CN114707599A - Intelligent classification and grading system for information asset visual management method library - Google Patents

Intelligent classification and grading system for information asset visual management method library Download PDF

Info

Publication number
CN114707599A
CN114707599A CN202210337856.2A CN202210337856A CN114707599A CN 114707599 A CN114707599 A CN 114707599A CN 202210337856 A CN202210337856 A CN 202210337856A CN 114707599 A CN114707599 A CN 114707599A
Authority
CN
China
Prior art keywords
value
asset
information
unit
analysis unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210337856.2A
Other languages
Chinese (zh)
Inventor
杨莹
牛耕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Guoxin Wanglian Technology Co ltd
Original Assignee
Beijing Guoxin Wanglian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Guoxin Wanglian Technology Co ltd filed Critical Beijing Guoxin Wanglian Technology Co ltd
Priority to CN202210337856.2A priority Critical patent/CN114707599A/en
Publication of CN114707599A publication Critical patent/CN114707599A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Human Resources & Organizations (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Strategic Management (AREA)
  • Economics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Educational Administration (AREA)
  • Development Economics (AREA)
  • Physics & Mathematics (AREA)
  • Game Theory and Decision Science (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Tourism & Hospitality (AREA)
  • Quality & Reliability (AREA)
  • Operations Research (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • General Engineering & Computer Science (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to an intelligent classification grading system for an information asset visual management method library, in particular to the technical field of information asset management, which comprises an information acquisition unit, a classification grading unit and a classification grading unit, wherein the information acquisition unit is used for acquiring enterprise information assets uploaded by enterprise management personnel; the characteristic extraction unit is used for extracting the characteristics of the information assets from the enterprise information assets acquired by the information acquisition unit; the asset classification unit is used for classifying the enterprise information assets according to the features extracted by the feature extraction unit; the value analysis unit is used for carrying out value analysis on the enterprise information assets classified by the asset classification unit; the value determining unit is used for determining the value degree of the information assets of the enterprise according to the analysis result of the value analyzing unit; the risk analysis unit is used for carrying out risk assessment on the information assets of the enterprise, so that the workload of the management system is reduced, and the management precision of the information assets is further improved.

Description

Intelligent classification and grading system for information asset visual management method library
Technical Field
The invention relates to the technical field of information asset management, in particular to an intelligent classification and grading system for an information asset visual management method library.
Background
The information assets are used as intangible assets which are generated in the enterprise development process and are connected with the life pulse of the enterprise, are very important for the development of the enterprise, and lay a solid foundation for the subsequent development of the enterprise, thereby bringing very good economic benefit for the enterprise.
In the early development stage of enterprises, a management system is required to be provided for information assets in the enterprises, so that the enterprises can develop healthily and safely, and higher economic benefit can be obtained.
Chinese patent publication No. CN113344313A discloses a management system for enterprise information assets, which combines multiple modules, including a cooperation management module, an information asset identification module, an intelligent device management module, a document confidentiality management module, and an information asset circulation approval module, and uses the mutual cooperation or cooperation of the modules to reduce the leakage of information assets inside enterprises or companies. By adopting the management system of the information assets disclosed by the invention, the risk of divulgence of the information assets can be prevented in advance, and the risk of divulgence inside an enterprise or a company can be evaluated and assessed in a multidimensional way. (ii) a Therefore, the management system of the enterprise information assets only monitors leakage of the internal information assets and does not manage the enterprise information assets integrally, so that the problem that any information asset pays attention to outsourcing is caused, the management precision is low, and the system workload is large.
Disclosure of Invention
Therefore, the invention provides an intelligent classification and grading system for an information asset visualization management method library, which is used for overcoming the problems that in the prior art, only leakage of internal information assets is monitored, and management of enterprise information assets is not performed on the whole, so that the problem that the management precision is not high and the system workload is large because any information asset pays attention to outsourcing is caused.
In order to achieve the above object, the present invention provides an intelligent classification and classification system for an information asset visual management method library, comprising:
the information acquisition unit is used for acquiring enterprise information assets uploaded by enterprise management personnel;
the characteristic extraction unit is connected with the information acquisition unit and is used for extracting the characteristics of the information assets from the enterprise information assets acquired by the information acquisition unit;
the asset classification unit is respectively connected with the information acquisition unit and the feature extraction unit and is used for classifying the enterprise information assets according to the features extracted by the feature extraction unit;
the value analysis unit is connected with the asset classification unit and is used for carrying out value analysis on the enterprise information assets classified by the asset classification unit;
the value determining unit is connected with the value analyzing unit and is used for determining the value degree of the information assets of the enterprise according to the analysis result of the value analyzing unit;
and the risk analysis unit is respectively connected with the value analysis unit and the value determination unit and is used for carrying out risk assessment on the information assets of the enterprise.
Further, the feature extraction unit extracts features of information assets from the enterprise asset information, including extracting personnel features, hardware features, software features, and electronic data features, and the asset classification unit classifies the information assets into personnel, hardware, software, and electronic data according to the personnel features, the hardware features, the software features, and the electronic data features.
Further, the worth analyzing unit is provided with information asset property evaluation values corresponding to information assets, the worth analyzing unit conducts the worth analysis on the information assets and comprises the steps of obtaining confidentiality evaluation values M and/or integrity evaluation values W and/or availability evaluation values R of the assets under the asset classes, the worth determining unit calculates the worth degree G of the enterprise information assets according to the confidentiality evaluation values M and the integrity evaluation values W and the availability evaluation values R of the assets, and G is set to be M + W + R.
Further, a preset association degree Q0 is arranged in the value analysis unit, the value analysis unit acquires the association degree Q between the assets in the enterprise operation process, sets Q to t/t0, and determines the influence coefficient of the value of each asset according to the comparison result of the association degree Q and the preset association degree, wherein t is association duration, t0 is preset association duration,
wherein the value analysis unit is provided with a first preset degree of correlation Q1, a second preset degree of correlation Q2, a third preset degree of correlation Q3, a first influence coefficient f1, a second influence coefficient f2 and a third influence coefficient f3, wherein Q1 is more than Q2 and less than Q3, f1 is more than f2 and less than f3,
when Q is not more than Q1, the worth analyzing unit sets the influence coefficient of the asset worth to f 1;
when Q1 < Q ≦ Q2, the worth analysis unit sets the impact coefficient of the asset worth to f 2;
when Q2 < Q ≦ Q3, the worth analysis unit sets the impact coefficient for the asset worth value to f 3.
Further, the value analyzing unit is further configured to obtain a change status of each asset during an enterprise operation process, and determine that the change status is data volume increase or decrease, the value analyzing unit calculates a value degree Gz of the asset increased data volume when determining that the change status is data volume increase, the value determining unit compares the value degree Gz of the increased data volume with the value degree G of the existing data of the asset, and determines whether to adjust the asset value degree according to a comparison result,
if Gz is larger than G, the value determining unit judges to adjust the asset worth value;
and if the Gz is less than or equal to G, the value determining unit judges that the asset value degree is not adjusted.
Further, the value determination adjusts the asset worth value to Gz when determining to adjust the asset worth value; the value analysis unit recalculates the value degree of the information asset when determining that the change condition is data volume reduction;
the worth determining unit is further configured to, when the asset worth degree is adjusted to Gz, adjust the worth degree of the associated asset according to an influence coefficient corresponding to the association degree of the asset and the associated asset, set the adjusted worth degree of the associated asset to G1, and set G1 to G × fi, where i is 1, 2, and 3.
Further, the risk analysis unit is further configured to, when performing risk analysis on each asset, perform risk assessment on each asset, and set U ═ G × Dr × Dw according to the risk assessment value U of each asset, where Dr is a vulnerability weight of each asset, and Dw is a threat weight of the asset;
the vulnerability weight of each asset comprises the sum of the information security standard of each asset, the security control of the office environment, the written operation security control, the network security control, the security management of data exchange and the operation and maintenance audit management evaluation value
Further, the risk analysis unit is further configured to determine an initial value of the security management and control strength according to the value degree G when determining that the value degree is completed,
wherein the risk analysis unit is further provided with a first preset value degree G1, a second preset value degree G2, a third preset value degree G3, a first initial value Y1, a second initial value Y2 and a third initial value Y3, wherein G1 is more than G2 is more than G3, Y1 is more than Y2 is more than Y3,
when G is not greater than G1, the risk analysis unit sets the safety control force value of the asset to be a first initial value Y1;
when G1 < G ≦ G2, the risk analysis unit sets the safety control force value of the asset to a second initial value Y2;
when G2 < G ≦ G3, the risk analysis unit sets the safety management severity value for the asset to a third initial value Y3.
Further, the risk analysis unit calculates the impact times C of each asset when the assets are impacted, compares the impact times C with preset impact times, determines the threat weight of each asset according to the comparison result,
wherein the risk analysis unit is provided with a first preset impact frequency C1, a second preset impact frequency C2, a third preset impact frequency C3, a first threat weight Dw1, a second threat weight Dw2 and a third threat weight Dw3, C1 is more than C2 and less than C3, Dw1 is more than Dw2 and less than Dw3,
when C is less than or equal to C1, the risk analysis unit sets the threat weight to Dw 1;
when C1 is more than C and less than or equal to C2, the risk analysis unit sets the threat weight value to Dw 2;
when C2 < C ≦ C1, the risk analysis unit sets the threat weight to Dw 3.
Further, the risk analysis unit is further configured to compare the risk assessment value U with a preset risk assessment value U0 when calculating the risk assessment value is completed, and determine whether the risk of each asset is qualified according to the comparison result,
if U > U0, the risk analysis unit determines that the risk of each of the assets is not acceptable;
if U is less than or equal to U0, the risk analysis unit determines that the risk of each asset is qualified;
when determining that the risk of each asset of the asset is unqualified, the risk analysis unit calculates an evaluation difference value delta U between the risk evaluation value U and a preset risk evaluation value U0, selects a corresponding adjustment coefficient according to a comparison result of the evaluation difference value and a preset evaluation difference value to adjust the network security management and control strength value, sets the adjusted security management and control strength value as Yt, and sets Yt as Y multiplied by Kj, wherein Kj is the adjustment coefficient of the network security management and control strength value.
Compared with the prior art, the management method has the advantages that the information assets are acquired, the information assets are classified according to the characteristics of the information assets, each type of information assets are classified according to the classification result, so that the management precision of the information assets is higher, the value degree of the information assets is analyzed during classification management, the classification of the information assets is determined according to the value degree analysis result of the information assets, the workload of a management system is reduced, and the management precision of the information assets is further improved.
Particularly, when the information assets are graded, the confidentiality evaluation value, the integrity evaluation value and the availability evaluation value of the information assets are obtained to determine the value degree of the information assets together, so that the information assets can be graded in an all-around manner, and the management precision of the information assets is further improved.
In particular, the invention carries out value evaluation on each asset which is evaluated according to the value degree, determines the security control strength value of the network according to the risk evaluation value of the asset and the risk evaluation value, thereby ensuring the security of the information asset and further improving the management precision of the information asset.
Furthermore, in the enterprise operation process, the correlation degree among the assets is analyzed through the value analysis unit, the influence coefficient among the assets is determined according to the correlation degree of the assets, and the mutual influence degree of the assets in the enterprise operation process is determined through the determined influence coefficient, so that the management precision of the information assets is improved.
Furthermore, the invention acquires the change condition of each asset in the enterprise operation process, acquires the value degree of the total assets in the change condition when the assets change, determines whether to adjust the asset value degree according to the value degree of the changed assets, and determines whether to adjust according to the comparison result of the value degree of the actual assets and the value degree of the changed assets when adjusting the information assets, thereby further improving the management precision of the information assets.
Furthermore, after the value degree of one asset is adjusted, the value degree of the associated asset is adjusted according to the influence coefficient determined by the association degree of the asset and the associated asset, so that the management precision of the information asset is further improved.
Furthermore, the invention calculates the risk assessment value of each information asset by acquiring the vulnerability weight and threat weight of the asset from the information assets which are graded by the risk analysis unit, sets a plurality of vulnerabilities for the vulnerability weight and sets different grades for the plurality of vulnerabilities, thereby improving the management precision of the information assets.
Furthermore, when the information assets are determined to be completed through the risk analysis unit, the safety control strength of the information assets is determined according to the comparison result of the determined value degree of the information assets and the preset value degree, and therefore the management precision of the information assets is further improved.
Furthermore, the risk analysis unit compares the determined risk assessment value with a preset risk assessment value, determines whether the risk is qualified or not according to the comparison result, calculates the risk difference value between the risk assessment value and the preset risk assessment value when the risk is unqualified, and selects a corresponding control strength adjustment coefficient according to the comparison result between the risk difference value and a plurality of risk difference values to adjust the control strength of the information asset, so that the management precision of the information asset is further improved.
Drawings
Fig. 1 is a block diagram of an intelligent classification and classification system for an information asset visualization management method library according to an embodiment of the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described in conjunction with the following examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and do not delimit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Fig. 1 is a block diagram illustrating an intelligent classification and ranking system for an information asset visualization management method library according to an embodiment of the present invention.
The intelligent classification and grading system for the information asset visualization management method library provided by the embodiment of the invention comprises the following steps:
the information acquisition unit is used for acquiring enterprise information assets uploaded by enterprise management personnel;
the characteristic extraction unit is connected with the information acquisition unit and is used for extracting the characteristics of the information assets from the enterprise information assets acquired by the information acquisition unit;
the asset classification unit is respectively connected with the information acquisition unit and the feature extraction unit and is used for classifying the enterprise information assets according to the features extracted by the feature extraction unit;
the value analysis unit is connected with the asset classification unit and is used for carrying out value analysis on the enterprise information assets classified by the asset classification unit;
the value determining unit is connected with the value analyzing unit and is used for determining the value degree of the enterprise information assets according to the analysis result of the value analyzing unit;
and the risk analysis unit is respectively connected with the value analysis unit and the value determination unit and is used for carrying out risk assessment on the information assets of the enterprise.
Specifically, in the intelligent classification and ranking system for the information asset visualization management method library according to the embodiment of the present invention, the feature extraction unit extracts features of the information asset from the enterprise asset information, including a person feature, a hardware feature, a software feature, and an electronic data feature, and the asset classification unit classifies the information asset into a person, hardware, software, and electronic data according to the person feature, the hardware feature, the software feature, and the electronic data feature.
Wherein the personnel characteristics at least comprise name information and position information of personnel;
the hardware characteristics at least comprise the model of hardware, the kernel version and the number of kernels;
the software features at least comprise software code quantity and software code complexity;
the electronic data characteristics include at least network setting parameters, backup file names, and file sizes.
The value analysis unit is provided with an information asset property evaluation value corresponding to an information asset, the value analysis unit performs value analysis on the information asset and comprises the steps of obtaining a confidentiality evaluation value M and/or an integrity evaluation value W and/or an availability evaluation value R of each asset under each asset type, the value determination unit calculates the value degree G of the enterprise information asset according to the confidentiality evaluation value M, the integrity evaluation value W and the availability evaluation value R of each asset, and G is set to be M + W + R.
In the examples of the present invention, the evaluation criteria are as follows:
Figure BDA0003577262790000071
in the embodiment of the present invention, the hardware evaluation criteria are as follows:
Figure BDA0003577262790000072
Figure BDA0003577262790000081
in the embodiment of the invention, the software evaluation standard is as follows:
Figure BDA0003577262790000082
in the embodiment of the invention, the software evaluation standard is as follows:
Figure BDA0003577262790000083
the value analysis unit is provided with a preset association degree Q0, and acquires the association degree Q between the assets in the enterprise operation process, sets Q to t/t0, and determines the influence coefficient of the value of each asset according to the comparison result of the association degree Q and the preset association degree, wherein t is association duration, t0 is preset association duration,
wherein the value analysis unit is provided with a first preset degree of correlation Q1, a second preset degree of correlation Q2, a third preset degree of correlation Q3, a first influence coefficient f1, a second influence coefficient f2 and a third influence coefficient f3, wherein Q1 is more than Q2 and less than Q3, f1 is more than f2 and less than f3,
when Q is not more than Q1, the worth analyzing unit sets the influence coefficient of the asset worth to f 1;
when Q1 < Q ≦ Q2, the worth analysis unit sets the impact coefficient of the asset worth to f 2;
when Q2 < Q ≦ Q3, the worth analyzing unit sets the influence coefficient of the asset worth value to f 3.
In the embodiment of the invention, the association degree of the personnel and the hardware is the ratio of the hardware using time of the personnel to the preset time; the association degree of the personnel and the software is the ratio of the software using time length of the personnel to the preset time length, the association degree of the personnel and the electronic data is the ratio of the electronic data using time length of the personnel to the preset time length, the association degree of the hardware and the software is the ratio of the hardware storing software time length to the preset time length, the association degree of the hardware and the electronic data is the ratio of the hardware storing electronic data time length to the preset time length, and the association degree of the software and the electronic data is the ratio of the software storing electronic data time length to the preset time length.
The value analysis unit is further configured to obtain a change status of each asset during an enterprise operation process, and determine that the change status is data volume increase or decrease, the value analysis unit calculates a value degree Gz of the asset increased data volume when determining that the change status is data volume increase, the value determination unit compares the value degree Gz of the increased data volume with the value degree G of the existing data of the asset, and determines whether to adjust the asset value degree according to a comparison result,
if Gz is larger than G, the value determining unit judges to adjust the asset worth value;
if Gz is less than or equal to G, the value determining unit judges that the asset value degree is not adjusted;
specifically, the value determination adjusts the asset worth value to Gz when it is determined to adjust the asset worth value; the worth analyzing unit recalculates the worth degree of the information asset when the fluctuation situation is determined to be the data volume reduction.
The worth determining unit is further configured to, when the asset worth degree is adjusted to Gz, adjust the worth degree of the associated asset according to an influence coefficient corresponding to the association degree of the asset and the associated asset, set the adjusted worth degree of the associated asset to G1, and set G1 to G × fi, where i is 1, 2, and 3.
The risk analysis unit is further configured to perform risk assessment on each asset when performing risk analysis on each asset, and set U ═ gxr Dr × Dw according to the risk assessment value U of each asset, where Dr is a vulnerability weight of each asset, and Dw is a threat weight of the asset.
The vulnerability weight of each asset comprises the sum of the information safety standard of each asset, the safety control of the office environment, the safety control of written operation, the safety control of network safety, the safety management of data exchange and the management evaluation value of operation and maintenance audit management.
In the embodiment of the invention, the value of the existing information safety standard is 3, the value of part of the existing information safety standard is 2, and the value of the existing information safety standard is 1; the value is 3 if the office environment safety control exists, the value is 2 if a small amount of office environment safety control exists, and the value is 1 if the office environment safety control does not exist; the written operation safety control value is 3, a small number of written operation safety control values are 2, and the written operation safety control value is not 1; the value of network security management and control is 3, the value of a small amount of network security management and control is 2, and the value of no network security management and control is 1; the security management value with data exchange is 3, the security management value with a small amount of data exchange is 2, and the security management value without data exchange is 1; the operation and maintenance audit management value is 3, a small amount of operation and maintenance audit management values are 2, and no operation and maintenance audit management value is 1.
The risk analysis unit is further used for determining an initial value of the security management and control strength according to the value degree G when the value degree is determined to be completed,
wherein the risk analysis unit is further provided with a first preset value degree G1, a second preset value degree G2, a third preset value degree G3, a first initial value Y1, a second initial value Y2 and a third initial value Y3, wherein G1 is more than G2 is more than G3, Y1 is more than Y2 is more than Y3,
when G is not greater than G1, the risk analysis unit sets the safety control force value of the asset to be a first initial value Y1;
when G1 < G ≦ G2, the risk analysis unit sets the safety control force value of the asset to a second initial value Y2;
when G2 < G ≦ G3, the risk analysis unit sets the safety management severity value for the asset to a third initial value Y3.
Specifically, the threat weight of each asset is whether each asset is impacted, the risk analysis unit calculates the impact frequency C of each asset when the asset is impacted, compares the impact frequency C with a preset impact frequency, and determines the threat weight of each asset according to the comparison result,
wherein the risk analysis unit is provided with a first preset impact frequency C1, a second preset impact frequency C2, a third preset impact frequency C3, a first threat weight Dw1, a second threat weight Dw2 and a third threat weight Dw3, C1 is more than C2 and less than C3, Dw1 is more than Dw2 and less than Dw3,
when C is less than or equal to C1, the risk analysis unit sets the threat weight to Dw 1;
when C1 is more than C and less than or equal to C2, the risk analysis unit sets the threat weight value to Dw 2;
when C2 < C ≦ C1, the risk analysis unit sets the threat weight to Dw 3.
The risk analysis unit is further used for comparing the risk assessment value U with a preset risk assessment value U0 when the calculation of the risk assessment value is completed, and determining whether the risk of each asset is qualified or not according to the comparison result,
if U > U0, the risk analysis unit determines that the risk of each of the assets is not acceptable;
and if U is less than or equal to U0, the risk analysis unit determines that the risk of each asset is qualified.
When determining that the risk of each asset of the asset is unqualified, the risk analysis unit calculates an evaluation difference value delta U between the risk evaluation value U and a preset risk evaluation value U0, selects a corresponding adjustment coefficient according to the comparison result of the evaluation difference value and the preset evaluation difference value to adjust the network security management and control strength value,
wherein the risk analysis unit is provided with a first preset evaluation difference value delta U1, a second risk evaluation difference value delta U2, a third preset evaluation difference value delta U3, a first control force adjustment coefficient K1, a second control force adjustment coefficient K2 and a third control force adjustment coefficient K3, wherein delta U1 < delta U2 < delta U3, 1 < K1 < K2 < K3 < 1.5,
when the delta U is less than or equal to the delta U1, the risk analysis unit selects a first control strength adjustment coefficient K1 to adjust the network security control strength value;
when the delta U is more than or equal to delta U1 and less than or equal to delta U2, the risk analysis unit selects a second control force adjusting coefficient K2 to adjust the network security control force value;
when the delta U is more than or equal to delta U2 and less than or equal to delta U3, the risk analysis unit selects a third control force adjusting coefficient K3 to adjust the network security control force value;
when the risk analysis unit selects the jth management and control force adjustment coefficient Kj to adjust the network security management and control force value, setting j to be 1, 2 and 3, and the risk analysis unit sets the adjusted security management and control force value to be Yt and sets Yt to be Y multiplied by Kj.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is apparent to those skilled in the art that the scope of the present invention is not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.

Claims (10)

1. An intelligent classification and classification system for an information asset visual management method library, comprising:
the information acquisition unit is used for acquiring enterprise information assets uploaded by enterprise managers;
the characteristic extraction unit is connected with the information acquisition unit and is used for extracting the characteristics of the information assets from the enterprise information assets acquired by the information acquisition unit;
the asset classification unit is respectively connected with the information acquisition unit and the feature extraction unit and is used for classifying the enterprise information assets according to the features extracted by the feature extraction unit;
the value analysis unit is connected with the asset classification unit and is used for carrying out value analysis on the enterprise information assets classified by the asset classification unit;
the value determining unit is connected with the value analyzing unit and is used for determining the value degree of the information assets of the enterprise according to the analysis result of the value analyzing unit;
and the risk analysis unit is respectively connected with the value analysis unit and the value determination unit and is used for carrying out risk assessment on the information assets of the enterprise.
2. The intelligent taxonomy-hierarchy system for visual management of information assets according to claim 1, wherein the feature extraction unit extracts features of information assets from the enterprise asset information including personnel, hardware, software, and electronic data features, and the asset classification unit classifies the information assets into personnel, hardware, software, and electronic data according to the personnel, hardware, software, and electronic data features.
3. The intelligent classification and ranking system for information asset visualization management method library according to claim 2, wherein said worth analyzing unit is provided with information asset property assessment values corresponding to information assets, said worth analyzing unit performs a value analysis on said information assets including obtaining confidentiality assessment values M and/or integrity assessment values W and/or availability assessment values R of each asset under each asset category, said worth determining unit calculates the worth degree G of said enterprise information assets according to the confidentiality assessment values M and integrity assessment values W and availability assessment values R of each said asset, and sets G + W + R.
4. The intelligent classification and grading system for information asset visual management method library according to claim 3, wherein the value analysis unit is provided with a preset association degree Q0, and in the enterprise operation process, the value analysis unit obtains the association degree Q between the assets, sets Q to t/t0, and determines the influence coefficient of the value of each asset according to the comparison result of the association degree Q and the preset association degree, wherein t is the association duration, and t0 is the preset association duration,
wherein the value analysis unit is provided with a first preset degree of correlation Q1, a second preset degree of correlation Q2, a third preset degree of correlation Q3, a first influence coefficient f1, a second influence coefficient f2 and a third influence coefficient f3, wherein Q1 is more than Q2 and less than Q3, f1 is more than f2 and less than f3,
when Q is not more than Q1, the worth analyzing unit sets the influence coefficient of the asset worth to f 1;
when Q1 < Q ≦ Q2, the worth analysis unit sets the impact coefficient of the asset worth to f 2;
when Q2 < Q ≦ Q3, the worth analysis unit sets the impact coefficient for the asset worth value to f 3.
5. The intelligent classification and ranking system for information asset visual management method library according to claim 4, wherein the value analysis unit is further configured to obtain a change status of each asset during the operation of the enterprise and determine that the change status is an increase or decrease in data volume, the value analysis unit calculates a value degree Gz of the asset added data volume when determining that the change status is an increase in data volume, the value determination unit compares the value degree Gz of the added data volume with the value degree G of the existing asset data and determines whether to adjust the asset value degree according to the comparison result,
if Gz is larger than G, the value determining unit judges to adjust the asset worth value;
and if Gz is less than or equal to G, the value determining unit judges that the asset worth value is not adjusted.
6. The intelligent taxonomy ranking system for visual management of information assets according to claim 5 wherein the value determination adjusts the asset worth value to Gz when it is determined to adjust the asset worth value; the value analysis unit recalculates the value degree of the information asset when determining that the change condition is data volume reduction;
the worth determining unit is further configured to, when the asset worth degree is adjusted to Gz, adjust the worth degree of the associated asset according to an influence coefficient corresponding to the association degree of the asset and the associated asset, set the adjusted worth degree of the associated asset to G1, and set G1 to G × fi, where i is 1, 2, and 3.
7. The intelligent classification and ranking system for information asset visual management method library according to claim 6, wherein said risk analysis unit is further configured to perform risk assessment on each asset when performing risk analysis on each asset, and set U ═ gxr Dr × Dw according to the risk assessment value U of each asset, where Dr is a vulnerability weight of each asset, and Dw is a threat weight of the asset;
the vulnerability weight of each asset comprises the sum of the information safety standard of each asset, the safety control of the office environment, the safety control of written operation, the safety control of network safety, the safety management of data exchange and the management evaluation value of operation and maintenance audit management.
8. The intelligent taxonomy classification system for information asset visual management method library according to claim 7, wherein the risk analysis unit is further configured to determine an initial value of the security management control strength according to the value G when determining that the value G is completed,
wherein the risk analysis unit is further provided with a first preset value degree G1, a second preset value degree G2, a third preset value degree G3, a first initial value Y1, a second initial value Y2 and a third initial value Y3, wherein G1 is more than G2 is more than G3, Y1 is more than Y2 is more than Y3,
when G is not greater than G1, the risk analysis unit sets the safety control force value of the asset to be a first initial value Y1;
when G1 < G ≦ G2, the risk analysis unit sets the safety control force value of the asset to a second initial value Y2;
when G2 < G ≦ G3, the risk analysis unit sets the safety management severity value for the asset to a third initial value Y3.
9. The intelligent classification and classification system for an information asset visualization management method library according to claim 8, wherein the risk analysis unit calculates the impact frequency C of each asset when the asset is impacted, compares the impact frequency C with a preset impact frequency, and determines the threat weight of each asset according to the comparison result,
wherein the risk analysis unit is provided with a first preset impact frequency C1, a second preset impact frequency C2, a third preset impact frequency C3, a first threat weight Dw1, a second threat weight Dw2 and a third threat weight Dw3, C1 is more than C2 and less than C3, Dw1 is more than Dw2 and less than Dw3,
when C is less than or equal to C1, the risk analysis unit sets the threat weight to Dw 1;
when C1 is more than C and less than or equal to C2, the risk analysis unit sets the threat weight value to Dw 2;
when C2 < C ≦ C1, the risk analysis unit sets the threat weight to Dw 3.
10. The intelligent classification and ranking system for visual management of information assets of claim 9 wherein said risk analysis unit is further configured to compare said risk assessment value U with a preset risk assessment value U0 when calculating said risk assessment value, and determine whether the risk of each of said assets is qualified according to the comparison result,
if U > U0, the risk analysis unit determines that the risk of each of the assets is not acceptable;
if U is less than or equal to U0, the risk analysis unit determines that the risk of each asset is qualified;
when determining that the risk of each asset of the asset is unqualified, the risk analysis unit calculates an evaluation difference value delta U between the risk evaluation value U and a preset risk evaluation value U0, selects a corresponding adjustment coefficient according to a comparison result of the evaluation difference value and a preset evaluation difference value to adjust the network security management and control strength value, sets the adjusted security management and control strength value as Yt, and sets Yt as Y multiplied by Kj, wherein Kj is the adjustment coefficient of the network security management and control strength value.
CN202210337856.2A 2022-04-01 2022-04-01 Intelligent classification and grading system for information asset visual management method library Pending CN114707599A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210337856.2A CN114707599A (en) 2022-04-01 2022-04-01 Intelligent classification and grading system for information asset visual management method library

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210337856.2A CN114707599A (en) 2022-04-01 2022-04-01 Intelligent classification and grading system for information asset visual management method library

Publications (1)

Publication Number Publication Date
CN114707599A true CN114707599A (en) 2022-07-05

Family

ID=82172145

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210337856.2A Pending CN114707599A (en) 2022-04-01 2022-04-01 Intelligent classification and grading system for information asset visual management method library

Country Status (1)

Country Link
CN (1) CN114707599A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8478788B1 (en) * 2004-11-14 2013-07-02 Symantec Corporation Centralized information technology resources analysis system
CN110401625A (en) * 2019-03-07 2019-11-01 中国科学院软件研究所 Methods of risk assessment and system based on association analysis
CN113553583A (en) * 2021-07-28 2021-10-26 中国南方电网有限责任公司 Information system asset security risk assessment method and device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8478788B1 (en) * 2004-11-14 2013-07-02 Symantec Corporation Centralized information technology resources analysis system
CN110401625A (en) * 2019-03-07 2019-11-01 中国科学院软件研究所 Methods of risk assessment and system based on association analysis
CN113553583A (en) * 2021-07-28 2021-10-26 中国南方电网有限责任公司 Information system asset security risk assessment method and device

Similar Documents

Publication Publication Date Title
CN107454105B (en) Multidimensional network security assessment method based on AHP and grey correlation
McKee et al. Predicting bankruptcy using recursive partitioning and a realistically proportioned data set
CN112711757B (en) Data security centralized management and control method and system based on big data platform
CN113411303B (en) Evaluation index system construction method based on hierarchical clustering and analytic hierarchy process
CN110111202A (en) The method and system of risk monitoring and control after a kind of loan
CN110912737A (en) Dynamic perception performance early warning method based on hybrid model
Ebnöther et al. Modelling operational risk
CN109711707B (en) Comprehensive state evaluation method for ship power device
CN111953543A (en) PCA-AHP-based quantum communication network reliability condition evaluation method
CN117235743B (en) Intelligent power management method and system based on security risk
KR20040104853A (en) Risk analysis system for information assets
CN116882756B (en) Power safety control method based on block chain
CN110401625B (en) Risk assessment method and system based on correlation analysis
CN114707599A (en) Intelligent classification and grading system for information asset visual management method library
WO2003038666A1 (en) Wavelet based fraud detection system
CN112651433B (en) Abnormal behavior analysis method for privileged account
CN111935062A (en) Method and model for calculating network security maturity
CN112258338A (en) Automatic base station cost auditing method based on nearest neighbor algorithm
Hu et al. Evaluation on Arrear Electricity Charges Based on Multi-attribute Group Decision Making Considering User Payment and Abnormal Electricity Consumption
CN114124526B (en) Threat complexity analysis method combining multi-level and entropy weight method
CN110995465A (en) Communication point panoramic view information operation and maintenance method and system
CN111654463A (en) Support vector electromechanical network intrusion detection system and method based on feature selection
CN116051296B (en) Customer evaluation analysis method and system based on standardized insurance data
CN116578460B (en) Medical institution front-end data safety monitoring method, system and device
CN115170282A (en) Intelligent wind control equipment implementation method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220705