module, a target determination module, a risk analysis module, an information security evaluation module, an evaluation report generation module and a risk management module. The invention not only can effectively and accurately evaluate the information security, ensures the information security, but also can detect, analyze and repair the virus loophole of the current network condition so as to ensure the network security in the information analysis and evaluation process and ensure the security of the information security evaluation system.
Description
Technical Field
The invention relates to the technical field of information security, in particular to an information security evaluation system.
Background
The information security mainly comprises the confidentiality, authenticity, integrity, unauthorized copying of information and the security of a parasitic system, the range of the information security is wide, wherein the information security comprises how to prevent the secret leakage of commercial enterprises, prevent the browsing of bad information by teenagers, the leakage of personal information and the like, an information security system under a network environment is the key for ensuring the information security, and comprises a computer security operating system, various security protocols and a security mechanism, and the global security can be threatened as long as a security vulnerability exists until the security system; the information security means that the information system is protected and is not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, the information service is not interrupted, and the service continuity is finally realized;
with the development of informatization and economic globalization, the internet has deepened into the aspects of people's life, and great changes are brought to people's life, on one hand, because of the openness of the internet, the defects of the information system, the leakage of sensitive information, the flooding of computer viruses, the invasion of hackers and the like, various information systems and platforms face great potential safety hazards, and the information safety problem is increasingly prominent, on the other hand, new network environments are continuously emerged, such as big data, cloud computing and the like, so that the information safety problem is further aggravated, the information safety risk assessment system is mainly used for assessing information safety, and the risks are effectively controlled on the basis of assessment through recognition, weighing and analysis, and risk factors are comprehensively disposed by an economic and reasonable method, so that various adverse consequences caused by the risks are reduced to the minimum; the existing information security evaluation system has the defects of single evaluation item, small evaluation range, inaccurate evaluation result, incapability of detecting and analyzing network security condition during information evaluation, poor use effect and pending improvement.
Disclosure of Invention
Objects of the invention
In order to solve the technical problems in the background art, the invention provides an information security evaluation system which can effectively and accurately evaluate information security, has accurate evaluation results, ensures the security of information, can detect, analyze and repair virus loopholes of the current network condition so as to ensure the security of the network in the information analysis and evaluation process, further ensures the security performance of the information security evaluation system and has excellent use effect.
(II) technical scheme
The invention provides an information security evaluation system, which comprises a network security analysis subsystem and an information security evaluation subsystem;
the network security analysis subsystem comprises a network security processor, a network anomaly analysis module, an identity identification module, a virus scanning module, a network patrol module, a key generation module, a key decryption module and a verification module;
the network security processor is in communication connection with the network anomaly analysis module, the identity identification module, the virus scanning module, the network patrol module, the key generation module and the key decryption module and is used for processing all information; the network anomaly analysis module is used for identifying and analyzing network anomaly conditions and generating a network anomaly processing method; the identity recognition module is used for verifying identity information of an operator, if the identity verification is passed, the operator is allowed to perform related operations, and if the identity verification is not passed, the operator is not allowed to perform operations; the virus scanning module is used for scanning and analyzing the network virus; the network patrol module is used for patrolling the network condition so as to ensure the safe operation of the network; the key generation module is used for generating a network key, and the key decryption module is used for decrypting the network key; the verification module is used for comparing whether the decryption key is consistent with the encryption key or not, if the comparison result is consistent, the operator is allowed to operate the system, and if the comparison result is inconsistent, the operator is not allowed to operate the system;
the network security analysis subsystem is in communication connection with the information security evaluation subsystem, and the information security evaluation subsystem comprises an evaluation standard generation module, an information acquisition module, an information storage module, a target determination module, a risk analysis module, an information security evaluation module, an evaluation report generation module and a risk management module;
the evaluation standard generation module is used for generating an evaluation standard model to be used as a reference and a basis for subsequent information evaluation; the information acquisition module is used for acquiring information and sending the information to the information storage module and the target determination module, and the information storage module is used for storing the information; the target determination module is used for determining target information to be analyzed and evaluated from the acquired information; the risk analysis module is used for analyzing the safety of the target information; the information security evaluation module is used for evaluating the security of the target information according to the analysis information and the evaluation standard model; the evaluation report generation module generates an evaluation report based on the information evaluation result; and the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report.
Preferably, the network security analysis subsystem further comprises a data transfer module, a data backup module and a data restoration module.
Preferably, the data transfer module is used for transferring data when the network security is threatened so as to prevent the data from being stolen or causing the data to be lost; the data backup module is used for storing the shifted data so as to realize the safe backup of the data and prevent the data from being lost; and the data restoring module is used for restoring the data backed up by the data backup module to the original storage position when the network threat disappears.
Preferably, the risk analysis module comprises a risk factor identification sub-module, a risk degree analysis sub-module and a risk grade evaluation sub-module.
Preferably, the risk factor identification submodule is used for identifying risk factors in the description information, the analysis information and the safety requirement information according to the acquired description information, the analysis information and the safety requirement information, wherein the risk factors comprise the facing threat information and the vulnerability information existing in the risk factors; the risk degree analysis submodule is used for acquiring security measure analysis information, threat source analysis information, threat behavior analysis information, vulnerability analysis information, asset value analysis information and influence degree analysis information and synthesizing various analysis information to obtain a risk degree analysis result; and the risk grade evaluation submodule is used for generating a risk evaluation grade list according to the analysis result of the risk degree and carrying out comprehensive evaluation according to a risk grade threshold value.
Preferably, the identity recognition module comprises an identity information acquisition submodule, a microprocessor, an identity information storage submodule and an identity information comparison submodule, and the microprocessor is in communication connection with the identity information acquisition submodule, the identity information storage submodule and the identity information comparison submodule.
Preferably, the identity information acquisition submodule is used for acquiring identity information of an operator and sending the identity information to the identity information comparison submodule; the identity information storage submodule is used for pre-storing identity information of personnel with operation qualification; and the identity information comparison submodule is used for acquiring the information sent by the identity information acquisition submodule and the identity information storage submodule, comparing the information and the information, and finally outputting a comparison result to the microprocessor.
Preferably, the risk management module comprises a risk calculation unit, and the risk calculation unit comprises an assignment submodule and a risk value calculation submodule; the assignment submodule assigns the information assets, threats faced by the information system and the risk resistance of the information system by adopting a five-component system, and the risk value calculation unit is used for calculating the information security risk value according to the assignment.
The invention provides a using method of the information security evaluation system, which comprises the following steps:
s1, an evaluation standard generation module generates an evaluation standard model which is used as a reference and a basis for information evaluation;
s2, the network security analysis subsystem analyzes the network security condition and judges whether the current network is in a security state so as to ensure the security of the current network;
s3, under the condition that the network is safe, the information acquisition module acquires information, the information storage module stores the information, and the target determination module determines target information to be analyzed and evaluated from the acquired information;
s4, analyzing the safety of the target information by a risk analysis module, and evaluating the safety of the target information by an information safety evaluation module according to the analysis information and an evaluation standard model;
and S5, the evaluation report generating module generates an evaluation report based on the information evaluation result, and the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report.
Preferably, in S2, when the network is in a safe state, the subsequent information security evaluation operation is performed, and when the security of the network is not guaranteed or when a network abnormal condition exists, the subsequent information security evaluation operation is performed when the network abnormal condition is solved to make the network in the safe state.
The technical scheme of the invention has the following beneficial technical effects:
the network security analysis subsystem analyzes the network security condition to ensure the security of the current network in the information security evaluation process; the evaluation standard generation module generates an evaluation standard model, the information acquisition module acquires information, the information storage module stores the information, and the target determination module determines target information to be analyzed and evaluated from the acquired information; the risk analysis module analyzes the security of the target information, and the information security evaluation module evaluates the security of the target information; the risk management module makes corresponding risk control measures according to the safety requirement information and the risk evaluation report;
the invention not only can effectively and accurately evaluate the information security, ensures the information security, but also can detect, analyze and repair the virus loopholes of the current network condition so as to ensure the network security in the information analysis and evaluation process, further ensure the security performance of the information security evaluation system and have excellent use effect.
Drawings
Fig. 1 is a system block diagram of an information security evaluation system according to the present invention.
Fig. 2 is a system block diagram of an identity module in an information security evaluation system according to the present invention.
Fig. 3 is a system block diagram of a risk analysis module in an information security assessment system according to the present invention.
Fig. 4 is a system block diagram of a data transfer module, a data backup module, and a data recovery module in the information security evaluation system according to the present invention.
Fig. 5 is a flowchart of the work of an information security evaluation system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings in conjunction with the following detailed description. It should be understood that the description is intended to be exemplary only, and is not intended to limit the scope of the present invention. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present invention.
As shown in fig. 1-4, an information security evaluation system according to the present invention includes a network security analysis subsystem and an information security evaluation subsystem;
the network security analysis subsystem comprises a network security processor, a network anomaly analysis module, an identity identification module, a virus scanning module, a network patrol module, a key generation module, a key decryption module and a verification module;
the network security processor is in communication connection with the network anomaly analysis module, the identity identification module, the virus scanning module, the network patrol module, the key generation module and the key decryption module and is used for processing all information; the network anomaly analysis module is used for identifying and analyzing network anomaly conditions and generating a network anomaly processing method; the identity recognition module is used for verifying identity information of an operator, if the identity information passes the identity verification, the operator is allowed to perform related operations, and if the identity information does not pass the identity verification, the operator is not allowed to perform the operations; the virus scanning module is used for scanning and analyzing the network virus; the network patrol module is used for patrolling the network condition so as to ensure the safe operation of the network; the key generation module is used for generating a network key, and the key decryption module is used for decrypting the network key; the verification module is used for comparing whether the decryption key is consistent with the encryption key or not, if the comparison result is consistent, the system operation is allowed to be carried out by the operator, and if the comparison result is inconsistent, the system operation is not allowed to be carried out by the operator;
the network security analysis subsystem is in communication connection with the information security evaluation subsystem, and the information security evaluation subsystem comprises an evaluation standard generation module, an information acquisition module, an information storage module, a target determination module, a risk analysis module, an information security evaluation module, an evaluation report generation module and a risk management module;
the evaluation standard generation module is used for generating an evaluation standard model to be used as a reference and a basis for subsequent information evaluation; the information acquisition module is used for acquiring information and sending the information to the information storage module and the target determination module, and the information storage module is used for storing the information; the target determination module is used for determining target information to be analyzed and evaluated from the acquired information; the risk analysis module is used for analyzing the safety of the target information; the information security evaluation module is used for evaluating the security of the target information according to the analysis information and the evaluation standard model; the evaluation report generation module generates an evaluation report based on the information evaluation result; and the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report.
In an optional embodiment, the network security analysis subsystem further comprises a data transfer module, a data backup module and a data restoration module; the data transfer module is used for transferring data when the network security is threatened so as to prevent the data from being stolen or causing the data to be lost; the data backup module is used for storing the shifted data so as to realize safe backup of the data and prevent the data from being lost; and the data restoring module is used for restoring the data backed up by the data backup module to the original storage position when the network threat disappears.
In an optional embodiment, the risk analysis module comprises a risk factor identification sub-module, a risk degree analysis sub-module and a risk level evaluation sub-module; the risk factor identification submodule is used for identifying risk factors in the description information, the analysis information and the safety requirement information according to the acquired description information, the analysis information and the safety requirement information, wherein the risk factors comprise the facing threat information and the vulnerability information; the risk degree analysis submodule is used for acquiring security measure analysis information, threat source analysis information, threat behavior analysis information, vulnerability analysis information, asset value analysis information and influence degree analysis information and synthesizing various analysis information to obtain a risk degree analysis result; and the risk grade evaluation submodule is used for generating a risk evaluation grade list according to the analysis result of the risk degree and carrying out comprehensive evaluation according to a risk grade threshold value.
In an optional embodiment, the identity recognition module comprises an identity information acquisition submodule, a microprocessor, an identity information storage submodule and an identity information comparison submodule, and the microprocessor is in communication connection with the identity information acquisition submodule, the identity information storage submodule and the identity information comparison submodule; the identity information acquisition submodule is used for acquiring identity information of an operator and sending the identity information to the identity information comparison submodule; the identity information storage submodule is used for storing the identity information of the personnel with operation qualification in advance; and the identity information comparison submodule is used for acquiring the information sent by the identity information acquisition submodule and the identity information storage submodule, comparing the information and the information, and finally outputting a comparison result to the microprocessor.
In an alternative embodiment, the risk management module comprises a risk calculation unit, the risk calculation unit comprises an assignment submodule and a risk value calculation submodule; the assignment submodule assigns the information assets, threats faced by the information system and the risk resistance of the information system by adopting a five-component system, and the risk value calculation unit is used for calculating the information security risk value according to the assignment.
As shown in fig. 5, the present invention provides a method for using the information security evaluation system, which comprises the following steps:
s1, an evaluation standard generation module generates an evaluation standard model which is used as a reference and a basis for information evaluation;
s2, the network security analysis subsystem analyzes the network security condition and judges whether the current network is in a security state so as to ensure the security of the current network; when the network is in a safe state, subsequent information safety evaluation operation is carried out, and when the safety of the network is not ensured or a network abnormal state exists, the subsequent information safety evaluation operation is carried out when the network abnormal state is solved to enable the network to be in the safe state;
s3, under the condition that the network is safe, the information acquisition module acquires information, the information storage module stores the information, and the target determination module determines target information to be analyzed and evaluated from the acquired information;
s4, the risk analysis module analyzes the safety of the target information, and the information safety evaluation module evaluates the safety of the target information according to the analysis information and the evaluation standard model;
and S5, the evaluation report generating module generates an evaluation report based on the information evaluation result, and the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report.
In the invention, a network security analysis subsystem analyzes the network security condition and judges whether the current network is in a security state, when the network is in the security state, subsequent information security evaluation operation is carried out, and when the security of the network is not ensured or a network abnormal condition exists, when the network abnormal condition is solved to ensure that the network is in the security state, subsequent information security evaluation operation is carried out to ensure the security of the current network in the information security evaluation process; when the system is used, the evaluation standard generation module generates an evaluation standard model which is used as a reference and a basis for information evaluation, the information acquisition module acquires information under the condition that the network is safe, the information storage module stores the information, and the target determination module determines target information to be analyzed and evaluated from the acquired information; the risk analysis module analyzes the safety of the target information, and the information safety evaluation module evaluates the safety of the target information according to the analysis information and the evaluation standard model; the risk management module manages risk information based on the evaluation result and makes corresponding risk control measures according to the safety requirement information and the risk evaluation report;
the invention not only can effectively and evaluate the information security, ensure the information security, but also can detect, analyze and repair the virus loophole of the current network condition so as to ensure the network security in the information analysis and evaluation process, further ensure the security performance of the information security evaluation system and have excellent use effect.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (9)
1. An information security evaluation system is characterized by comprising a network security analysis subsystem and an information security evaluation subsystem;
the network security analysis subsystem comprises a network security processor, a network anomaly analysis module, an identity identification module, a virus scanning module, a network patrol module, a key generation module, a key decryption module and a verification module;
the network security processor is in communication connection with the network anomaly analysis module, the identity identification module, the virus scanning module, the network patrol module, the key generation module and the key decryption module and is used for processing all information;
the network anomaly analysis module is used for identifying and analyzing network anomaly conditions and generating a network anomaly processing method;
the identity recognition module is used for verifying identity information of an operator, if the identity verification is passed, the operator is allowed to perform related operations, and if the identity verification is not passed, the operator is not allowed to perform operations;
the virus scanning module is used for scanning and analyzing the network virus;
the network patrol module is used for patrolling the network condition so as to ensure the safe operation of the network;
the key generation module is used for generating a network key, and the key decryption module is used for decrypting the network key;
the verification module is used for comparing whether the decryption key is consistent with the encryption key or not, if the comparison result is consistent, the system operation is allowed to be carried out by the operator, and if the comparison result is inconsistent, the system operation is not allowed to be carried out by the operator;
the network security analysis subsystem is in communication connection with the information security evaluation subsystem, and the information security evaluation subsystem comprises an evaluation standard generation module, an information acquisition module, an information storage module, a target determination module, a risk analysis module, an information security evaluation module, an evaluation report generation module and a risk management module;
the evaluation standard generation module is used for generating an evaluation standard model to be used as a reference and a basis for subsequent information evaluation;
the information acquisition module is used for acquiring information and sending the information to the information storage module and the target determination module, and the information storage module is used for storing the information;
the target determination module is used for determining target information to be analyzed and evaluated from the acquired information;
the risk analysis module is used for analyzing the safety of the target information;
the information security evaluation module is used for evaluating the security of the target information according to the analysis information and the evaluation standard model;
the evaluation report generation module generates an evaluation report based on the information evaluation result;
the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report;
the use method of the information security evaluation system comprises the following steps:
s1, an evaluation standard generation module generates an evaluation standard model which is used as a reference and a basis for information evaluation;
s2, the network security analysis subsystem analyzes the network security condition and judges whether the current network is in a security state so as to ensure the security of the current network;
s3, under the condition that the network is safe, the information acquisition module acquires information, the information storage module stores the information, and the target determination module determines target information to be analyzed and evaluated from the acquired information;
s4, the risk analysis module analyzes the safety of the target information, and the information safety evaluation module evaluates the safety of the target information according to the analysis information and the evaluation standard model;
and S5, the evaluation report generating module generates an evaluation report based on the information evaluation result, and the risk management module manages the risk information based on the evaluation result and takes corresponding risk control measures according to the safety requirement information and the risk evaluation report.
2. The information security evaluation system of claim 1, wherein the network security analysis subsystem further comprises a data transfer module, a data backup module, and a data recovery module.
3. The information security evaluation system of claim 2, wherein the data transfer module is configured to transfer data when network security is compromised, so as to prevent data theft or data loss; the data backup module is used for storing the shifted data so as to realize the safe backup of the data and prevent the data from being lost; and the data restoring module is used for restoring the data backed up by the data backup module to the original storage position when the network threat disappears.
4. The information security evaluation system of claim 1, wherein the risk analysis module comprises a risk factor identification sub-module, a risk degree analysis sub-module and a risk level evaluation sub-module.
5. The information security evaluation system according to claim 4, wherein the risk factor identification submodule is configured to identify risk factors including the threat information faced and the vulnerability information existing in itself according to the acquired description information, the analysis information and the security requirement information; the risk degree analysis submodule is used for acquiring security measure analysis information, threat source analysis information, threat behavior analysis information, vulnerability analysis information, asset value analysis information and influence degree analysis information and synthesizing various analysis information to obtain a risk degree analysis result; and the risk grade evaluation submodule is used for generating a risk evaluation grade list according to the analysis result of the risk degree and carrying out comprehensive evaluation according to a risk grade threshold value.
6. The information security evaluation system of claim 1, wherein the identity recognition module comprises an identity information acquisition sub-module, a microprocessor, an identity information storage sub-module, and an identity information comparison sub-module, and the microprocessor is communicatively connected to the identity information acquisition sub-module, the identity information storage sub-module, and the identity information comparison sub-module.
7. The information security evaluation system according to claim 6, wherein the identity information acquisition sub-module is configured to acquire identity information of an operator and send the identity information to the identity information comparison sub-module; the identity information storage submodule is used for storing the identity information of the personnel with operation qualification in advance; and the identity information comparison submodule is used for acquiring the information sent by the identity information acquisition submodule and the identity information storage submodule, comparing the information and the information, and finally outputting a comparison result to the microprocessor.
8. The information security evaluation system according to claim 1, wherein the risk management module comprises a risk calculation unit, and the risk calculation unit comprises an assignment submodule and a risk value calculation submodule; the assignment submodule assigns the information assets, threats faced by the information system and the risk resistance of the information system by adopting a five-component system, and the risk value calculation unit is used for calculating the information security risk value according to the assignment.
9. The information security evaluation system according to claim 1, wherein in S2, when the network is in a security condition, a subsequent information security evaluation operation is performed, and when the security of the network is not guaranteed or a network abnormal condition exists, when the network abnormal condition is resolved so as to make the network in the security condition, the subsequent information security evaluation operation is performed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011632146.XA CN112804212B (en) | 2020-12-31 | 2020-12-31 | Information security assessment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011632146.XA CN112804212B (en) | 2020-12-31 | 2020-12-31 | Information security assessment system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112804212A CN112804212A (en) | 2021-05-14 |
| CN112804212B true CN112804212B (en) | 2023-02-28 |
Family
ID=75808357
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011632146.XA Active CN112804212B (en) | 2020-12-31 | 2020-12-31 | Information security assessment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112804212B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113688381B (en) * | 2021-08-25 | 2023-08-04 | 广州锐竞信息科技有限责任公司 | Information security risk management system based on big data |
| CN114024995A (en) * | 2021-11-24 | 2022-02-08 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Internet of things terminal firmware safety analysis system |
| CN115189947B (en) * | 2022-07-11 | 2023-11-28 | 万申科技股份有限公司 | Communication safety monitoring system based on big data |
| CN115328975B (en) * | 2022-10-18 | 2023-04-18 | 北京珞安科技有限责任公司 | Inspection data uploading system and method based on industrial daily inspection |
| CN115964582B (en) * | 2022-11-03 | 2023-09-19 | 太平洋电信股份有限公司 | Network security risk assessment method and system |
| CN116886582B (en) * | 2023-08-21 | 2024-01-30 | 扬州大自然网络信息有限公司 | Network security assessment recording method and system based on BP neural network |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| CN107862452A (en) * | 2017-11-01 | 2018-03-30 | 韦彩霞 | One kind monitors accurate network equipment monitoring system |
| CN208128283U (en) * | 2018-04-15 | 2018-11-20 | 广安职业技术学院 | Information security of computer network monitor system |
| CN111507597A (en) * | 2020-04-10 | 2020-08-07 | 南京源堡科技研究院有限公司 | Network information security risk assessment model and method |
| CN111600897A (en) * | 2020-05-21 | 2020-08-28 | 杭州安恒信息技术股份有限公司 | Network security event grade evaluation method, equipment and related equipment |
| CN111865981A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Network security vulnerability assessment system and method |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101459537A (en) * | 2008-12-20 | 2009-06-17 | 中国科学技术大学 | Network security situation sensing system and method based on multi-layer multi-angle analysis |
| CN102148820A (en) * | 2011-01-14 | 2011-08-10 | 中国科学技术大学 | System and method for estimating network security situation based on index logarithm analysis |
| EP3545418A4 (en) * | 2016-11-22 | 2020-08-12 | AON Global Operations PLC, Singapore Branch | Systems and methods for cybersecurity risk assessment |
| CN106790198A (en) * | 2016-12-30 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method for evaluating information system risk and system |
| CN110298196A (en) * | 2019-07-06 | 2019-10-01 | 温州中壹技术研究院有限公司 | A kind of electronic information security storage system and storage method |
| CN111787011B (en) * | 2020-07-01 | 2022-03-29 | 公安部第三研究所 | Intelligent analysis and early warning system, method and storage medium for security threat of information system |
-
2020
- 2020-12-31 CN CN202011632146.XA patent/CN112804212B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101436967A (en) * | 2008-12-23 | 2009-05-20 | 北京邮电大学 | Method and system for evaluating network safety situation |
| CN107862452A (en) * | 2017-11-01 | 2018-03-30 | 韦彩霞 | One kind monitors accurate network equipment monitoring system |
| CN208128283U (en) * | 2018-04-15 | 2018-11-20 | 广安职业技术学院 | Information security of computer network monitor system |
| CN111507597A (en) * | 2020-04-10 | 2020-08-07 | 南京源堡科技研究院有限公司 | Network information security risk assessment model and method |
| CN111600897A (en) * | 2020-05-21 | 2020-08-28 | 杭州安恒信息技术股份有限公司 | Network security event grade evaluation method, equipment and related equipment |
| CN111865981A (en) * | 2020-07-20 | 2020-10-30 | 交通运输信息安全中心有限公司 | Network security vulnerability assessment system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112804212A (en) | 2021-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112804212B (en) | Information security assessment system | |
| CN109525558B (en) | Data leakage detection method, system, device and storage medium | |
| CN108268354B (en) | Data security monitoring method, background server, terminal and system | |
| US11153331B2 (en) | Detection of an ongoing data breach based on relationships among multiple network elements | |
| CN113852633A (en) | Method for generating implementation case for information security assessment | |
| CN113660224A (en) | Situation awareness defense method, device and system based on network vulnerability scanning | |
| CN113761519B (en) | Method and device for detecting Web application program and storage medium | |
| CN112597462A (en) | Industrial network safety system | |
| US9774627B2 (en) | Detecting memory-scraping malware | |
| CN110502875A (en) | A kind of security of computer software guard system | |
| Thangavelu et al. | Comprehensive Information Security Awareness (CISA) in Security Incident Management (SIM): A Conceptualization. | |
| CN116248406B (en) | Information security storage method and information security device thereof | |
| CN110086812B (en) | Safe and controllable internal network safety patrol system and method | |
| KR101081875B1 (en) | Prealarm system and method for danger of information system | |
| US11895155B2 (en) | Resilient self-detection of malicious exfiltration of sensitive data | |
| CN116094817A (en) | Network security detection system and method | |
| KR101551537B1 (en) | Information spill prevention apparatus | |
| CN113141274A (en) | Method, system and storage medium for detecting sensitive data leakage in real time based on network hologram | |
| US11108800B1 (en) | Penetration test monitoring server and system | |
| Lestari et al. | Factors Affecting Security Information Systems: Information Security, Threats and Cyber Attack, Physical Security, and Information Technology | |
| Pamnani et al. | Incident Handling in SCADA & OT Environments | |
| JP2005228177A (en) | Security management system, security management method, and program | |
| CN109361652B (en) | Car insurance claim settlement safety protection system | |
| Popescu | The influence of vulnerabilities on the information systems and methods of prevention | |
| Frangie et al. | Smart railways... or not so smart: A cyber security perspective |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |