CN115208627B - Information system security detection evaluation and processing system - Google Patents
Information system security detection evaluation and processing system Download PDFInfo
- Publication number
- CN115208627B CN115208627B CN202210638152.9A CN202210638152A CN115208627B CN 115208627 B CN115208627 B CN 115208627B CN 202210638152 A CN202210638152 A CN 202210638152A CN 115208627 B CN115208627 B CN 115208627B
- Authority
- CN
- China
- Prior art keywords
- security
- information
- analysis
- assets
- safety
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims abstract description 91
- 238000001514 detection method Methods 0.000 title claims abstract description 78
- 238000011156 evaluation Methods 0.000 title claims abstract description 23
- 238000004458 analytical method Methods 0.000 claims abstract description 166
- 238000012795 verification Methods 0.000 claims abstract description 40
- 238000010276 construction Methods 0.000 claims abstract description 21
- 238000010219 correlation analysis Methods 0.000 claims description 6
- 230000004807 localization Effects 0.000 claims description 4
- 230000007274 generation of a signal involved in cell-cell signaling Effects 0.000 claims description 3
- 230000008030 elimination Effects 0.000 abstract description 4
- 238000003379 elimination reaction Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 20
- 230000000875 corresponding effect Effects 0.000 description 12
- 238000000034 method Methods 0.000 description 7
- 238000012098 association analyses Methods 0.000 description 5
- 230000002596 correlated effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 238000004454 trace mineral analysis Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of information systems, and particularly discloses an information system security detection evaluation and processing system. The invention provides an information system security detection evaluation and processing system, which comprises: an information asset identification unit for performing asset identification; the safety map construction unit is used for constructing a safety contact map; the safety traceability analysis unit is used for carrying out safety analysis and traceability analysis; the vulnerability positioning analysis unit is used for performing vulnerability positioning and threat analysis; and the security processing detection unit is used for performing security processing and verification detection. The information asset identification and security map construction can be carried out, the security dynamic connection between a plurality of important information assets and a plurality of other information assets is established, the vulnerability positioning and threat analysis are carried out according to the security connection map, the source of the security threat is determined, and further, the accurate security processing and verification detection can be carried out, so that the complete elimination of the security threat of the information system is realized.
Description
Technical Field
The invention belongs to the technical field of information systems, and particularly relates to an information system security detection evaluation and processing system.
Background
The information system is a man-machine integrated system which is composed of computer hardware, network and communication equipment, computer software, information resources, information users and regulations and is used for processing information flow. There are five primary functions, namely input, storage, processing, output and control of information. The information system has undergone three development stages of simple data processing information system, isolated business management information system and integrated intelligent information system.
In the rapid development process of the information system, the problem of safety is gradually exposed while convenience is brought to enterprises, so that the information system needs to be subjected to safety detection, evaluation and processing, and the existing information system safety detection, evaluation and processing are usually performed on single or local information data assets in the information system, but cannot be performed according to all related information data assets in the information system, so that the positioning and processing of the safety threat cannot be accurately realized, and the safety threat of the information system cannot be thoroughly eliminated.
Disclosure of Invention
The embodiment of the invention aims to provide an information system security detection evaluation and processing system, which aims to solve the problems in the background technology.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
the information system safety detection evaluation and processing system comprises an information asset identification unit, a safety map construction unit, a safety traceability analysis unit, a vulnerability positioning analysis unit and a safety processing detection unit, wherein:
an information asset identification unit for asset identification of information data in an information system, marking a plurality of information data assets in the information system, and marking a plurality of important information assets and a plurality of other information assets from a plurality of the information data assets;
a security map construction unit, configured to analyze security associations between a plurality of the important information assets and a plurality of the other information assets, and construct a security association map between a plurality of the important information assets and a plurality of the other information assets;
the security traceability analysis unit is used for performing security analysis on the plurality of important information assets, generating security analysis results, and performing traceability analysis on the plurality of other information assets according to the security analysis results and the security contact map, and generating traceability analysis results;
the vulnerability positioning analysis unit is used for integrating the safety analysis result and the traceability analysis result, positioning the vulnerability, determining the information data asset with the safety vulnerability, performing threat analysis on the information data asset with the safety vulnerability, and determining the safety threat type;
and the security processing detection unit is used for performing security processing on the information data asset with the security weakness according to the security threat type and performing verification detection according to the security contact map after the security processing.
As a further limitation of the technical solution of the embodiment of the present invention, the information asset identification unit specifically includes:
the information asset identification module is used for carrying out asset identification on information data in the information system and generating an asset identification result;
a data asset tagging module for tagging a plurality of information data assets in the information system according to the asset identification result;
an asset class marking module for marking a plurality of important information assets and a plurality of other information assets from a plurality of the information data assets.
As a further limitation of the technical solution of the embodiment of the present invention, the asset classification marking module specifically includes:
the relevance analysis sub-module is used for carrying out relevance analysis on a plurality of information data assets and generating relevance analysis results;
an important asset marking sub-module for marking a plurality of information data assets which are not related to each other as important information assets according to the relevance analysis result;
and the other asset marking sub-module is used for marking a plurality of information data assets except the plurality of important information assets as other information assets.
As further defined by the technical solution of the embodiment of the present invention, the security map construction unit specifically includes:
the safety contact analysis module is used for analyzing the safety contact between a plurality of important information assets and a plurality of other information assets according to the correlation analysis result to obtain a plurality of safety contact analysis results;
and the security map construction module is used for constructing security contact maps between the important information assets and the other information assets according to the security contact analysis results.
As a further limitation of the technical solution of the embodiment of the present invention, the security traceability analysis unit specifically includes:
the safety analysis module is used for carrying out safety analysis on a plurality of important information assets and generating a safety analysis result;
and the traceability analysis module is used for carrying out traceability analysis on a plurality of other information assets according to the safety analysis result and the safety contact map to generate a traceability analysis result.
As a further limitation of the technical solution of the embodiment of the present invention, the traceback analysis module specifically includes:
the route establishment sub-module is used for establishing a plurality of tracing routes according to the safety analysis result and the safety contact map;
and the tracing analysis sub-module is used for tracing analysis on a plurality of other information assets according to a plurality of tracing routes to generate tracing analysis results.
As a further limitation of the technical solution of the embodiment of the present invention, the vulnerability positioning analysis unit specifically includes:
the vulnerability positioning module is used for integrating the safety analysis result and the traceability analysis result, positioning the vulnerability and determining the information data asset with the safety vulnerability;
the type analysis module is used for carrying out type analysis on the information data assets with security weaknesses and determining the information data types;
and the threat analysis module is used for carrying out threat analysis on the information data asset with the security weakness according to the information data type and determining the security threat type.
As a further limitation of the technical solution of the embodiment of the present invention, the vulnerability positioning module specifically includes:
the vulnerability positioning sub-module is used for integrating the safety analysis result and the traceability analysis result, performing vulnerability positioning and generating a vulnerability positioning result;
the vulnerability determination sub-module is used for determining whether safety vulnerabilities exist according to the vulnerability positioning result;
and the vulnerability determination submodule is used for determining corresponding information data assets when the security vulnerabilities exist.
As a further limitation of the technical solution of the embodiment of the present invention, the security processing detection unit specifically includes:
the processing analysis module is used for generating threat processing data according to the security threat type;
the security processing module is used for processing data according to the threat and performing security processing on information data assets with security weaknesses;
and the verification detection module is used for carrying out verification detection according to the safety contact map after safety processing.
As a further limitation of the technical solution of the embodiment of the present invention, the verification and detection module specifically includes:
a signal generation sub-module for generating a completion processing signal after the security processing;
the verification generation sub-module is used for generating verification detection data according to the completion processing signal;
and the verification detection sub-module is used for carrying out verification detection according to the verification detection data and the safety contact map.
Compared with the prior art, the invention has the beneficial effects that:
the information system security detection evaluation and processing system provided by the embodiment of the invention comprises: an information asset identification unit for performing asset identification; the safety map construction unit is used for constructing a safety contact map; the safety traceability analysis unit is used for carrying out safety analysis and traceability analysis; the vulnerability positioning analysis unit is used for performing vulnerability positioning and threat analysis; and the security processing detection unit is used for performing security processing and verification detection. The information asset identification and security map construction can be carried out, the security dynamic connection between a plurality of important information assets and a plurality of other information assets is established, the vulnerability positioning and threat analysis are carried out according to the security connection map, the source of the security threat is determined, and further, the accurate security processing and verification detection can be carried out, so that the complete elimination of the security threat of the information system is realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly introduce the drawings that are needed in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
Fig. 1 shows an application architecture diagram of a system provided by an embodiment of the present invention.
Fig. 2 is a block diagram of an information asset identifying unit in the system according to an embodiment of the present invention.
Fig. 3 shows a block diagram of the structure of an asset classification marking module in the system according to the embodiment of the invention.
Fig. 4 shows a block diagram of a security map construction unit in the system according to an embodiment of the present invention.
Fig. 5 shows a block diagram of a security trace analysis unit in the system according to an embodiment of the present invention.
Fig. 6 shows a block diagram of a trace back analysis module in the system according to an embodiment of the present invention.
Fig. 7 is a block diagram of a vulnerability positioning analysis unit in a system according to an embodiment of the present invention.
FIG. 8 is a block diagram illustrating the structure of a vulnerability localization module in a system provided by an embodiment of the present invention.
Fig. 9 is a block diagram of a security processing detection unit in the system according to an embodiment of the present invention.
Fig. 10 is a block diagram of a verification detection module in the system according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
It can be appreciated that in the prior art, the security detection, evaluation and processing of the information system generally aims at performing security detection, evaluation and processing on single or local information data assets in the information system, but cannot perform dynamic detection and evaluation according to all associated information data assets in the information system, so that the positioning and processing of security threats cannot be accurately realized, and the security threats of the information system cannot be thoroughly eliminated.
In order to solve the above problems, an information system security detection, evaluation and processing system provided by an embodiment of the present invention includes: an information asset identification unit for performing asset identification; the safety map construction unit is used for constructing a safety contact map; the safety traceability analysis unit is used for carrying out safety analysis and traceability analysis; the vulnerability positioning analysis unit is used for performing vulnerability positioning and threat analysis; and the security processing detection unit is used for performing security processing and verification detection. The information asset identification and security map construction can be carried out, the security dynamic connection between a plurality of important information assets and a plurality of other information assets is established, the vulnerability positioning and threat analysis are carried out according to the security connection map, the source of the security threat is determined, and further, the accurate security processing and verification detection can be carried out, so that the complete elimination of the security threat of the information system is realized.
Fig. 1 shows an application architecture diagram of a system provided by an embodiment of the present invention.
Specifically, the information system security detection evaluation and processing system comprises:
an information asset identification unit 101 for asset identification of information data in an information system, marking a plurality of information data assets in said information system, and marking a plurality of important information assets and a plurality of other information assets from a plurality of said information data assets.
In the embodiment of the present invention, the information asset identifying unit 101 identifies the information data in the information system by performing asset identification on the information data in the information system to generate an asset identification result, marks the information data in the information system according to the asset identification result to obtain a plurality of information data assets, further performs correlation analysis on the plurality of information data assets to generate a correlation analysis result, screens a plurality of information data assets which are not correlated with each other from the plurality of information data assets according to the correlation analysis result, marks the plurality of information data assets which are not correlated with each other as important information assets, and marks a plurality of information data assets other than the plurality of important information assets as other information assets.
It is understood that information data assets, including production data, customer profile data, financial data, OA data, etc., are information data that are valuable to businesses or organizations in an information system.
Specifically, fig. 2 shows a block diagram of the information asset identifying unit 101 in the system according to the embodiment of the present invention.
In a preferred embodiment provided by the present invention, the information asset identifying unit 101 specifically includes:
and the information asset identification module 1011 is used for carrying out asset identification on the information data in the information system and generating an asset identification result.
A data asset tagging module 1012 tags a plurality of information data assets in the information system according to the asset identification result.
Asset class marking module 1013 is configured to mark a plurality of important information assets and a plurality of other information assets from a plurality of the information data assets.
Specifically, fig. 3 shows a block diagram of the asset classification marking module 1013 in the system according to an embodiment of the invention.
In a preferred embodiment provided by the present invention, the asset classification marking module 1013 specifically includes:
and the relevance analysis submodule 10131 is used for carrying out relevance analysis on a plurality of information data assets and generating relevance analysis results.
An important asset marking sub-module 10132 for marking a plurality of information data assets that are not associated with each other as important information assets according to the association analysis result.
The other asset tagging submodule 10133 is configured to tag a plurality of information data assets other than the plurality of important information assets as other information assets.
Further, the information system security detection evaluation and processing system further comprises:
a security map construction unit 102, configured to analyze security associations between a plurality of the important information assets and a plurality of the other information assets, and construct a security association map between a plurality of the important information assets and a plurality of the other information assets.
In the embodiment of the present invention, the security map construction unit 102 classifies a plurality of other information assets according to a plurality of corresponding important information assets according to a correlation analysis result, generates an information asset classification result, further analyzes security connections between the plurality of important information assets and the corresponding plurality of other information assets according to the information asset classification result, obtains a plurality of security connection analysis results related to the important information assets, and further constructs a security connection map of the security connection between the plurality of important information assets and the corresponding plurality of other information assets according to the plurality of security connection analysis results.
It will be appreciated that in the security association map, security associations between important information assets and other information assets, and between other information assets and other information assets are noted, and the security associations between the information assets are evaluated, and corresponding security association values are created between information assets having security associations, the greater the security association value, the tighter the security association.
Specifically, fig. 4 shows a block diagram of the security map construction unit 102 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the safety map building unit 102 specifically includes:
and the security association analysis module 1021 is configured to analyze security association between the plurality of important information assets and the plurality of other information assets according to the association analysis result, so as to obtain a plurality of security association analysis results.
A security association map construction module 1022, configured to construct a security association map between the plurality of important information assets and the plurality of other information assets according to a plurality of security association analysis results.
Further, the information system security detection evaluation and processing system further comprises:
and the security traceability analysis unit 103 is configured to perform security analysis on the plurality of important information assets, generate a security analysis result, perform traceability analysis on the plurality of other information assets according to the security analysis result and the security contact map, and generate a traceability analysis result.
In the embodiment of the present invention, the security traceability analysis unit 103 performs security analysis on a plurality of important information assets to generate a security analysis result, determines whether there is an important information asset with security threat according to the security analysis result, synthesizes the security analysis result and the security contact map for the important information asset with security threat, establishes a plurality of traceability routes for traceability analysis on a plurality of other information assets according to the important information asset, and performs traceability analysis on a plurality of other information assets according to the plurality of traceability routes to generate a traceability analysis result.
Specifically, fig. 5 shows a block diagram of the security traceability analysis unit 103 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the security trace analysis unit 103 specifically includes:
the security analysis module 1031 is configured to perform security analysis on a plurality of the important information assets, and generate a security analysis result.
And the traceability analysis module 1032 is configured to perform traceability analysis on the plurality of other information assets according to the security analysis result and the security contact map, so as to generate a traceability analysis result.
Specifically, fig. 6 shows a block diagram of a trace back analysis module 1032 in a system according to an embodiment of the present invention.
In a preferred embodiment of the present invention, the traceback analysis module 1032 specifically includes:
and the route establishment submodule 10321 is used for establishing a plurality of tracing routes according to the safety analysis result and the safety contact map.
And the trace back analysis submodule 10322 is used for carrying out trace back analysis on a plurality of other information assets according to a plurality of trace back routes to generate trace back analysis results.
Further, the information system security detection evaluation and processing system further comprises:
and the vulnerability positioning analysis unit 104 is configured to integrate the security analysis result and the traceability analysis result, perform vulnerability positioning, determine information data assets with security vulnerabilities, perform threat analysis on the information data assets with security vulnerabilities, and determine security threat types.
In the embodiment of the present invention, the vulnerability positioning analysis unit 104 performs vulnerability positioning in a plurality of other information assets corresponding to important information assets with security threat by integrating the security analysis result and the traceability analysis result, generates a vulnerability positioning result, determines whether security vulnerabilities exist in the plurality of other information assets corresponding to the vulnerability positioning result, determines the corresponding information data asset when the security vulnerabilities exist, further performs type analysis on the information data asset with the security vulnerabilities, determines the information data type, generates a corresponding threat analysis scheme according to the information data type, and determines the security threat type by performing threat analysis on the information data asset with the security vulnerabilities according to the corresponding threat analysis scheme.
Specifically, fig. 7 shows a block diagram of the vulnerability positioning analysis unit 104 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the vulnerability positioning analysis unit 104 specifically includes:
and the vulnerability positioning module 1041 is configured to integrate the security analysis result and the traceability analysis result, perform vulnerability positioning, and determine information data assets with security vulnerabilities.
Specifically, fig. 8 shows a block diagram of the vulnerability positioning module 1041 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the vulnerability positioning module 1041 specifically includes:
and a vulnerability positioning sub-module 10411, configured to integrate the security analysis result and the traceback analysis result, perform vulnerability positioning, and generate a vulnerability positioning result.
And a vulnerability determination submodule 10412, configured to determine whether a security vulnerability exists according to the vulnerability positioning result.
The vulnerability determination submodule 10413 is used for determining corresponding information data assets when security vulnerabilities exist.
Further, the vulnerability localization analysis unit 104 further includes:
the type analysis module 1042 is used for performing type analysis on the information data assets with security vulnerabilities and determining the information data type.
Threat analysis module 1043 is configured to perform threat analysis on the information data asset with the security vulnerability according to the information data type, and determine a security threat type.
Further, the information system security detection evaluation and processing system further comprises:
and the security processing detection unit 105 is used for performing security processing on the information data asset with the security weakness according to the security threat type and performing verification detection according to the security contact map after the security processing.
In the embodiment of the present invention, the security processing detection unit 105 generates corresponding threat processing data according to the security threat type, and further performs security processing on the information data asset having the security vulnerability according to the threat processing data, and generates a completion processing signal after completing security processing on the threat, and generates verification detection data according to the completion processing signal, and further performs verification detection on whether the threat is eliminated according to the verification detection data and the security contact map.
Specifically, fig. 9 shows a block diagram of the security processing detection unit 105 in the system according to the embodiment of the present invention.
In a preferred embodiment of the present invention, the security processing detecting unit 105 specifically includes:
a process analysis module 1051 for generating threat process data based on the security threat type.
And the security processing module 1052 is used for processing data according to the threat and performing security processing on the information data assets with security vulnerabilities.
And the verification detection module 1053 is used for performing verification detection according to the security contact map after the security processing.
Specifically, fig. 10 shows a block diagram of a verification detection module 1053 in the system according to an embodiment of the present invention.
In a preferred embodiment of the present invention, the verification detection module 1053 specifically includes:
a signal generation submodule 10531 for generating a complete processing signal after the security processing.
A verification generation submodule 10532 for generating verification detection data according to the completion processing signal.
And the verification detection submodule 10533 is used for carrying out verification detection according to the verification detection data and the security contact map.
In summary, the information system security detection, evaluation and processing system provided in the embodiment of the present invention includes: an information asset identification unit for performing asset identification; the safety map construction unit is used for constructing a safety contact map; the safety traceability analysis unit is used for carrying out safety analysis and traceability analysis; the vulnerability positioning analysis unit is used for performing vulnerability positioning and threat analysis; and the security processing detection unit is used for performing security processing and verification detection. The information asset identification and security map construction can be carried out, the security dynamic connection between a plurality of important information assets and a plurality of other information assets is established, the vulnerability positioning and threat analysis are carried out according to the security connection map, the source of the security threat is determined, and further, the accurate security processing and verification detection can be carried out, so that the complete elimination of the security threat of the information system is realized.
It should be understood that, although the steps in the flowcharts of the embodiments of the present invention are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in various embodiments may include multiple sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, nor do the order in which the sub-steps or stages are performed necessarily performed in sequence, but may be performed alternately or alternately with at least a portion of the sub-steps or stages of other steps or other steps.
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the various embodiments provided herein may include non-volatile and/or volatile memory. The nonvolatile memory can include Read Only Memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), memory bus direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
The technical features of the above-described embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above-described embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The foregoing examples illustrate only a few embodiments of the invention and are described in detail herein without thereby limiting the scope of the invention. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the invention, which are all within the scope of the invention. Accordingly, the scope of protection of the present invention is to be determined by the appended claims.
The foregoing description of the preferred embodiments of the invention is not intended to be limiting, but rather is intended to cover all modifications, equivalents, and alternatives falling within the spirit and principles of the invention.
Claims (7)
1. The information system safety detection evaluation and processing system is characterized by comprising an information asset identification unit, a safety map construction unit, a safety traceability analysis unit, a weakness positioning analysis unit and a safety processing detection unit, wherein:
an information asset identification unit for asset identification of information data in an information system, marking a plurality of information data assets in the information system, and marking a plurality of important information assets and a plurality of other information assets from a plurality of the information data assets;
a security map construction unit, configured to analyze security associations between a plurality of the important information assets and a plurality of the other information assets, and construct a security association map between a plurality of the important information assets and a plurality of the other information assets;
the security traceability analysis unit is used for performing security analysis on the plurality of important information assets, generating security analysis results, and performing traceability analysis on the plurality of other information assets according to the security analysis results and the security contact map, and generating traceability analysis results;
the vulnerability positioning analysis unit is used for integrating the safety analysis result and the traceability analysis result, positioning the vulnerability, determining the information data asset with the safety vulnerability, performing threat analysis on the information data asset with the safety vulnerability, and determining the safety threat type;
the security processing detection unit is used for performing security processing on the information data asset with the security weakness according to the security threat type, and performing verification detection according to the security contact map after the security processing;
the information asset identification unit specifically includes:
the information asset identification module is used for carrying out asset identification on information data in the information system and generating an asset identification result;
a data asset tagging module for tagging a plurality of information data assets in the information system according to the asset identification result;
an asset classification tagging module for tagging a plurality of important information assets and a plurality of other information assets from a plurality of the information data assets;
the asset classification marking module specifically comprises:
the relevance analysis sub-module is used for carrying out relevance analysis on a plurality of information data assets and generating relevance analysis results;
an important asset marking sub-module for marking a plurality of information data assets which are not related to each other as important information assets according to the relevance analysis result;
the other asset marking sub-module is used for marking a plurality of information data assets except the plurality of important information assets as other information assets;
the safety map construction unit specifically comprises:
the safety contact analysis module is used for analyzing the safety contact between a plurality of important information assets and a plurality of other information assets according to the correlation analysis result to obtain a plurality of safety contact analysis results;
and the security map construction module is used for constructing security contact maps between the important information assets and the other information assets according to the security contact analysis results.
2. The information system security detection, evaluation and processing system according to claim 1, wherein the security traceability analysis unit specifically comprises:
the safety analysis module is used for carrying out safety analysis on a plurality of important information assets and generating a safety analysis result;
and the traceability analysis module is used for carrying out traceability analysis on a plurality of other information assets according to the safety analysis result and the safety contact map to generate a traceability analysis result.
3. The information system security detection, evaluation and processing system according to claim 2, wherein the traceback analysis module specifically comprises:
the route establishment sub-module is used for establishing a plurality of tracing routes according to the safety analysis result and the safety contact map;
and the tracing analysis sub-module is used for tracing analysis on a plurality of other information assets according to a plurality of tracing routes to generate tracing analysis results.
4. The information system security detection, assessment and processing system of claim 1, wherein the vulnerability localization analysis unit specifically comprises:
the vulnerability positioning module is used for integrating the safety analysis result and the traceability analysis result, positioning the vulnerability and determining the information data asset with the safety vulnerability;
the type analysis module is used for carrying out type analysis on the information data assets with security weaknesses and determining the information data types;
and the threat analysis module is used for carrying out threat analysis on the information data asset with the security weakness according to the information data type and determining the security threat type.
5. The information system security detection, assessment and processing system of claim 4, wherein the vulnerability localization module specifically comprises:
the vulnerability positioning sub-module is used for integrating the safety analysis result and the traceability analysis result, performing vulnerability positioning and generating a vulnerability positioning result;
the vulnerability determination sub-module is used for determining whether safety vulnerabilities exist according to the vulnerability positioning result;
and the vulnerability determination submodule is used for determining corresponding information data assets when the security vulnerabilities exist.
6. The information system security detection, assessment and processing system according to claim 1, wherein the security processing detection unit specifically comprises:
the processing analysis module is used for generating threat processing data according to the security threat type;
the security processing module is used for processing data according to the threat and performing security processing on information data assets with security weaknesses;
and the verification detection module is used for carrying out verification detection according to the safety contact map after safety processing.
7. The information system security detection, assessment and processing system of claim 6, wherein the verification detection module specifically comprises:
a signal generation sub-module for generating a completion processing signal after the security processing;
the verification generation sub-module is used for generating verification detection data according to the completion processing signal;
and the verification detection sub-module is used for carrying out verification detection according to the verification detection data and the safety contact map.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210638152.9A CN115208627B (en) | 2022-06-07 | 2022-06-07 | Information system security detection evaluation and processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210638152.9A CN115208627B (en) | 2022-06-07 | 2022-06-07 | Information system security detection evaluation and processing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115208627A CN115208627A (en) | 2022-10-18 |
| CN115208627B true CN115208627B (en) | 2024-03-22 |
Family
ID=83576402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210638152.9A Active CN115208627B (en) | 2022-06-07 | 2022-06-07 | Information system security detection evaluation and processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115208627B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160141457A (en) * | 2015-06-01 | 2016-12-09 | 주식회사 에스씨엘 | Risk assessment system for information security management system |
| CN106960269A (en) * | 2017-02-24 | 2017-07-18 | 浙江鹏信信息科技股份有限公司 | Safe emergence treating method and system based on analytic hierarchy process (AHP) |
| CN110620759A (en) * | 2019-07-15 | 2019-12-27 | 公安部第一研究所 | Network security event hazard index evaluation method and system based on multidimensional correlation |
| AU2019222885A1 (en) * | 2018-09-03 | 2020-03-19 | Beumont R&D PTY LTD | A system and method for monitoring assets within a pre-defined area |
| CN112291261A (en) * | 2020-11-13 | 2021-01-29 | 福建奇点时空数字科技有限公司 | Network security log audit analysis method driven by knowledge graph |
| CN112508435A (en) * | 2020-12-17 | 2021-03-16 | 国家工业信息安全发展研究中心 | Information system security risk assessment method, device, equipment and storage medium |
| CN112600839A (en) * | 2020-12-08 | 2021-04-02 | 国汽(北京)智能网联汽车研究院有限公司 | Method and device for constructing security threat association view based on Internet of vehicles platform |
| CN112732924A (en) * | 2020-12-04 | 2021-04-30 | 国网安徽省电力有限公司 | Power grid data asset management system and method based on knowledge graph |
| CN113612763A (en) * | 2021-07-30 | 2021-11-05 | 北京交通大学 | Network attack detection device and method based on network security malicious behavior knowledge base |
| CN113807751A (en) * | 2021-11-19 | 2021-12-17 | 鑫安利中(北京)科技有限公司 | Safety risk grade assessment method and system based on knowledge graph |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8494894B2 (en) * | 2008-09-19 | 2013-07-23 | Strategyn Holdings, Llc | Universal customer based information and ontology platform for business information and innovation management |
| GB2542115B (en) * | 2015-09-03 | 2017-11-15 | Rail Vision Europe Ltd | Rail track asset survey system |
| US11159559B2 (en) * | 2017-05-17 | 2021-10-26 | Threatmodeler Software Inc. | Systems and methods for importing diagrams for automated threat modeling |
-
2022
- 2022-06-07 CN CN202210638152.9A patent/CN115208627B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20160141457A (en) * | 2015-06-01 | 2016-12-09 | 주식회사 에스씨엘 | Risk assessment system for information security management system |
| CN106960269A (en) * | 2017-02-24 | 2017-07-18 | 浙江鹏信信息科技股份有限公司 | Safe emergence treating method and system based on analytic hierarchy process (AHP) |
| AU2019222885A1 (en) * | 2018-09-03 | 2020-03-19 | Beumont R&D PTY LTD | A system and method for monitoring assets within a pre-defined area |
| CN110620759A (en) * | 2019-07-15 | 2019-12-27 | 公安部第一研究所 | Network security event hazard index evaluation method and system based on multidimensional correlation |
| CN112291261A (en) * | 2020-11-13 | 2021-01-29 | 福建奇点时空数字科技有限公司 | Network security log audit analysis method driven by knowledge graph |
| CN112732924A (en) * | 2020-12-04 | 2021-04-30 | 国网安徽省电力有限公司 | Power grid data asset management system and method based on knowledge graph |
| CN112600839A (en) * | 2020-12-08 | 2021-04-02 | 国汽(北京)智能网联汽车研究院有限公司 | Method and device for constructing security threat association view based on Internet of vehicles platform |
| CN112508435A (en) * | 2020-12-17 | 2021-03-16 | 国家工业信息安全发展研究中心 | Information system security risk assessment method, device, equipment and storage medium |
| CN113612763A (en) * | 2021-07-30 | 2021-11-05 | 北京交通大学 | Network attack detection device and method based on network security malicious behavior knowledge base |
| CN113807751A (en) * | 2021-11-19 | 2021-12-17 | 鑫安利中(北京)科技有限公司 | Safety risk grade assessment method and system based on knowledge graph |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115208627A (en) | 2022-10-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109636607A (en) | Business data processing method, device and computer equipment based on model deployment | |
| CN111737493B (en) | Abnormal data source output method and device based on decision tree and computer equipment | |
| CN108427613B (en) | Abnormal interface positioning method and device, computer equipment and storage medium | |
| CN110009225A (en) | Risk evaluating system construction method, device, computer equipment and storage medium | |
| CN109886554B (en) | Illegal behavior discrimination method, device, computer equipment and storage medium | |
| CN108629567A (en) | Declaration information processing method, device, computer equipment and storage medium | |
| CN108881271B (en) | Reverse tracing method and device for proxy host | |
| CN111709026B (en) | Static security detection method, device, computer equipment and storage medium | |
| CN109801151A (en) | Financial fraud risk monitoring and control method, apparatus, computer equipment and storage medium | |
| CN111831574B (en) | Regression test planning method, regression test planning device, computer system and medium | |
| Abuabed et al. | STRIDE threat model-based framework for assessing the vulnerabilities of modern vehicles | |
| CN111507730A (en) | Block chain cross-chain method and device | |
| US20220035928A1 (en) | Detecting exploitable paths in application software that uses third-party libraries | |
| CN112308464B (en) | Business process data processing method and device | |
| CN115208627B (en) | Information system security detection evaluation and processing system | |
| CN112383436B (en) | Network monitoring method and device | |
| CN115659337B (en) | Computer network defense method and system | |
| US20230017839A1 (en) | Risk analysis result display apparatus, method, and computer readable media | |
| CN114168949B (en) | Application software anomaly detection method and system applied to artificial intelligence | |
| RU168346U1 (en) | VULNERABILITY IDENTIFICATION DEVICE | |
| CN112862648B (en) | Multi-department joint collaboration method, device, equipment and medium based on block chain | |
| Mundt et al. | Enhancing Incident Management by an Improved Understanding of Data Exfiltration: Definition, Evaluation, Review | |
| Waheed et al. | The Impact of IOT Cybersecurity Testing in the Perspective of Industry 5.0. | |
| Shurrab et al. | Performance evaluation for process refinement stage of swa system | |
| CN118445801B (en) | Mobile terminal software testing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |