CN114357458A - Database risk assessment system and method, electronic equipment and storage medium - Google Patents
Database risk assessment system and method, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN114357458A CN114357458A CN202111596063.4A CN202111596063A CN114357458A CN 114357458 A CN114357458 A CN 114357458A CN 202111596063 A CN202111596063 A CN 202111596063A CN 114357458 A CN114357458 A CN 114357458A
- Authority
- CN
- China
- Prior art keywords
- database
- data
- risk
- vulnerability
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application provides a database risk assessment system, a method, an electronic device and a storage medium, wherein the database risk assessment system comprises: the information acquisition subsystem is used for acquiring basic information in the database; the analysis report subsystem is used for analyzing and reporting the risk of the database by using the basic information acquired by the information acquisition subsystem; wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not. The application provides a high-efficient complete database risk assessment system, promotes the automatic collection performance and the data analysis and processing's of database risk information effect for solve the technical problem that current database risk assessment lacks complete efficient system and degree of automation is lower.
Description
Technical Field
The present application relates to the field of data security, and in particular, to a database risk assessment system, method, electronic device, and computer-readable storage medium.
Background
In the information age, people are involved in generating, storing and accessing a large amount of data in daily work and life, so that data security is important. Data security risk assessment is an assessment of the threat, existing weakness, impact of data assets in storage and use, and the possibility of risk brought by the combined action of the three. In the current market, different aspects of database risks are usually manually and individually detected for the evaluation of the security risks of the database, the quality of the evaluation of the database risks is difficult to guarantee, a large amount of manpower is consumed, and the overall detection and evaluation efficiency is low.
Disclosure of Invention
An object of the embodiments of the present application is to provide a database risk assessment system, so as to solve the technical problems that the existing database risk assessment lacks a complete and efficient system and has a low automation degree.
In order to achieve the above purpose, the technical solutions provided in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a database risk assessment system.
An embodiment of a first aspect of the present application provides a database risk assessment system, including: the information acquisition subsystem is used for acquiring the basic information in the database; the analysis report subsystem is used for analyzing and reporting the risk of the database by using the basic information acquired by the information acquisition subsystem; wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
In this embodiment, the database risk management system is composed of two parts, one part is an information collection subsystem, and the other part is an analysis reporting subsystem. The information acquisition subsystem is used for acquiring basic information of the database, and comprises the steps of acquiring vulnerability risks of the database, static configuration and dynamic connection conditions of the database, classification results of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not, and whether the data of the database is encrypted or not. And after the basic information is acquired by the information acquisition subsystem, the analysis report subsystem performs certain summarization and processing on the basic information to finally generate a corresponding database risk report. According to the technical scheme, a high-efficiency complete database risk assessment system can be constructed, and the automatic collection performance of database risk information and the effect of data analysis and processing are improved.
Further, the information acquisition subsystem comprises: the vulnerability assessment module is used for searching and storing the vulnerability risk of the database; the data right analysis module is used for analyzing the static configuration and the dynamic connection condition of the database; the sensitive data identification module is used for classifying and grading the data of the database according to the sensitivity and the importance; the desensitization verification module is used for verifying whether the data stored in the database is desensitized; and the encryption verification module is used for verifying whether the data of the database is encrypted and stored.
In this embodiment, the information search subsystem is composed of a vulnerability assessment module, a data ownership analysis module, a sensitive data identification module, a desensitization verification module, and an encryption verification module. The vulnerability assessment module assesses the vulnerability in the database, firstly searches the vulnerability risk in the database, and then stores the searched vulnerability risk. The ownership analysis module analyzes the basic state information of the database, and the basic state information is divided into static configuration information and dynamic connection information. The sensitive data identification module is used for classifying and grading data, firstly classifying the data of the database and then grading the data, wherein the data grading is based on the sensitivity and the importance of the data, and the grading of the data is completed according to the sensitivity and the importance of the database data. The desensitization verification module is used for verifying whether the data of the database is desensitized and storing. The encryption verification module verifies whether the data of the database is encrypted and then stores the data. According to the technical scheme, the database and the basic information of the database can be perfectly collected, and the basic information can be collected from multiple dimensions such as database bugs, database account information and database security measure use.
Further, when the vulnerability assessment module searches and stores the vulnerability of the database, the vulnerability assessment module is specifically configured to: collecting and storing relevant vulnerabilities of the disclosed database; judging whether the database has the vulnerability or not, and generating a vulnerability detection report based on the judgment result; if the database is judged to be in the bug, searching whether a solution countermeasure exists in the bug, and if so, adding the information of the countermeasure into the bug detection report.
In this embodiment, the vulnerability assessment module searches for and stores vulnerabilities in a database, where relevant vulnerabilities in the database of the mobile phone are published relevant database vulnerabilities, the vulnerability assessment module searches for vulnerabilities in the database first, determines whether the published vulnerabilities exist in the database, records the vulnerabilities, further determines whether solution countermeasures exist for the relevant vulnerabilities, generates a vulnerability detection report including existing vulnerability records and solution countermeasures records if the solution countermeasures exist, and generates a vulnerability detection report only including vulnerability records if no solution countermeasures exist. According to the technical scheme, the vulnerability information existing in the database can be accurately searched and reported, and the database risk assessment system is more comprehensive and convenient in risk management and control by providing a solution report for part of vulnerabilities.
Further, when analyzing the static configuration and the dynamic connection condition of the database, the data right analysis module is specifically configured to: analyzing the static characteristics of the data account of the database; and monitoring the access behavior of the account of the database.
In this embodiment, the data right analysis module analyzes static configuration and dynamic connection state of the database, where the static configuration refers to static characteristics of the database account, and the dynamic connection state refers to access behavior of the database account. According to the technical scheme, the account behaviors of the database can be accurately monitored and analyzed, so that the abnormal behaviors of the account of the database can be timely found and added into risk assessment of the database.
Further, the analysis reporting subsystem includes: the vulnerability analysis module is used for carrying out comprehensive vulnerability assessment on the database and calculating the risk probability of the database; the data value evaluation module is used for carrying out weighted assignment according to the classification result of the database and the result of grading the data of the database according to the sensitivity and the importance; and the risk analysis module is used for performing combined calculation according to the database risk probability value analyzed by the vulnerability analysis module and the data value evaluated by the data value evaluation module, and performing score evaluation on the overall risk of the database according to the result of the combined calculation.
In this embodiment, the analysis reporting subsystem includes a vulnerability analysis module, a data value assessment module, and a risk analysis module. The vulnerability analysis module is used for comprehensively evaluating the vulnerability of the database and calculating the risk probability of the evaluated database. The data value evaluation module is used for carrying out weighted assignment on the data, and since the data in the database is classified and the data is graded according to the sensitivity and the importance in the information acquisition subsystem, the data value evaluation module carries out weighted assignment on the data by using the classification and grading results. The risk analysis module performs score evaluation on the overall risk of the database, and the overall risk is judged by two dimensions of the value of the data and the attacked risk of the data, so that the overall risk evaluation of the database needs to comprehensively calculate the database risk probability value calculated by the vulnerability analysis module and the data value calculated by the data value evaluation module to obtain the overall risk value evaluation result of the database. According to the technical scheme, the risk factors related to the acquired basic information of the database can be comprehensively evaluated in multiple aspects, and the overall risk of the database can be quantitatively evaluated.
Further, the analysis reporting subsystem further comprises: the assessment report generating module is used for summarizing the acquired basic information and the result of the risk analysis module in performing score assessment on the total risk of the database and generating an assessment report; and a risk management and treatment module for generating risk treatment recommendations and measures.
In this embodiment, the analysis report subsystem further includes an evaluation report generation module and a risk management and treatment module, and the evaluation report generation module generates an evaluation report by summarizing the total risk of the database generated by the risk analysis module and the basic information collected by the information collection subsystem. The risk management and treatment module is used to generate risk treatment recommendations and measures. According to the technical scheme, the intuitive report and the corresponding countermeasures can be generated after the risk of the database is quantitatively evaluated, so that a user can quickly improve the database, and the safety performance of the database is improved.
Further, the vulnerability analysis module performs comprehensive vulnerability assessment on the database, and when calculating the risk probability, the vulnerability analysis module is specifically configured to: and comprehensively evaluating the vulnerability of the database according to the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, whether the data of the database is desensitized and whether the data of the database is encrypted and stored.
In this embodiment, the vulnerability analysis module performs comprehensive vulnerability assessment on the database, and the basis of the vulnerability assessment includes not only the vulnerability risk of the database searched and stored by the vulnerability assessment module, but also the analysis of the static configuration and dynamic connection condition of the database by the data right analysis module, the desensitization state of the data of the database, and the encrypted and stored condition of the data of the database. The vulnerability assessment is comprehensive, and is a comprehensive assessment made by combining the above. The technical scheme can realize comprehensive judgment of the vulnerability of the database in various aspects.
In a second aspect, an embodiment of the present application provides a database risk assessment system, where the database risk assessment system includes: collecting basic information in the database; and analyzing and reporting the risk of the database by using the acquired basic information; wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
In this embodiment, the database risk management method includes two steps, where the first step is to collect basic information in the database, and the second step is to analyze and report the risk of the database by using the collected basic information. In the first step, the basic information of the database is collected, including collecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized, and whether the data of the database is encrypted and stored. In the second step, because the basic information is acquired in the first step, the basic information is summarized and processed to a certain extent in the step, and finally a corresponding database risk report is generated. According to the technical scheme, an efficient and complete database risk assessment method can be constructed, and the automatic collection performance of database risk information and the effect of data analysis and processing are improved.
Further, the step of collecting the basic information in the database comprises: weak point evaluation, namely searching and storing the database vulnerability risk; data ownership analysis, which is used for analyzing the static configuration and dynamic connection condition of the database; identifying sensitive data, namely classifying and grading the data of the database according to the sensitivity and the importance; desensitization verification, namely verifying whether the data stored in the database is desensitized; and encryption verification, namely verifying whether the data of the database is stored in an encrypted way.
In this embodiment, the step of collecting the basic information in the database includes vulnerability assessment, data ownership analysis, sensitive data identification, desensitization verification, and encryption verification. And the vulnerability assessment is to assess the vulnerability in the database, firstly, finding the vulnerability risk in the database, and then storing the found vulnerability risk. The right analysis is to analyze the basic state information of the database, and the basic state information is divided into static configuration information and dynamic connection information. The sensitive data identification is used for classifying and grading the data, the sensitive data identification firstly classifies the data of the database and then grades the data, the data grading is based on the sensitivity and the importance of the data, the sensitive data identification firstly classifies the data of the database and then grades the data, and the data grading is based on the sensitivity and the importance of the data of the database. Desensitization verification verifies whether the data of the database is subjected to desensitization treatment and is stored. The encryption verification is to verify whether the data of the database is encrypted and then stored. According to the technical scheme, the database and the basic information of the database can be perfectly collected, and the basic information can be collected from multiple dimensions such as database bugs, database account information and database security measure use.
Further, the vulnerability assessment step is used for searching and storing the vulnerability of the database, and includes: collecting and storing relevant vulnerabilities of the disclosed database; judging whether the database has the vulnerability or not, and generating a vulnerability detection report based on the judgment result; if the database is judged to be in the bug, searching whether a solution countermeasure exists in the bug, and if so, adding the information of the countermeasure into the bug detection report.
In this embodiment, in the vulnerability assessment step, vulnerabilities in a database are searched and stored, where relevant vulnerabilities in the database of the mobile phone are published relevant database vulnerabilities, vulnerability assessment first searches vulnerabilities in the database, determines whether the published vulnerabilities exist in the database, records the vulnerabilities, and further determines whether solution countermeasures exist for the relevant vulnerabilities, if solution countermeasures exist, a vulnerability detection report including existing vulnerability records and solution countermeasures records is generated, and if no solution countermeasures exist, a vulnerability detection report including only vulnerability records is generated. According to the technical scheme, the vulnerability information existing in the database can be accurately searched and reported, and the database risk assessment system is more comprehensive and convenient in risk management and control by providing a solution report for part of vulnerabilities.
Further, the data right analyzing step is used for analyzing the static configuration and dynamic connection condition of the database, and includes: analyzing the static characteristics of the data account of the database; and monitoring the access behavior of the account of the database.
In this embodiment, the data right analysis analyzes static configuration and dynamic connection state of the database, where the static configuration refers to static characteristics of the database account, and the dynamic connection state refers to access behavior of the database account. According to the technical scheme, the account behaviors of the database can be accurately monitored and analyzed, so that the abnormal behaviors of the account of the database can be timely found and added into risk assessment of the database.
Further, the step of analyzing and reporting the risk of the database by using the collected basic information comprises: the vulnerability analysis is used for carrying out comprehensive vulnerability assessment on the database and calculating the risk probability of the database; the data value evaluation is used for carrying out weighted assignment according to the classification result of the database and the result of grading the data of the database according to the sensitivity and the importance; and risk analysis, which is used for performing combined calculation according to the database risk probability value analyzed in the vulnerability analysis step and the data value evaluated in the data value evaluation step, and performing score evaluation on the overall risk of the database according to the combined calculation result.
In this embodiment, the step of analyzing and reporting the risk of the database by using the collected basic information includes vulnerability analysis, data value evaluation and risk analysis. The vulnerability analysis is used for comprehensively evaluating the vulnerability of the database and calculating the risk probability of the evaluated database. The data value evaluation has the function of carrying out weighted assignment on the data, and since the data in the database are classified in the information acquisition step and are graded according to the sensitivity and the importance, the data value evaluation can carry out weighted assignment on the data by utilizing the classification and grading results. The risk analysis is to perform score evaluation on the overall risk of the database, and the overall risk is judged by two dimensions of the value of the data and the attacked risk of the data, so the overall risk evaluation of the database needs to comprehensively calculate the risk probability value of the database calculated by the vulnerability analysis step and the data value calculated by the data value evaluation step to obtain the overall risk value evaluation result of the database. According to the technical scheme, the risk factors related to the acquired basic information of the database can be comprehensively evaluated in multiple aspects, and the overall risk of the database can be quantitatively evaluated.
Further, the step of analyzing and reporting the risk of the database by using the collected basic information further comprises: generating an evaluation report, and summarizing the acquired basic information and the result of the risk analysis module in performing score evaluation on the total risk of the database to generate the evaluation report; risk management and treatment, generating risk treatment suggestions and measures.
In this embodiment, the analyzing and reporting step further includes an evaluation report generation step of generating an evaluation report by summarizing the total risk of the database generated by the risk analyzing step and the basic information collected in the information collecting step, and risk management and disposal. Risk handling recommendations and measures are generated in the risk management and handling steps. According to the technical scheme, the intuitive report and the corresponding countermeasures can be generated after the risk of the database is quantitatively evaluated, so that a user can quickly improve the database, and the safety performance of the database is improved.
Further, the vulnerability analysis is used for performing comprehensive vulnerability assessment on the database and calculating the risk probability thereof, and includes: and comprehensively evaluating the vulnerability of the database according to the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, whether the data of the database is desensitized and whether the data of the database is encrypted and stored.
In this embodiment, the vulnerability analysis performs comprehensive vulnerability assessment on the database, and the basis of the vulnerability assessment includes not only the risk of vulnerability of the database searched and stored by the vulnerability assessment, but also the analysis of the static configuration and dynamic connection condition of the database by the data right analysis, the desensitization state of the data of the database, and the encrypted storage condition of the data of the database. The vulnerability assessment is comprehensive, and is a comprehensive assessment made by combining the above. The technical scheme can realize comprehensive judgment of the vulnerability of the database in various aspects.
In a third aspect, an embodiment of the present application provides an electronic device, including: a processor, a memory, and a bus; the processor and the memory are communicated with each other through the bus; the memory stores program instructions executable by the processor, the processor being capable of performing the method as in the second aspect when invoked by the processor.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium storing computer instructions that cause the computer to perform the method of the second aspect.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is an overall schematic diagram of a database risk assessment system according to an embodiment of the present application;
fig. 2 is a schematic diagram of an information acquisition subsystem of a database risk assessment system according to an embodiment of the present disclosure;
FIG. 3 is a schematic diagram of an analysis reporting subsystem of a database risk assessment system according to an embodiment of the present application;
fig. 4 is a schematic diagram illustrating a relationship between a subsystem and each module of the database risk assessment system according to the embodiment of the present disclosure;
FIG. 5 is a database risk assessment implementation provided in a preferred embodiment of the present application;
FIG. 6 is a schematic diagram of an overall database risk assessment method according to an embodiment of the present disclosure; and
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
Fig. 1 is an overall schematic view of a database risk assessment system according to an embodiment of the present application. Fig. 1 is a system diagram of a database risk assessment system according to the present invention. In fig. 1, a database risk assessment system 100 includes: an information collection subsystem 101 and an analysis reporting subsystem 102. The information acquisition subsystem 101 is used for acquiring basic information in the database, and the analysis report subsystem 102 is used for analyzing and reporting risks of the database by using the basic information acquired by the information acquisition subsystem. Wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
Fig. 2 is a schematic view of an information acquisition subsystem of a database risk assessment system according to an embodiment of the present disclosure. Fig. 2 shows the components of the information collection subsystem of the present application, and the information collection subsystem 101 includes a vulnerability assessment module 1011, a data ownership analysis module 1013, a sensitive data identification module 1015, a desensitization verification module 1017, and an encryption verification module 1019. The vulnerability assessment module 1011 is configured to search and store the database vulnerability risk, where the vulnerability assessment module 1011 searches for a corresponding vulnerability in the database first, and stores the vulnerability in a record if the vulnerability is found. The data attribute analysis module 1013 is configured to analyze static configuration and dynamic connection conditions of the database. The sensitive data identification module 1015 is configured to classify data in a database, and classify the data in the database according to sensitivity and importance, on one hand, the sensitive data identification module classifies the data correspondingly and classifies the data according to different dimensions or attributes of the data, on the other hand, the sensitive data identification module 1015 is provided with a data identification engine, a data feature library and a corresponding data feature classification rule, the data identification engine automatically identifies information such as tables, fields, and storage capacities in the database, and then performs feature comparison on the data and the information in the data feature library, and classifies the compared result correspondingly. The desensitization verification module 1017 is configured to verify whether the data stored in the database is desensitized, where desensitization refers to data desensitization, and is to perform data deformation on some sensitive information according to a desensitization rule, so as to implement reliable protection of sensitive data, and a desensitization target is mainly a string of data, such as an identity card number, a mobile phone number, a bank card number, and the like. The desensitization verification module 1017 is internally provided with a plurality of different desensitization algorithms, in the desensitization verification process, the source database is compared with the desensitization database, whether desensitization is performed or not and the algorithm adopted by desensitization are analyzed by using a result obtained after desensitization comparison, and the implementation effect and reliability of the adopted desensitization algorithm are analyzed. The encryption verification module 1019 is configured to verify whether the data in the database is encrypted for storage, and the encryption verification module 1019 compares the source database with the encrypted database, determines whether the database data is encrypted, and analyzes the stability of the used encryption algorithm and the stability of the corresponding algorithm.
Further, the vulnerability assessment module 1011 is specifically configured to, when searching and storing the vulnerability of the database: collecting and storing relevant vulnerabilities of the disclosed database; judging whether the database has the vulnerability or not, and generating a vulnerability detection report based on the judgment result; if the database is judged to be in the bug, searching whether a solution countermeasure exists in the bug, and if so, adding the information of the countermeasure into the bug detection report. The vulnerability assessment module 1011 is directed to a vulnerability of a database, where the vulnerability refers to a published vulnerability, that is, a vulnerability which is known by public in the industry and has formed a corresponding record, the vulnerability assessment module 1011 collects information such as database vulnerabilities provided by various security institutions and database manufacturers, and then stores the information in a corresponding vulnerability library, and the vulnerability assessment module 1011 has a vulnerability verification engine, in operation, the vulnerability verification engine of the vulnerability assessment module 1011 verifies the vulnerabilities in the vulnerability library in the corresponding database, determines whether a vulnerability exists in the corresponding database, if a vulnerability exists, records the corresponding vulnerability, and in addition, stores corresponding vulnerability security patch information in the vulnerability library, when it is determined that a certain vulnerability exists in the database, it is further determined whether an existing solution strategy exists in the corresponding vulnerability, if so, the corresponding vulnerability and the solution strategy are stored together, and generating a vulnerability detection report.
Further, the data right analysis module 1013 is specifically configured to, when analyzing the static configuration and the dynamic connection condition of the database: analyzing the static characteristics of the data account of the database; and monitoring the access behavior of the account of the database. Static characteristics refer to some inherent characteristics of a database account, such as the number of database accounts, the authority level of an account, and the weak password configuration of an account. The dynamic connection condition refers to the access behavior of the database account, and the analysis of the dynamic connection condition of the database includes the real-time monitoring of the connection information of the database account, the analysis of the access behavior of the account, and the recording of the access behaviors of the database account, such as abnormal address access, abnormal time period access, connection error attempt times and the like.
Further, the analysis reporting subsystem 102 includes: a vulnerability analysis module 1021, configured to perform comprehensive vulnerability assessment on the database and calculate risk probability of the database; the data value evaluation module 1023 is used for carrying out weighted assignment according to the classification result of the database and the result of grading the data of the database according to the sensitivity and the importance; and the risk analysis module 1025 is used for performing combined calculation according to the database risk probability value analyzed by the vulnerability analysis module 1021 and the data value evaluated by the data value evaluation module 1023, and performing score evaluation on the overall risk of the database according to the combined calculation result. The vulnerability analysis module 1021 performs vulnerability analysis on the database, mainly performs modeling analysis on the security of the data, evaluates the risk probability that the data in the database is illegally accessed, and the vulnerability analysis module 1021 performs feature screening on the basic information acquired by the information acquisition subsystem by using an existing probability model, performs model training and evaluation, and calculates the risk probability value of the data security. The data value evaluation module 1023 evaluates the value of the data stored in the database, performs weighted assignment on the data of different classifications and classifications according to the classification and classification results of the data in the information acquisition subsystem 101, then performs summation calculation on the weighted assigned data, and evaluates the overall value of the data according to the data magnitude, namely the data size. The risk analysis module 1025 evaluates the overall security of the data in the database, and obtains the overall security level of the data in the database according to the overall value of the data calculated by the data value evaluation module 1023 and the risk probability of the data in the database calculated by the vulnerability analysis module 1021, wherein the overall security level is positively correlated with the value of the data and negatively correlated with the risk probability of the data.
Further, the analysis report subsystem 102 further comprises: an evaluation report generation module 1027, configured to aggregate the collected basic information and the result of the risk analysis module 1025 performing score evaluation on the overall risk of the database, and generate an evaluation report; a risk management and treatment module 1029 for generating risk treatment suggestions and measures according to the evaluation report of the evaluation report generation module 1027. The evaluation report generation module 1027 collects and processes the information collected by each module, and generates and displays a report of the database security evaluation according to the corresponding result. The risk management and handling module 1029 generates risk handling recommendations and measures corresponding to security issues in the evaluation process, and provides a repair solution for security issues with known repair solutions, including the repair solution recorded in the report of the vulnerability evaluation module 1011 of the information acquisition subsystem 101.
Fig. 3 is a schematic diagram of an analysis reporting subsystem of a database risk assessment system according to an embodiment of the present application. Referring to fig. 3, the analysis report subsystem 102 includes five modules, namely a vulnerability analysis module 1021, a data value evaluation module 1023, a risk analysis module 1025, an evaluation report generation module 1027, and a risk management and handling module 1029.
Further, the vulnerability analysis module 1021 performs comprehensive vulnerability assessment on the database, and when calculating the risk probability, is specifically configured to: and comprehensively evaluating the vulnerability of the database according to the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, whether the data of the database is desensitized and whether the data of the database is encrypted and stored. The vulnerability analysis module 1021 needs to collect data in multiple dimensions, so as to evaluate multiple angles, and therefore, the data collected by the vulnerability analysis module 1021 has both the vulnerability collected by the vulnerability evaluation module and the relevant basic information of other modules.
Fig. 4 is a schematic diagram illustrating a relationship between a subsystem and each module of the database risk assessment system according to the embodiment of the present disclosure. Referring to fig. 4, the information collection subsystem 101 includes a vulnerability assessment module 1011, a data ownership analysis module 1013, a sensitive data identification module 1015, a desensitization verification module 1017 and an encryption verification module 1019, the information collection subsystem 101 collects information of these five modules and provides information to the analysis reporting subsystem 102, the vulnerability analysis module 1021 of the analysis reporting subsystem 102 collects the vulnerability reports of the vulnerability assessment module 1011, and also collects the static configuration and dynamic connection conditions of the data ownership analysis module 1013, the information of whether the data in the database of the desensitization verification module 1017 is desensitized, and the information of whether the data in the database of the encryption verification module 1019 is encrypted and stored, and performs comprehensive vulnerability analysis using the above information. The data value evaluation module 1023 collects the data classification and ranking information of the sensitive data identification module 1015 for further processing. The risk analysis module 1025 performs comprehensive calculation on the vulnerability analysis result of the vulnerability analysis module 1021 and the data value evaluation result of the data value evaluation module 1023, and analyzes the risk of the database. The risk management and handling module 1029 generates corresponding countermeasures and recommendations, and the assessment report generation module 1027 generates a database risk assessment report.
Fig. 5 shows the database risk assessment execution steps provided in a preferred embodiment of the present application. Referring to fig. 5, the database risk assessment system according to the present embodiment first performs four major steps of vulnerability analysis, security measure collection, ownership and access behavior collection, wherein the security measure collection is performed by the encryption verification module 1019 and the desensitization verification module 1017. After the four steps are completed, information is collected, vulnerability analysis and data value evaluation are respectively executed, safety risk calculation is completed by collecting results of the vulnerability analysis and the data value evaluation, then an evaluation report is generated, after the evaluation report is generated, whether the database meets the safety requirements or not is judged according to the results of the evaluation report, if not, the database is repaired according to corresponding measure suggestions in the evaluation report, vulnerability analysis is carried out again after the database is repaired, new safety risks are calculated, the evaluation report is generated again, whether the repaired database meets the safety requirements or not is judged according to the new report, and if yes, the data safety evaluation is finished.
Fig. 6 is a schematic diagram of an overall database risk assessment method according to an embodiment of the present application. Referring to fig. 6, step 601 collects basic information in the database. Step 602, using the collected basic information to analyze and report the risk of the database quota. Wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
Further, step 601 includes vulnerability assessment, data ownership analysis, sensitive data identification, desensitization verification, and encryption verification. And searching and storing the vulnerability risk of the database by the vulnerability assessment, wherein the vulnerability assessment firstly searches the corresponding vulnerability in the database, and if the vulnerability is found, the vulnerability is stored in the record. And analyzing the static configuration and the dynamic connection condition of the database by data right analysis. The method comprises the steps of firstly classifying data of a database by sensitive data identification, classifying the data of the database according to sensitivity and importance, firstly classifying the data from different dimensions and attributes by the sensitive data identification, then automatically identifying information such as tables, fields, storage capacity and the like in the database by a data identification engine, a data feature library and corresponding data feature classification rules, then carrying out feature comparison on the data and the information of the data feature library, and correspondingly classifying the compared result. Desensitization verification step verifies whether the data stored in the database is desensitized, wherein desensitization refers to data desensitization, data deformation is carried out on certain sensitive information through desensitization rules, and reliable protection of sensitive data is realized. Desensitization verification utilizes various desensitization algorithms, a source database is compared with a desensitization database in the desensitization verification process, whether desensitization is performed or not and the desensitization algorithm are analyzed by utilizing the result after desensitization comparison, and the implementation effect and reliability of the desensitization algorithm are analyzed. And the encryption verification step verifies whether the data of the database is encrypted and stored, compares the source database with the encrypted database, judges whether the data of the database is encrypted, and analyzes the used encryption algorithm and the stability of the corresponding algorithm.
Further, the vulnerability assessment, which searches and stores the vulnerability of the database, includes: collecting and storing relevant vulnerabilities of the disclosed database; judging whether the database has the vulnerability or not, and generating a vulnerability detection report based on the judgment result; if the database is judged to be in the bug, searching whether a solution countermeasure exists in the bug, and if so, adding the information of the countermeasure into the bug detection report. The vulnerability assessment aims at the vulnerability of the database, wherein the vulnerability refers to the published vulnerability, namely the vulnerability which is known by the public in the industry and forms a corresponding record, the vulnerability assessment collects information such as database vulnerabilities provided by each security institution and database manufacturers, then the information is stored in a corresponding vulnerability library, and utilizes a vulnerability verification engine, in work, the vulnerability verification engine used for the vulnerability assessment verifies the vulnerabilities in the vulnerability library in the corresponding database, judges whether the corresponding database has the vulnerabilities or not, if the vulnerabilities exist, the corresponding vulnerabilities are recorded, in addition, corresponding vulnerability security patch information is also stored in the vulnerability library, when a certain vulnerability in the database is judged to exist, whether the corresponding vulnerability has the existing solution countermeasures or not is further judged, if the corresponding vulnerability and the solution countermeasures are stored together, and generating a vulnerability detection report.
Further, the data ownership analysis is used for analyzing the static configuration and dynamic connection condition of the database, and includes: analyzing the static characteristics of the data account of the database; and monitoring the access behavior of the account of the database. Static characteristics refer to some inherent characteristics of a database account, such as the number of database accounts, the authority level of an account, and the weak password configuration of an account. The dynamic connection condition refers to the access behavior of the database account, and the analysis of the dynamic connection condition of the database includes the real-time monitoring of the connection information of the database account, the analysis of the access behavior of the account, and the recording of the access behaviors of the database account, such as abnormal address access, abnormal time period access, connection error attempt times and the like.
Further, step 602 includes: performing vulnerability analysis, performing comprehensive vulnerability assessment on the database, and calculating the risk probability of the database; evaluating the data value, namely performing weighted assignment on the data classification result of the database and the result graded according to the sensitivity and the importance; and risk analysis, which is used for performing combined calculation according to the database risk probability value analyzed by the vulnerability and the data value of the data value evaluation, and performing score evaluation on the total risk of the database according to the combined calculation result. The vulnerability analysis is used for carrying out vulnerability analysis on the database, mainly carrying out modeling analysis on the security of the data and evaluating the risk probability of illegal access of the data in the database, and the vulnerability analysis utilizes an existing probability model to carry out feature screening on the acquired basic information, and carrying out model training and evaluation to calculate the risk probability value of data security. The data value evaluation is to evaluate the value of the data stored in the database, perform weighted assignment on the data of different classifications by using the results of classifying and grading the data, then perform summation calculation on the data subjected to weighted assignment, and evaluate the overall value of the data according to the data magnitude, namely the amount of the data. And the risk analysis is to judge the overall safety of the data of the database, obtain the overall safety level of the data of the database according to the overall value of the data calculated by the data value evaluation and the risk probability of the data of the database calculated by the vulnerability analysis, wherein the overall safety level is positively correlated with the value of the data and negatively correlated with the risk probability of the data.
Further, step 602 further includes: generating an evaluation report, and summarizing the acquired basic information and the result of the risk analysis for carrying out score evaluation on the total risk of the database and generating the evaluation report; and risk management and treatment, wherein risk treatment suggestions and measures are generated according to the evaluation report of the evaluation report generation step. And correspondingly summarizing and processing the information collected in the steps, and generating and displaying a report of the database security evaluation according to the corresponding result. The risk management and treatment is to generate risk treatment suggestions and measures corresponding to the security problems in the evaluation process, and provide a repair scheme for the security problems with known repair schemes, wherein the repair scheme comprises the repair scheme recorded in the report of the vulnerability evaluation step of the information acquisition step.
Further, the vulnerability analysis is to perform comprehensive vulnerability assessment on the database and calculate the risk probability thereof, and includes: and comprehensively evaluating the vulnerability of the database according to the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, whether the data of the database is desensitized and whether the data of the database is encrypted and stored. The vulnerability analysis needs to collect data in multiple dimensions in multiple aspects so as to evaluate the data from multiple angles, so that the data collected by the vulnerability analysis has both the vulnerability collected by the vulnerability evaluation step and relevant basic information of other steps. The information acquisition step comprises vulnerability assessment, data ownership analysis, sensitive data identification, desensitization verification and encryption verification, the information acquisition can summarize the information of the five steps, information is provided for the analysis reporting step, the vulnerability analysis of the analysis reporting step can collect static configuration and dynamic connection condition of the data ownership analysis, information of whether the data of the database subjected to desensitization verification is desensitized and information of whether the data of the database subjected to encryption verification is encrypted and stored besides collecting vulnerability reports subjected to vulnerability assessment, and comprehensive vulnerability analysis is carried out by utilizing the information. Data value evaluation collects data classification and ranking information identified by the sensitive data for further processing. And the risk analysis is to comprehensively calculate the vulnerability analysis result of the vulnerability analysis and the data value evaluation result of the data value evaluation and analyze the risk of the database. And generating corresponding countermeasures and suggestions by risk management and treatment, and generating a database risk assessment report under the action of all the steps.
Referring to fig. 7, fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present application. An electronic device 700 provided in an embodiment of the present application includes: a processor 701 and a memory 702, the memory 702 storing machine readable instructions executable by the processor 701, the machine readable instructions when executed by the processor 701 performing the method as above.
For example, the processor 701 of the embodiment of the present application may read the computer program from the memory 702 through the communication bus and execute the computer program to implement the following method: a data management method. In some examples, the processor 701 may also update the configuration item, that is, may perform the following steps: receiving input log data, storing the log data to a high-speed access module, and marking storage time when the log data are stored; judging whether the time length between the current time and the storage time of the log data is greater than a preset threshold value or not, and if so, migrating and storing the log data to a common rate access module; and querying existing log data stored, wherein the existing log data comprises log data stored on the high rate access module and the normal rate access module.
The processor 701 may be an integrated circuit chip having signal processing capabilities. The Processor 701 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. Which may implement or perform the various methods, steps, and logic blocks disclosed in the embodiments of the present application. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The Memory 702 may include, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read Only Memory (PROM), Erasable Read Only Memory (EPROM), electrically Erasable Read Only Memory (EEPROM), and the like.
It will be appreciated that the configuration shown in fig. 7 is merely illustrative and that electronic device 700 may include more or fewer components than shown in fig. 7 or have a different configuration than shown in fig. 7. The components shown in fig. 7 may be implemented in hardware, software, or a combination thereof. In this embodiment, the electronic device 700 may be, but is not limited to, an entity device such as a desktop, a laptop, a smart phone, an intelligent wearable device, and a vehicle-mounted device, and may also be a virtual device such as a virtual machine. In addition, the electronic device 700 is not necessarily a single device, but may also be a combination of multiple devices, such as a server cluster, and the like. In the embodiment of the present application, a server in a method for photographing a vehicle may be implemented by using the electronic device 700 shown in fig. 7.
Embodiments of the present application further provide a computer-readable storage medium, which includes a computer program stored on the computer-readable storage medium, where the computer program includes program instructions, and when the program instructions are executed by a computer, the computer is capable of executing the steps of the data management method in the foregoing embodiments, for example, including: receiving input log data, storing the log data to a high-speed access module, and marking storage time when the log data are stored; judging whether the time length between the current time and the storage time of the log data is greater than a preset threshold value or not, and if so, migrating and storing the log data to a common rate access module; and querying existing log data stored, wherein the existing log data comprises log data stored on the high rate access module and the normal rate access module.
In the embodiments provided in the present application, it should be understood that the disclosed systems and methods may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
Furthermore, the functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A database risk assessment system, comprising:
the information acquisition subsystem is used for acquiring the basic information in the database; and
the analysis report subsystem is used for analyzing and reporting the risk of the database by using the basic information acquired by the information acquisition subsystem;
wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
2. The database risk assessment system of claim 1, wherein the information collection subsystem comprises:
the vulnerability assessment module is used for searching and storing the vulnerability risk of the database;
the data right analysis module is used for analyzing the static configuration and the dynamic connection condition of the database;
the sensitive data identification module is used for classifying the data of the database and grading the data according to the sensitivity and the importance;
the desensitization verification module is used for verifying whether the data stored in the database is desensitized; and
and the encryption verification module is used for verifying whether the data of the database is encrypted and stored.
3. The database risk assessment system of claim 2, wherein the vulnerability assessment module, when searching and saving the vulnerability of the database, is specifically configured to:
collecting and storing relevant vulnerabilities of the disclosed database;
judging whether the database has the vulnerability or not, and generating a vulnerability detection report based on the judgment result;
if the database is judged to be in the bug, searching whether a solution countermeasure exists in the bug, and if so, adding the information of the countermeasure into the bug detection report.
4. The database risk assessment system of claim 2, wherein the data ownership analysis module, when analyzing the static configuration and dynamic connection of the database, is specifically configured to:
analyzing the static characteristics of the data account of the database; and
and monitoring the access behavior of the account of the database.
5. The database risk assessment system of claim 1, wherein the analysis reporting subsystem comprises:
the vulnerability analysis module is used for carrying out comprehensive vulnerability assessment on the database and calculating the risk probability of the database;
the data value evaluation module is used for carrying out weighted assignment according to the classification result of the database and the result of grading the data of the database according to the sensitivity and the importance; and
and the risk analysis module is used for performing combined calculation according to the database risk probability value analyzed by the vulnerability analysis module and the data value evaluated by the data value evaluation module, and performing score evaluation on the overall risk of the database according to the calculated result.
6. The database risk assessment system of claim 5, wherein the analysis reporting subsystem further comprises:
the assessment report generating module is used for summarizing the acquired basic information and the result of the risk analysis module in performing score assessment on the total risk of the database and generating an assessment report; and
a risk management and treatment module to generate risk treatment recommendations and measures.
7. The database risk assessment system according to claim 5, wherein the vulnerability analysis module performs comprehensive vulnerability assessment on the database, and when calculating the risk probability thereof, is specifically configured to:
and comprehensively evaluating the vulnerability of the database according to the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, whether the data of the database is desensitized and whether the data of the database is encrypted and stored.
8. A database risk assessment method, comprising:
collecting basic information in the database; and
analyzing and reporting the risk of the database by using the acquired basic information;
wherein the basic information includes: the method comprises the following steps of detecting the vulnerability risk of the database, the static configuration and dynamic connection condition of the database, the classification result of the data of the database according to the sensitivity and the importance, whether the data of the database is desensitized or not and whether the data of the database is encrypted and stored or not.
9. An electronic device, comprising: a processor, a memory, and a bus;
the processor and the memory are communicated with each other through the bus; the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of claim 8.
10. A computer-readable storage medium storing computer instructions which, when executed by a computer, cause the computer to perform the method of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111596063.4A CN114357458A (en) | 2021-12-24 | 2021-12-24 | Database risk assessment system and method, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111596063.4A CN114357458A (en) | 2021-12-24 | 2021-12-24 | Database risk assessment system and method, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114357458A true CN114357458A (en) | 2022-04-15 |
Family
ID=81101125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111596063.4A Pending CN114357458A (en) | 2021-12-24 | 2021-12-24 | Database risk assessment system and method, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114357458A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117828623A (en) * | 2023-06-13 | 2024-04-05 | 江苏元速时空大数据集团有限公司 | Electronic government affair information service system based on internet |
-
2021
- 2021-12-24 CN CN202111596063.4A patent/CN114357458A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117828623A (en) * | 2023-06-13 | 2024-04-05 | 江苏元速时空大数据集团有限公司 | Electronic government affair information service system based on internet |
| CN117828623B (en) * | 2023-06-13 | 2024-07-23 | 江苏元速时空大数据集团有限公司 | Electronic government affair information service system based on internet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alves et al. | Deriving metric thresholds from benchmark data | |
| AU2017274576B2 (en) | Classification of log data | |
| CN109933984B (en) | Optimal clustering result screening method and device and electronic equipment | |
| CN110912884A (en) | Detection method, detection equipment and computer storage medium | |
| CN106792883A (en) | Sensor network abnormal deviation data examination method and system | |
| CN117421761B (en) | Database data information security monitoring method | |
| US11157620B2 (en) | Classification of executable files using a digest of a call graph pattern | |
| CN116389034A (en) | Vulnerability priority determining method and device | |
| CN117670264B (en) | Automatic flow processing system and method for accounting data | |
| CN105825130B (en) | A kind of information security method for early warning and device | |
| CN110598959A (en) | Asset risk assessment method and device, electronic equipment and storage medium | |
| CN116881979A (en) | Method, device and equipment for detecting data safety compliance | |
| CN114357458A (en) | Database risk assessment system and method, electronic equipment and storage medium | |
| CN113343228B (en) | Event credibility analysis method and device, electronic equipment and readable storage medium | |
| Wang et al. | FP-growth based regular behaviors auditing in electric management information system | |
| CN114595765A (en) | Data processing method and device, electronic equipment and storage medium | |
| Babu et al. | Network intrusion detection using machine learning algorithms | |
| CN118041587A (en) | Network security test evaluation system and method | |
| CN115664868B (en) | Security level determination method, device, electronic equipment and storage medium | |
| CN109409091B (en) | Method, device and equipment for detecting Web page and computer storage medium | |
| CN116389148A (en) | Network security situation prediction system based on artificial intelligence | |
| CN116739605A (en) | Transaction data detection method, device, equipment and storage medium | |
| CN117272308A (en) | Software security test method, device, equipment, storage medium and program product | |
| CN115809466A (en) | Security requirement generation method and device based on STRIDE model, electronic equipment and medium | |
| CN115659351A (en) | Information security analysis method, system and equipment based on big data office |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |