CN115357906A - Intelligent auxiliary evaluation method and system for network security level protection 2.0 - Google Patents

Intelligent auxiliary evaluation method and system for network security level protection 2.0 Download PDF

Info

Publication number
CN115357906A
CN115357906A CN202211066998.6A CN202211066998A CN115357906A CN 115357906 A CN115357906 A CN 115357906A CN 202211066998 A CN202211066998 A CN 202211066998A CN 115357906 A CN115357906 A CN 115357906A
Authority
CN
China
Prior art keywords
evaluation
information
safety
intelligent recommendation
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211066998.6A
Other languages
Chinese (zh)
Inventor
刘健
霍珊珊
张益�
金达
刘赫
刘润一
杨龙
刘琛
孙琪
王磊
裴帅
李艳俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cetc Beijing Information Evaluation And Certification Co ltd
CETC 15 Research Institute
Original Assignee
Cetc Beijing Information Evaluation And Certification Co ltd
CETC 15 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cetc Beijing Information Evaluation And Certification Co ltd, CETC 15 Research Institute filed Critical Cetc Beijing Information Evaluation And Certification Co ltd
Priority to CN202211066998.6A priority Critical patent/CN115357906A/en
Publication of CN115357906A publication Critical patent/CN115357906A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/10Text processing
    • G06F40/166Editing, e.g. inserting or deleting
    • G06F40/186Templates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides an intelligent auxiliary evaluation method and system for network security level protection 2.0, wherein the method comprises the steps of obtaining basic information of a project; automatically selecting an evaluation index range according to the safety protection level, the general requirements and the expansion requirements; acquiring type information of an evaluation object; according to the evaluation index range and the type of an evaluation object, intelligent recommendation information 1 such as an evaluation index and an evaluation method is automatically formed, and online modification is supported to form an evaluation record; automatically calculating a comprehensive score; intelligent recommendation information 2 such as a problem summary, a risk analysis example and a rectification suggestion example is automatically formed, and online modification is supported to form a risk analysis result; intelligent recommendation information 3 of existing safety measures, main safety problems and the like is automatically formed, and online modification is supported; acquiring information such as a network topological graph, the condition of a system to be tested and the like; and finally, automatically generating a network security level protection evaluation report. The method not only improves the standardization, the accuracy and the high efficiency of the high-protection evaluation work, but also can meet the complex and various evaluation requirements.

Description

Intelligent auxiliary evaluation method and system for network security level protection 2.0
Technical Field
The invention relates to the technical field of information security, in particular to an intelligent auxiliary evaluation method and system for network security level protection 2.0.
Background
In the 5 th month in 2019, national standards such as GB/T22239-2019 basic requirements for information security technology network security level protection, GB/T28448-2019 requirements for information security technology network security level protection evaluation and other standards are released, which marks that network security level protection enters the 2.0 era from the 1.0 era. The level protection 2.0 evaluation item comprises ten safety subclasses of a safety physical environment, a safety communication network, a safety region boundary, a safety computing environment, a safety management center, a safety management system, a safety management mechanism, safety management personnel, safety construction management, safety operation and maintenance management and the like, wherein the safety physical environment, the safety communication network, the safety region boundary, the safety computing environment, the safety management center, the safety management system, the safety management mechanism, the safety management personnel, the safety construction management, the safety operation and maintenance management and the like meet the general information system, the cloud computing, the mobile internet, the internet of things, the industrial control system, the big data application and the like. Compared with the level protection 1.0, the evaluation index system of the level protection 2.0 is richer, the coverage of the evaluation object is wider, the evaluation object comprises multiple aspects such as physics, network, calculation, application, data, management and the like, and the page number of the evaluation report is usually about 200-300 pages. The level protection of 2.0 obviously increases the complexity of the evaluation work such as detection, risk analysis, comprehensive score calculation, evaluation report compiling and the like, and puts high requirements on the accuracy, the high efficiency and the normalization of the evaluation work.
In 2021, the national administration department of network security level protection and the union of the equal insurance evaluation institutions adjusted the comprehensive score calculation method of level protection 2.0, and changed the original score method based on the risk assessment theory into the defect deduction method, thereby defining the quantitative deduction rule and greatly reducing the influence of artificial subjective judgment on the score.
With the development of the trusted industry, trusted computers and server products based on domestic CPUs (central processing units) appear, and are particularly popularized and applied in level protection key industries, such as national economy important industries of finance and the like. Because the instruction set of the domestic CPU is incompatible with the instruction set of X85, the trusted operating system adapted to the trusted product is obviously different from Windows and foreign Linux operating systems, so that the safety configuration commands and methods are different, and even part of network safety technology detection tools do not support the test of the trusted product. Therefore, automated rating protection evaluation methods and systems based in part on technical inspection tools do not support well automated testing of trusted products.
The existing grade protection evaluation technology is mainly classified into 4 categories. And class 1, a pure manual mode, namely recording test data by using a Word form, calculating an evaluation score by adopting Excel, and manually compiling an evaluation report. This method has the following problems: (1) Due to different levels of evaluators and different proficiency of testing methods, the standardization of test data records is uneven, so that the rigidness and accuracy of the test data are deviated; (2) Because the comprehensive score calculation formula is complex, part of evaluators cannot understand and master calculation skillfully, and calculation results are wrong; (3) The grade protection evaluation report is about 200-300 pages generally, and the efficiency and the accuracy of purely manually compiling the evaluation report are low.
In category 2, as represented by the chinese patents "a method for inspecting security compliance of information system facing level protection CN201510141097.2" and "a system for inspecting level protection based on knowledge base technology and its using method CN201610091018.6", various network security detection tools are integrated in a separated or integrated manner, and an automated inspection method facing level protection 1.0 is formed by combining an inspection index database and a knowledge base. Such techniques have the following problems: (1) The inspection index library is bound with the current level protection 1.0 standard and is not matched with the current level protection 2.0 standard, so that the automatic inspection method facing the level protection 1.0 standard has no use; (2) No matter in a split mode or an integrated mode, the technology integrates a batch of specific technical inspection tools, the dependence on the technical inspection tools exists, the automation degree is improved, the testing flexibility is insufficient, the testing device cannot be well adapted to complex and various testing objects, and particularly does not support domestic trusted products. The tested objects of the same type can cause the difference of the checking command and the method due to the difference of manufacturers, so that the automatic testing of products of different manufacturers can not be realized by one method.
The 3 rd class, chinese patent "an automatic evaluation method and apparatus based on class protection 2.0 CN202011351946.4" proposes a method: automatically selecting a corresponding evaluation item and an evaluation method according to the type information of the tested equipment input by a user; according to the login information of the tested equipment, the communication connection is carried out with the tested equipment, various evaluation item tests are automatically executed, and an evaluation result is obtained; judging the conformity of the evaluation result in a keyword matching mode according to the expected set safety baseline; and finally, automatically calculating the evaluation score according to the conformity condition of the test item, the weight and a standard formula. This technique has several problems: (1) The automatic test method can only be used for test items which can be evaluated on line, and cannot completely cover all evaluation items of the national standard GB/T22239-2019. For example, the test items such as the safe physical environment, the safety management system, the safety management mechanism, the safety management personnel, the safety construction management and the like can not be checked through the automatic tool, and the check needs to be carried out through the manual modes such as the field data verification, personnel interview and the like; (2) Although the technology realizes the automatic calculation of the evaluation score, the technology cannot automatically generate an equal-protection evaluation report and cannot help an evaluation mechanism to solve the problems of the compiling efficiency and the normalization of the evaluation report; (3) Since the comprehensive score calculation method of the grade protection 2.0 is adjusted in 2021, the evaluation conclusion calculation method in the method does not meet the relevant requirements.
In category 4, the chinese patent "grade protection evaluation data acquisition and analysis method and system based on off-line form CN202010571569.9" proposes a method: generating an off-line data acquisition form according to the characteristics of the system to be tested; manually collecting and filling data, and uploading the data to a system; verifying, analyzing and cleaning the acquired data based on a knowledge base to obtain structured data; performing calculation analysis on the structured data, including automatically calculating a single risk value based on a risk evaluation model, and calculating a control point score and a comprehensive score according to a standard formula; and generating an editable report by matching the safety suggestions according to the risk points. This technique has the following problems: (1) Because the offline data acquisition form is separated from the system, when the record data is manually filled, the filling specification guiding function of the evaluation personnel is insufficient, the probability of the condition that the filling record of the evaluation personnel is not standard cannot be effectively reduced, the form data cannot be normally uploaded, the test or the filling record needs to be supplemented, and the whole evaluation work efficiency is reduced; (2) Although the method has the functions of automatically generating general safety solutions and editing reports, the situations of complex and various tested objects are different, and the situations have personalized characteristics, so that the general safety solutions have the problem of applicability, and the automatically generated evaluation reports have poor usability. Because the system lacks a link of manual modification, the evaluation personnel needs to refine the report by exporting the report in an offline modification mode, and after the evaluation report is modified offline, the normalization and the checking work of the evaluation report still depend on the personnel level seriously, and the efficiency is not high, so the problems of normalization, accuracy and automatic checking of the evaluation report are not solved well; (3) Since the comprehensive score calculation method of the level protection 2.0 was adjusted in 2021, the calculation analysis method based on the risk assessment model in the method does not meet the relevant requirements.
In summary, the existing grade protection evaluation technology has low efficiency and poor accuracy, or has a narrow application range, or the comprehensive score calculation method does not meet the requirement of the latest grade protection 2.0, and cannot well support complex and diverse network security grade protection evaluation work.
Disclosure of Invention
In order to overcome the defects of the prior art, the invention provides an intelligent auxiliary evaluation method and system for network security level protection 2.0, which assist evaluation personnel by intelligent recommendation and intelligent auxiliary technical means and support on-line modification of intelligent recommendation information to finish the evaluation of the network security level protection 2.0, thereby improving the normalization, accuracy and high efficiency of evaluation work, having the characteristic of wide application range and well meeting the requirements of complex and various equal protection evaluation.
According to a first aspect of the present invention, an intelligent auxiliary evaluation method for network security level protection 2.0 is provided, the method comprising:
the project basic information module acquires project basic information of a tested system, wherein the project basic information comprises: information of system name, evaluation time, safety protection level, safety general requirements and expansion requirements;
according to the safety protection level, the safety general requirement and the expansion requirement of the project, the intelligent recommendation engine automatically completes the selection of the evaluation index range according to the standard index library;
the evaluation object management module acquires basic information of each evaluation object of the ten safety subclasses, wherein the basic information of the evaluation object comprises: the number of the evaluation object, the name of the evaluation object, the description of the evaluation object and the type of the evaluation object;
according to the evaluation index range and the evaluation object type, the intelligent recommendation engine reads relevant knowledge base information from the standard index base to form intelligent recommendation information 1, and the intelligent recommendation information is automatically pushed to the evaluation object management module. The intelligent recommendation information 1 comprises: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, an evaluating record filling example, a judgment criterion and information which is not applicable to labeling;
the evaluation object management module supports on-line modification and determination of an evaluation method, an evaluation record and a judgment criterion according to the actual condition of an evaluation object on the basis of the intelligent recommendation information 1, and then determines the conforming condition of the evaluation object according to the judgment criterion, wherein the conforming condition is divided into 4 types of conforming, partially conforming, non-conforming and non-conforming; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the records of the evaluation objects with different coincidence conditions in different colors to form a final record of the evaluation objects; the method supports one-key updating and the mode of leading in the evaluation records to quickly modify and summarize the evaluation object records;
the comprehensive score calculation module extracts the total number n of the evaluation objects, the scores k of all the evaluation objects and the evaluation index weight omega from the evaluation object management module, and automatically calculates to obtain a standard score S and a score X of each evaluation index according to a comprehensive score calculation formula specified by the national administration department and the alliance of the equal protection evaluation institution k And a comprehensive score V;
according to all the records of the evaluation objects, the intelligent recommendation engine automatically summarizes problems of a plurality of evaluation objects of the same type according to the evaluation index dimensions to form problem summary information, reads related knowledge base information from a standard index base, automatically judges the risk level of an evaluation index item according to high-risk judgment guide and conformity conditions, automatically marks obvious marks for the high-risk item and the middle-risk item as main safety problems to form intelligent recommendation information 2, and automatically pushes the intelligent recommendation information to a problem risk analysis module. The intelligent recommendation information 2 includes: problem summary information, risk level, main safety problem label, risk analysis example and information of rectification suggestion example;
the problem risk analysis module supports on-line modification of information of problem summary, risk level, main safety problem sign, risk analysis and correction suggestion on the basis of the intelligent recommendation information 2, and a problem risk analysis result is formed after confirmation; the problem risk analysis results are quickly summarized in a mode of supporting exporting and importing the problem risk analysis results; supporting automatic generation of a rectification proposal according to the problem risk analysis result;
according to the basic information of the project, the record of the evaluation object and the information of the problem risk analysis result, the intelligent recommendation engine automatically summarizes the existing safety control measures and the main safety problems according to ten safety subclass dimensions, reads the relevant knowledge base information from the standard index base to form intelligent recommendation information 3, and automatically pushes the intelligent recommendation information 3 to the modification report information module. The intelligent recommendation information 3 includes: the information of evaluation basis, the summary of the existing safety control measures and the summary and analysis of the main safety problems;
the modification report information module supports on-line modification and confirmation of information of evaluation basis, summary of existing safety control measures and summary analysis of main safety problems on the basis of the intelligent recommendation information 3, and highlights the summary of the existing safety control measures and the summary analysis of the main safety problems respectively in different colors; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the condition information of a tested system of network structure description, the last evaluation problem correction condition, the current evaluation boundary, an evaluation tool and an owner condition;
and automatically extracting the information of each element of the evaluation report from the evaluation object management module, the problem risk analysis module, the report modification information module and the comprehensive score calculation module to generate a full-element network security level protection evaluation report.
Further, the security protection level includes: the method comprises the following steps of (1) dividing each of three aspects of a service information safety level, a system service assurance level and a general safety protection requirement level into 4 levels; the three aspects form a safety protection grade through combination, and are divided into a first grade, a second grade, a third grade and a fourth grade;
further, the safety general requirements and the extension requirements are divided into: 6 aspects of safety general requirements, cloud computing safety expansion requirements, mobile interconnection safety expansion requirements, internet of things safety expansion requirements, industrial control system safety expansion requirements and big data reference safety control measures;
further, the standard index library integrates knowledge bases related to network security level protection evaluation, and comprises national standard GB/T22239-2019 evaluation indexes, high risk judgment guides, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicable conditions, risk analysis examples and rectification suggestion examples; the standard index library takes the evaluation index as an index and establishes an incidence relation between the evaluation index and information of other knowledge bases; the standard index library supports online modification and knowledge base information addition;
further, the evaluation index range covers evaluation indexes of ten safety subclasses of safety general requirements and expansion requirements specified by the national standard GB/T22239-2019; the ten safety subclasses are respectively a safe physical environment, a safe communication network, a safe region boundary, a safe computing environment, a safe management center, a safe management system, a safe management mechanism, a safe management personnel, a safe construction management and a safe operation and maintenance management;
further, the evaluation object type includes: a secure physical environment, a secure communication network, a secure zone boundary, a secure computing environment-network device/security device, a secure computing environment-server/storage device/terminal/control device, a secure computing environment-cryptographic product, a secure computing environment-system management software, a secure computing environment-business application system, a secure management center, a secure management regime, a secure management authority, a secure administrator, secure construction management, secure operation and maintenance management.
According to a second aspect of the present invention, an intelligent auxiliary evaluation system for network security level protection 2.0 is provided, the system comprising:
the intelligent auxiliary evaluation system for the network security level protection 2.0 consists of a project basic information module, a standard index library, an intelligent recommendation engine, an evaluation object management module, a comprehensive score calculation module, a problem risk analysis module, a modification report information template and an automatic evaluation report generation module;
the project basic information module is used for acquiring project basic information of the tested system, and the project basic information comprises information of a system name, evaluation time, a safety protection level, a safety general requirement and an expansion requirement;
the standard index library integrates a knowledge base related to network security level protection evaluation, and comprises the following steps: the method comprises the following steps of providing national standard GB/T22239-2019 evaluation indexes, high-risk judgment guide, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicability, risk analysis examples and correction suggestion examples; the standard index library takes the evaluation index as an index and establishes an incidence relation between the evaluation index and information of other knowledge bases; the standard index library supports online modification and knowledge base information addition;
the intelligent recommendation engine is a core module of the system, is connected with five modules of a project basic information module, a standard index library, an evaluation object management module, a problem risk analysis module and a modification report information template for information exchange, realizes the selection of an evaluation index range, respectively summarizes problems and safety control measures according to two dimensions of an evaluation index and a safety subclass, extracts knowledge base information to form intelligent recommendation information, pushes the intelligent recommendation information 1 to the evaluation object management module, automatically pushes the intelligent recommendation information 2 to the problem risk analysis module and pushes the intelligent recommendation information 3 to the modification report information template;
wherein, the intelligent recommendation information 1 includes: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, evaluating record filling examples, judging criteria and information which is not applicable to labeling; the intelligent recommendation information 2 includes: problem summary information, risk level, main safety problem label, risk analysis example and information of rectification suggestion example; the intelligent recommendation information 3 includes: the method comprises the following steps of (1) summarizing evaluation basis, existing safety control measures and main safety problems;
the evaluation object management module receives the intelligent recommendation information 1 from the intelligent recommendation engine and displays the information on a relevant interface, supports online modification and determination of an evaluation method, an evaluation record and a judgment criterion according to the actual condition of the evaluation object, and determines the conforming condition of the evaluation object according to the judgment criterion, wherein the conforming condition is divided into 4 types of conforming, partially conforming, non-conforming and non-conforming; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the record contents of the evaluation objects with different coincidence conditions in different colors to form a final record of the evaluation objects; the method supports one-key updating and the mode of leading out the imported evaluation record to quickly modify and summarize the evaluation object record;
the comprehensive score calculation module is connected with the evaluation object management module, reads the information of the total number n of the evaluation objects, the scores k of all the evaluation objects and the evaluation index weight omega, and automatically calculates to obtain a benchmark score S and a score X of each evaluation index according to a comprehensive score calculation formula specified by the national administrative department and the alliance of the equal protection evaluation institution k And comprehensively scoring V;
the problem risk analysis module receives the intelligent recommendation information 2 from the intelligent recommendation engine and displays the intelligent recommendation information on a relevant interface, supports online modification of information of problem summarization, risk level, main safety problem marks, risk analysis and correction suggestions, and forms a problem risk analysis result after confirmation; the problem risk analysis results are summarized quickly in a mode of supporting exporting and importing the problem risk analysis results, and the function of quickly merging the results obtained by carrying out risk analysis on multiple persons in parallel is realized; the method supports automatic generation of the rectification proposal according to the problem risk analysis result and supports one-key export of the rectification proposal in the Word format;
the modification report information template receives intelligent recommendation information 3 from the intelligent recommendation engine and displays the intelligent recommendation information on a related interface, supports online modification and confirmation of information of evaluation basis, summary of existing safety control measures and summary analysis of main safety problems, and highlights the summary of the existing safety control measures and the summary analysis of the main safety problems in different colors; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the information of the network structure description, the condition of the correction of the last evaluation problem, the evaluation boundary, the evaluation tool and the condition of the owner to be tested;
the automatic evaluation report generation module automatically extracts the element information required by the evaluation report from the evaluation object management module, the problem risk analysis module, the modification report information template and the comprehensive score calculation module, generates a network security level protection evaluation report of all elements and supports one-key export of the evaluation report in the Word format.
According to a third aspect of the present invention, an intelligent auxiliary evaluation system for network security level protection 2.0 is provided, the system comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the intelligent assistance evaluation method for network security level protection 2.0 as described above.
After adopting such design, the invention has at least the following advantages:
1. the invention provides an auxiliary evaluation personnel by intelligent recommendation and intelligent auxiliary technical means for the first time, and supports online modification of intelligent recommendation information, thereby completing the evaluation of network security level protection 2.0 and automatically generating a network security level protection evaluation report of full elements, thereby not only improving the normalization, accuracy and high efficiency of evaluation work, but also enabling an intelligent auxiliary evaluation system to have strong flexibility, meeting complex and diverse evaluation requirements and solving the problem of limitation caused by the fact that the existing evaluation technology cannot be modified online.
2. The intelligent auxiliary evaluation method for network security level protection 2.0, provided by the invention, is based on a standard index library and takes an intelligent recommendation engine as a core, and provides intelligent recommendation information such as an evaluation method, a record filling example, a high risk prompt, a risk analysis example, a rectification suggestion example and the like, so that reference and guidance are provided for evaluation personnel to carry out evaluation work, and the normalization and the accuracy of the evaluation work are ensured.
3. According to the intelligent auxiliary evaluation method for network security level protection 2.0, provided by the invention, the intelligent auxiliary functions of one-key updating, imported shortcut derivation, automatic summary of security measures and security problems, highlight display, automatic calculation of comprehensive scores, automatic generation of rectification proposal and evaluation report and the like are adopted, so that the high efficiency and normalization of evaluation work are ensured, and the workload and difficulty in compiling the network security level protection evaluation report of 200-300 pages are obviously reduced.
The foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clear, the following detailed description is made with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention, are incorporated in and constitute a part of this specification. In the drawings:
FIG. 1 is a flow chart of an intelligent auxiliary evaluation method for network security level protection 2.0 according to the present invention;
fig. 2 is an architecture diagram of an intelligent auxiliary evaluation system facing network security level protection 2.0 according to the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in conjunction with the accompanying drawings, and it will be understood that they are described herein for the purpose of illustration and explanation and not limitation.
Firstly, an intelligent auxiliary evaluation method facing network security level protection 2.0 according to an embodiment of the present invention is described with reference to fig. 1, where the method includes the following steps:
step 1, a project basic information module acquires project basic information of a tested system, wherein the project basic information comprises: information such as system name, evaluation time, safety protection level, safety general requirements and expansion requirements;
the security protection level comprises: the method comprises the following steps of (1) dividing each of three aspects of service information security level, system service assurance level, general safety protection requirement level and the like into 4 levels; the three aspects form a safety protection grade through combination, and are divided into a first grade, a second grade, a third grade and a fourth grade;
the safety general requirements and the expansion requirements are as follows: safety general requirements, cloud computing safety expansion requirements (cloud platform and cloud tenants), mobile interconnection safety expansion requirements, internet of things safety expansion requirements, industrial control system safety expansion requirements, big data reference safety control measures and the like;
step 2, according to the safety protection level, the general safety requirement and the expansion requirement of the project, the intelligent recommendation engine automatically completes the selection of the evaluation index range according to the standard index library, and screens out the corresponding evaluation index required by the national standard;
the standard index library integrates a knowledge base related to network security level protection evaluation, and comprises the following steps: the method comprises the following steps of national standard GB/T22239-2019 evaluation indexes, high risk judgment guide, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicable indexes, risk analysis examples, reforming suggestion examples and the like; the standard index library takes the evaluation index as an index, and establishes the incidence relation between the evaluation index and other knowledge base information; the standard index library supports online modification and knowledge base information addition;
the evaluation index range covers evaluation indexes of ten safety subclasses of safety general requirements and expansion requirements specified by the national standard GB/T22239-2019; the ten safety subclasses are respectively a safe physical environment, a safe communication network, a safe region boundary, a safe computing environment, a safe management center, a safe management system, a safe management mechanism, a safe management personnel, a safe construction management and a safe operation and maintenance management;
step 3, the evaluation object management module acquires basic information of each evaluation object of the ten safety subclasses, wherein the basic information of the evaluation object comprises: the number of the evaluation object, the name of the evaluation object, the description of the evaluation object, the type of the evaluation object and other information;
the evaluation object type comprises: a secure physical environment, a secure communication network, a secure enclave, a secure computing environment-network device/secure device, a secure computing environment-server/storage device/terminal/control device, a secure computing environment-cryptographic product, a secure computing environment-system management software, a secure computing environment-business application system, a secure management center, a secure management regime, a secure management institution, a secure manager, secure construction management, secure operation and maintenance management;
and 4, reading related knowledge base information from the standard index base by the intelligent recommendation engine to form intelligent recommendation information 1 according to the evaluation index range and the evaluation object type, and automatically pushing the intelligent recommendation information to the evaluation object management module to assist the evaluation personnel in developing standardized evaluation. The intelligent recommendation information 1 comprises: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, evaluating record filling examples, judging criteria, inapplicable labels and other information;
the evaluation index weight omega refers to each evaluation index weight specified by the national administrative department integrated with the standard index library and the union of the equal protection evaluation institutions, is divided into 3 types, and respectively comprises the following components: omega of the key index is 3, omega of the important index is 2, and omega of the general index is 1;
the high-risk prompt refers to marking a high-risk prompt for a corresponding evaluation index according to a high-risk judgment guide of a national administration department integrated with a standard index library and an iso-insurance evaluation institution alliance;
the evaluation method is used for providing corresponding information such as specific methods and test steps with evaluation guidance for different evaluation indexes and different evaluation objects, and can be used for assisting evaluation personnel in developing standardized evaluation work aiming at different evaluation objects;
the evaluation record filling paradigm and the judgment criterion refer to the standardized evaluation result recording paradigm and the judgment criterion recommended for different evaluation indexes and different evaluation objects, and can be used for assisting an evaluation worker in developing standardized record filling and conformity judgment for different evaluation objects;
the inapplicable marking means that the inapplicable evaluation indexes of the evaluation objects of partial types are automatically marked aiming at the evaluation objects of different types in the safe computing environment for reference of evaluation personnel, so that the evaluation efficiency is improved;
step 5, the evaluation object management module supports on the basis of the intelligent recommendation information 1, modifies and determines information such as an evaluation method, an evaluation record, a judgment criterion and the like on line according to the actual evaluation condition of the evaluation object so as to adapt to complex and various evaluation objects, and determines the conforming condition of the evaluation object according to the judgment criterion, wherein the conforming condition is classified into conforming, partially conforming, non-conforming and non-conforming 4 types; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the evaluation object records of different coincidence conditions in different colors to play an obvious prompting role, thereby forming the final evaluation object record; the method supports one-key updating and the mode of leading out the imported evaluation record to quickly modify and summarize the evaluation object record;
further, the corresponding relation between the compliance condition and the score k conforms to the regulations of the national administration department and the union of the equal insurance evaluation institutions: in agreement, k is 1; when the parts are partially coincident, k is 0.5; when the K is not coincident with the K, k is 0; when not applicable, the score is not calculated;
the invention provides a specific embodiment of corresponding relation between conditions and different colors, which is in accordance with corresponding green, partially in accordance with corresponding yellow, not in accordance with corresponding red and not in accordance with corresponding gray;
step 6, the comprehensive score calculation module reads the total number n of the evaluation objects, the scores k of all the evaluation objects and the evaluation index weight omega from the evaluation object management module, and automatically calculates to obtain a benchmark score S and a score X of each evaluation index according to a comprehensive score calculation formula specified by the national administration department and the alliance of the equal protection evaluation institution k And a comprehensive score V;
according to all the records of the evaluation objects, the intelligent recommendation engine automatically summarizes problems of a plurality of evaluation objects of the same type according to the evaluation index dimensions to form problem summary information, reads related knowledge base information from a standard index base, automatically judges the risk level of the evaluation index item according to high-risk judgment guide and conformity conditions, automatically marks obvious marks for the high-risk item and the middle-risk item as main safety problems to form intelligent recommendation information 2, and automatically pushes the intelligent recommendation information to a problem risk analysis module to realize efficient problem summary, normalized risk analysis and improvement suggestions. The intelligent recommendation information 2 comprises: information such as problem summary information, risk level, main safety problem label, risk analysis example and rectification suggestion example;
the problem summary information is linked with relevant information of the evaluation object management module, and once the record information of the evaluation object is modified, the contents in the problem summary information are manually updated and automatically updated;
the invention provides an embodiment of risk level recommendation, wherein non-conforming or partially conforming high risk items are recommended as high risk; non-high risk items that are not or partially compliant and are critical items are recommended as middle risk; other items that are not or partially compliant are recommended as low risk;
the invention provides an embodiment of main safety problem marking, wherein the main safety problem marking takes a solid pentagram as a mark, and the non-main safety problem marking takes a hollow pentagram as a mark;
the risk analysis paradigm and the rectification suggestion paradigm refer to a risk analysis paradigm and a corresponding rectification suggestion paradigm for common problems given by an intelligent recommendation engine aiming at different evaluation indexes;
step 7, the problem risk analysis module supports on-line modification of information such as problem summary, risk level, main safety problem signs, risk analysis, rectification suggestions and the like on the basis of the intelligent recommendation information 2, and a problem risk analysis result is formed after confirmation so as to meet the requirements of complex and various tested systems; the problem risk analysis results are rapidly summarized in a manner of exporting and importing the problem risk analysis results, and the function of rapidly combining the results obtained by carrying out risk analysis on multiple persons in parallel is realized; the method supports automatic generation of the rectification proposal according to the problem risk analysis result and one-key derivation of the rectification proposal in the Word format meeting the requirements of national administrative departments and the alliance of the equal insurance evaluation institutions;
and step 8, according to the information such as project basic information, evaluation object records and problem risk analysis results, the intelligent recommendation engine automatically and respectively summarizes the existing safety control measures and the main safety problems according to ten safety subclass dimensions, reads relevant knowledge base information from the standard index base to form intelligent recommendation information 3, and automatically pushes the intelligent recommendation information 3 to the modification report information module to realize the high efficiency and accuracy of summarizing the safety control measures and the main safety problems. Intelligent recommendation information 3, including: information such as evaluation basis, summary of existing safety control measures, summary analysis of main safety problems and the like;
step 9, the modification report information module supports on-line modification and confirmation of information such as evaluation basis, summary of existing safety control measures, summary analysis of main safety problems and the like on the basis of the intelligent recommendation information 3, and highlights the summary of the existing safety control measures and the summary analysis of the main safety problems respectively in different colors; the invention provides an embodiment, yellow corresponds to the summary of the existing safety control measures, and red corresponds to the summary analysis of the main safety problems; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the situation information of the system to be tested, such as network structure description, the situation of the correction and modification of the last evaluation problem, the boundary of the evaluation, an evaluation tool, the situation of an owner and the like;
and step 10, automatically extracting information of each element of the evaluation report from the evaluation object management module, the problem risk analysis module, the modification report information module and the comprehensive score calculation module, generating a network security level protection evaluation report of all elements, and supporting one-key derivation of the evaluation report in the Word format meeting the requirements of the national administration and the enterprises in which the evaluation is conducted.
The network security level protection evaluation report covers the whole element content required by the national administrative department and the equal protection evaluation organization alliance, and comprises the following steps: the method comprises the following steps of evaluation item summary, object description, grade protection evaluation conclusion, overall evaluation, evaluation process, single evaluation result analysis, main safety problems, correction suggestions and the like.
Another embodiment of the present invention further provides an intelligent auxiliary evaluation system for network security level protection 2.0, as shown in fig. 2, the system includes:
the intelligent auxiliary evaluation system facing the network security level protection 2.0 is composed of a project basic information module, a standard index library, an intelligent recommendation engine, an evaluation object management module, a comprehensive score calculation module, a problem risk analysis module, a modification report information template and an evaluation report automatic generation module;
the project basic information module is used for acquiring project basic information of the tested system, and the project basic information comprises information such as a system name, evaluation time, a safety protection level, a safety general requirement and an expansion requirement;
the standard index library integrates a knowledge base related to network security level protection evaluation, and comprises the following steps: the method comprises the following steps of national standard GB/T22239-2019 evaluation indexes, high risk judgment guide, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicable indexes, risk analysis examples, reforming suggestion examples and the like; the standard index library takes the evaluation index as an index, and establishes the incidence relation between the evaluation index and other knowledge base information; the standard index library supports online modification and knowledge base information addition;
the intelligent recommendation engine is a core module of the system and is connected with five modules, namely a project basic information module, a standard index library, an evaluation object management module, a problem risk analysis module, a modification report information template and the like, so that the selection of an evaluation index range is realized, problems and safety control measures are automatically summarized respectively according to two dimensions of an evaluation index and a safety subclass, and knowledge base information is extracted to form intelligent recommendation information. The intelligent recommendation engine reads information such as safety protection level, safety general requirements and expansion requirements from the project basic information module, reads relevant evaluation indexes of national standard GB/T22239-2019 from the standard index library, and completes the selection of the evaluation index range; the intelligent recommendation engine reads information such as the type of an evaluation object from the evaluation object management module, reads related knowledge base information from a standard index base in combination with the evaluation index range to form intelligent recommendation information 1, and automatically pushes the intelligent recommendation information 1 to the evaluation object management module; the intelligent recommendation engine reads the evaluation object records from the evaluation object management module, respectively summarizes and combines partial conforming and non-conforming evaluation object records according to each evaluation index dimension to solve problems existing in a plurality of evaluation objects of the same type, reads related knowledge base information from a standard index base, automatically judges the risk level of the evaluation index item according to high risk judgment guide and conforming conditions, automatically marks obvious marks for the high risk item and the middle risk item as main safety problems, then forms intelligent recommendation information 2, and automatically pushes the intelligent recommendation information to a problem risk analysis module; the intelligent recommendation engine reads existing safety control measures from the evaluation object management module and summarizes the measures according to ten safety subclass dimensions, reads main safety problems from the problem risk analysis module and summarizes the problems according to ten safety subclass dimensions, reads related knowledge base information from the standard index base to form intelligent recommendation information 3, and automatically pushes the intelligent recommendation information 3 to the modification report information template;
the invention provides a specific embodiment of intelligent recommendation information, and the intelligent recommendation information 1 comprises the following components: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, evaluating record filling examples, judging criteria, inapplicable labels and other information; the intelligent recommendation information 2 includes: information such as problem summary information, risk level, main safety problem marking, risk analysis examples, rectification suggestion examples and the like; the intelligent recommendation information 3 includes: information such as evaluation basis, summary of existing safety control measures, summary analysis of main safety problems and the like;
the evaluation object management module is used for acquiring information such as basic information, an evaluation method, an evaluation record and a conforming condition of an evaluation object; receiving intelligent recommendation information 1 from an intelligent recommendation engine and displaying the intelligent recommendation information on a relevant interface, supporting online modification and determination of information such as an evaluation method, an evaluation record and a judgment criterion according to the actual condition of an evaluation object so as to adapt to complex and various evaluation objects, and determining the conforming condition of the evaluation object according to the judgment criterion, wherein the conforming condition is divided into 4 types of conforming, partially conforming, non-conforming and non-conforming; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the record contents of the evaluation objects with different coincidence conditions in different colors to form a final record of the evaluation objects; the method supports one-key updating and the mode of leading out the imported evaluation record to quickly modify and summarize the evaluation object record;
the invention provides a specific embodiment of one-key updating, after an evaluation object record is modified, the evaluation records of the objects of the same type can be modified in batch by clicking one-key updating key;
the invention provides a specific embodiment for exporting and importing evaluation records, which supports exporting the evaluation object records into a record confirmation sheet in an Excel format and also supports importing the record confirmation sheet in the Excel format into a system, thereby realizing rapid summarization of the evaluation records;
the comprehensive score calculation module is connected with the evaluation object management module, reads information such as the total evaluation object number n, all evaluation object scores k and evaluation index weight omega, and automatically calculates to obtain a benchmark score S and each evaluation index score X according to a comprehensive score calculation formula specified by the national administrative department and the alliance of the equal protection evaluation institution k And a comprehensive score V;
the problem risk analysis module is used for acquiring partial conforming and non-conforming evaluation records, risk levels, main safety problem labeling, risk analysis, rectification suggestions and other information; receiving intelligent recommendation information 2 from an intelligent recommendation engine and displaying the intelligent recommendation information on a related interface, supporting on-line modification of information such as problem summarization, risk level, main safety problem marks, risk analysis, rectification suggestions and the like so as to meet the requirements of complex and various tested systems, and forming a problem risk analysis result after confirmation; the problem risk analysis results are summarized quickly in a mode of supporting exporting and importing the problem risk analysis results, and the function of quickly merging the results obtained by carrying out risk analysis on multiple persons in parallel is realized; the method supports automatic generation of the rectification and reconstruction protocol according to the problem risk analysis result, and supports one-key derivation of the rectification and reconstruction protocol in the Word format meeting the requirements of national administrative departments and the alliance of the iso-insurance evaluation institution;
the invention provides a specific embodiment for exporting and importing a problem risk analysis result, which supports exporting the problem risk analysis result into a problem risk analysis sheet in an Excel format and also supports importing the problem risk analysis sheet in the Excel format into a system, thereby realizing rapid summarization;
the modification report information template is used for acquiring evaluation report element information such as evaluation basis, summary of existing safety control measures, summary analysis of main safety problems, conditions of a system to be tested and the like; receiving intelligent recommendation information 3 from an intelligent recommendation engine and displaying the intelligent recommendation information on a related interface, supporting online modification and confirmation of information such as evaluation basis, summary of existing safety control measures, summary analysis of main safety problems and the like, and highlighting and displaying the summary of the existing safety control measures and the summary analysis of the main safety problems in different colors; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the situation information of the system to be tested, such as network structure description, the situation of the correction and modification of the last evaluation problem, the boundary of the evaluation, an evaluation tool, the situation of an owner and the like;
the automatic evaluation report generation module automatically extracts element information required by an evaluation report from the evaluation object management module, the problem risk analysis module, the modification report information template and the comprehensive score calculation module, generates a network security level protection evaluation report of all elements, and supports one-key derivation of the evaluation report in the Word format meeting the requirements of national administration and equal protection evaluation organization alliance;
the network security level protection evaluation report covers the whole element content required by the national administrative department and the equal protection evaluation organization alliance, and comprises the following steps: the method comprises the following steps of evaluation item summary, object description, grade protection evaluation conclusion, overall evaluation, evaluation process, single evaluation result analysis, main safety problems, correction suggestions and the like.
The embodiment of the invention further provides an intelligent auxiliary evaluation system for network security level protection 2.0, which comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the intelligent assistance evaluation method for network security level protection 2.0 as described above.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. The intelligent auxiliary evaluation method facing the network security level protection 2.0 is characterized by comprising the following steps:
the project basic information module acquires project basic information of a tested system, wherein the project basic information comprises: information of system name, evaluation time, safety protection level, safety general requirements and expansion requirements;
according to the safety protection level, the safety general requirement and the expansion requirement of the project, the intelligent recommendation engine automatically completes the selection of the evaluation index range according to the standard index library;
the evaluation object management module acquires basic information of each evaluation object of the ten safety subclasses, wherein the basic information of the evaluation object comprises: the number of the evaluation object, the name of the evaluation object, the description of the evaluation object and the type information of the evaluation object;
according to the evaluation index range and the evaluation object type, the intelligent recommendation engine reads relevant knowledge base information from the standard index base to form intelligent recommendation information 1, and the intelligent recommendation information is automatically pushed to the evaluation object management module. The intelligent recommendation information 1 comprises: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, an evaluating record filling example, a judgment criterion and information which is not applicable to labeling;
the evaluation object management module supports on the basis of the intelligent recommendation information 1, modifies and determines an evaluation method, an evaluation record and a judgment criterion on line according to the actual condition of the evaluation object, and determines the conforming condition of the evaluation object according to the judgment criterion, wherein the conforming condition is divided into 4 types of conforming, partially conforming, non-conforming and non-conforming; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the records of the evaluation objects with different coincidence conditions in different colors to form a final record of the evaluation objects; the method supports one-key updating and the mode of leading in the evaluation records to quickly modify and summarize the evaluation object records;
the comprehensive score calculation module extracts the total evaluation object number n, all evaluation object scores k and evaluation index weight omega of the item from the evaluation object management module, and automatically calculates to obtain a benchmark score S and each evaluation index score X according to a comprehensive score calculation formula k And a comprehensive score V;
according to all the records of the evaluation objects, the intelligent recommendation engine automatically summarizes problems of a plurality of evaluation objects of the same type according to the evaluation index dimensions to form problem summary information, reads related knowledge base information from a standard index base, automatically judges the risk level of an evaluation index item according to high-risk judgment guide and conformity conditions, automatically marks obvious marks for the high-risk item and the middle-risk item as main safety problems to form intelligent recommendation information 2, and automatically pushes the intelligent recommendation information to a problem risk analysis module. The intelligent recommendation information 2 includes: problem summary information, risk level, main safety problem label, risk analysis example and information of rectification suggestion example;
the problem risk analysis module supports on-line modification of information of problem summary, risk level, main safety problem sign, risk analysis and correction suggestion on the basis of the intelligent recommendation information 2, and a problem risk analysis result is formed after confirmation; the problem risk analysis results are summarized quickly in a mode of supporting exporting and importing the problem risk analysis results; supporting automatic generation of a rectification proposal according to the problem risk analysis result;
according to the basic information of the project, the record of the evaluation object and the information of the problem risk analysis result, the intelligent recommendation engine automatically summarizes the existing safety control measures and the main safety problems according to ten safety subclass dimensions, reads the relevant knowledge base information from the standard index base to form intelligent recommendation information 3, and automatically pushes the intelligent recommendation information 3 to the modification report information module. The intelligent recommendation information 3 includes: the information of evaluation basis, the summary of the existing safety control measures and the summary and analysis of the main safety problems;
the modification report information module supports on-line modification and confirmation of information of evaluation basis, summary of existing safety control measures and summary analysis of main safety problems on the basis of the intelligent recommendation information 3, and highlights the summary of the existing safety control measures and the summary analysis of the main safety problems respectively in different colors; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the condition information of the tested system;
and automatically extracting each element information of the evaluation report from the evaluation object management module, the problem risk analysis module, the report modification information module and the comprehensive score calculation module to generate a network security level protection evaluation report.
2. The intelligent auxiliary evaluation method for network security level protection 2.0 according to claim 1, wherein the security protection level comprises: the method comprises three aspects of a service information security level, a system service assurance level and a general security protection requirement level, wherein each aspect is divided into 4 levels; the three aspects form a safety protection grade through combination and are divided into a first grade, a second grade, a third grade and a fourth grade.
3. The intelligent auxiliary evaluation method for network security level protection 2.0 according to claim 1, wherein the general security requirements and the extended requirements are: safety general requirements, cloud computing safety expansion requirements, mobile interconnection safety expansion requirements, internet of things safety expansion requirements, industrial control system safety expansion requirements and big data reference safety control measures.
4. The intelligent auxiliary evaluation method for network security level protection 2.0 according to claim 1, wherein the standard index library integrates knowledge bases related to network security level protection evaluation, and comprises national standard GB/T22239-2019 evaluation indexes, high risk judgment indexes, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicability cases, risk analysis examples and correction suggestion examples; and the standard index library takes the evaluation index as an index and establishes the incidence relation between the evaluation index and other knowledge base information.
5. The intelligent auxiliary evaluation method for network security level protection 2.0 according to claim 1, wherein the evaluation index range covers evaluation indexes of ten security subclasses of general security requirements and extended requirements specified in national standard GB/T22239-2019; the ten security subclasses are respectively a secure physical environment, a secure communication network, a secure area boundary, a secure computing environment, a secure management center, a secure management system, a secure management mechanism, a secure manager, a secure construction management and a secure operation and maintenance management.
6. The intelligent auxiliary evaluation method for network security level protection 2.0 according to claim 1, wherein the evaluation object type comprises: a secure physical environment, a secure communication network, a secure zone boundary, a secure computing environment-network device/security device, a secure computing environment-server/storage device/terminal/control device, a secure computing environment-cryptographic product, a secure computing environment-system management software, a secure computing environment-business application system, a secure management center, a secure management regime, a secure management authority, a secure administrator, secure construction management, secure operation and maintenance management.
7. Network security level protection 2.0 oriented intelligent auxiliary evaluation system is characterized by comprising:
the intelligent auxiliary evaluation system facing the network security level protection 2.0 is composed of a project basic information module, a standard index library, an intelligent recommendation engine, an evaluation object management module, a comprehensive score calculation module, a problem risk analysis module, a modification report information template and an evaluation report automatic generation module;
the project basic information module is used for acquiring project basic information of the tested system, and the project basic information comprises information of a system name, evaluation time, a safety protection level, a safety general requirement and an expansion requirement;
the standard index library integrates a knowledge base related to network security level protection evaluation, and comprises the following steps: the method comprises the following steps of national standard GB/T22239-2019 evaluation indexes, high risk judgment guide, evaluation index weight omega, evaluation methods of different evaluation indexes and evaluation object types, evaluation record filling examples and judgment criteria, inapplicable situations, risk analysis examples and reforming suggestion examples; the standard index library takes the evaluation index as an index and establishes an incidence relation between the evaluation index and information of other knowledge bases;
the intelligent recommendation engine is a core module of the system, is connected with five modules of a project basic information module, a standard index library, an evaluation object management module, a problem risk analysis module and a modification report information template for information exchange, realizes the selection of an evaluation index range, respectively summarizes problems and safety control measures according to two dimensions of an evaluation index and a safety subclass, extracts knowledge base information to form intelligent recommendation information, pushes the intelligent recommendation information 1 to the evaluation object management module, automatically pushes the intelligent recommendation information 2 to the problem risk analysis module and pushes the intelligent recommendation information 3 to the modification report information template;
wherein, the intelligent recommendation information 1 comprises: the method comprises the following steps of (1) evaluating indexes, evaluating index weight omega, high-risk prompt, an evaluating method, evaluating record filling examples, judging criteria and information which is not applicable to labeling; the intelligent recommendation information 2 includes: problem summary information, risk level, main safety problem label, risk analysis example and information of rectification suggestion example; the intelligent recommendation information 3 includes: the information of evaluation basis, the summary of the existing safety control measures and the summary and analysis of the main safety problems;
the evaluation object management module receives the intelligent recommendation information 1 from the intelligent recommendation engine and displays the intelligent recommendation information on a related interface, supports online modification and determination of an evaluation method, an evaluation record and a judgment criterion according to the actual condition of the evaluation object, and determines the conformity condition of the evaluation object according to the judgment criterion, wherein the conformity condition is divided into 4 types of conformity, partial conformity, nonconformity and unsuitability; according to the coincidence condition of the evaluation objects, automatically obtaining the score k of each evaluation object and displaying the score k on an interface, and automatically highlighting the record contents of the evaluation objects with different coincidence conditions in different colors to form a final record of the evaluation objects; the method supports one-key updating and the mode of leading out the imported evaluation record to quickly modify and summarize the evaluation object record;
the comprehensive score calculation module is connected with the evaluation object management module, reads the information of the total number n of the evaluation objects, the scores k of all the evaluation objects and the evaluation index weight omega, and automatically calculates to obtain a benchmark score S and a score X of each evaluation index according to a comprehensive score calculation formula k And a comprehensive score V;
the problem risk analysis module receives the intelligent recommendation information 2 from the intelligent recommendation engine and displays the intelligent recommendation information on a relevant interface, supports online modification of information of problem summarization, risk level, main safety problem marks, risk analysis and correction suggestions, and forms a problem risk analysis result after confirmation; the problem risk analysis results are summarized quickly in a mode of supporting exporting and importing the problem risk analysis results; the method supports automatic generation of the amendment and recommendation according to the problem risk analysis result and supports one-key derivation of the amendment and recommendation in the Word format;
the modification report information template receives the intelligent recommendation information 3 from the intelligent recommendation engine and displays the intelligent recommendation information on a relevant interface, supports online modification and confirmation of information of evaluation basis, summary of existing safety control measures and summary analysis of main safety problems, and highlights the summary of the existing safety control measures and the summary analysis of the main safety problems in different colors; importing a network topological graph, a test access point schematic diagram and a vulnerability scanning result, and acquiring the condition information of the tested system;
the automatic evaluation report generation module automatically extracts the element information required by the evaluation report from the evaluation object management module, the problem risk analysis module, the modification report information template and the comprehensive score calculation module, generates a network security level protection evaluation report of all elements and supports one-key export of the evaluation report in the Word format.
8. An intelligent auxiliary evaluation system for network security level protection 2.0 is characterized by comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the intelligent assistant assessment method for network security level protection 2.0 according to any one of claims 1 to 6.
CN202211066998.6A 2022-09-01 2022-09-01 Intelligent auxiliary evaluation method and system for network security level protection 2.0 Pending CN115357906A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211066998.6A CN115357906A (en) 2022-09-01 2022-09-01 Intelligent auxiliary evaluation method and system for network security level protection 2.0

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211066998.6A CN115357906A (en) 2022-09-01 2022-09-01 Intelligent auxiliary evaluation method and system for network security level protection 2.0

Publications (1)

Publication Number Publication Date
CN115357906A true CN115357906A (en) 2022-11-18

Family

ID=84004222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211066998.6A Pending CN115357906A (en) 2022-09-01 2022-09-01 Intelligent auxiliary evaluation method and system for network security level protection 2.0

Country Status (1)

Country Link
CN (1) CN115357906A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116647416A (en) * 2023-07-27 2023-08-25 深圳大学 Network security index recommendation method, device, equipment and storage medium
CN117195183A (en) * 2023-09-28 2023-12-08 四川赛闯检测股份有限公司 Data security compliance risk assessment system
CN117828613A (en) * 2024-01-04 2024-04-05 北方实验室(沈阳)股份有限公司 Security audit item assessment method based on binary decision diagram

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116647416A (en) * 2023-07-27 2023-08-25 深圳大学 Network security index recommendation method, device, equipment and storage medium
CN116647416B (en) * 2023-07-27 2023-11-07 深圳大学 Network security index recommendation method, device, equipment and storage medium
CN117195183A (en) * 2023-09-28 2023-12-08 四川赛闯检测股份有限公司 Data security compliance risk assessment system
CN117195183B (en) * 2023-09-28 2024-04-16 四川赛闯检测股份有限公司 Data security compliance risk assessment system
CN117828613A (en) * 2024-01-04 2024-04-05 北方实验室(沈阳)股份有限公司 Security audit item assessment method based on binary decision diagram

Similar Documents

Publication Publication Date Title
CN115357906A (en) Intelligent auxiliary evaluation method and system for network security level protection 2.0
US20050065839A1 (en) Methods, systems and computer program products for generating an aggregate report to provide a certification of controls associated with a data set
CN110569197A (en) Credible evidence analysis and measurement method for software credibility evaluation
CN111752833B (en) Software quality system approval method, device, server and storage medium
CN114519498A (en) Quality evaluation method and system based on BIM (building information modeling)
Tikhanychev On improving indicators for assessing the decision support systems’ software quality
US7801914B2 (en) System, method and computer-program product for allowing an entity to capture, integrate, and report desired information relating to a specific situation in a given process-related work environment
Beer et al. Initial investigations on the influence of requirement smells on test-case design
Fischer et al. Towards interactive event log forensics: Detecting and quantifying timestamp imperfections
JP4502535B2 (en) Software quality inspection support system and method
CN117114412A (en) Safety pre-control method and device for dangerous chemical production enterprises
Vassallo Enabling continuous improvement of a continuous integration process
Flemström et al. Exploring test overlap in system integration: An industrial case study
CN114841663A (en) Verification method, device and equipment for installation quality of GPS equipment and storage medium
CN115454841A (en) Multi-dimensional code quality comprehensive evaluation method and system based on program testing and analysis
Szewieczek et al. Methodology of the quality management in the productive process
CN116468395B (en) Audit correction system
CN115392805B (en) Transaction type contract compliance risk diagnosis method and system
KR102327227B1 (en) Method and system for automatic counting and validation of function point using user requirements
CN116485597B (en) Standardized training method based on post capability model
CN117149872A (en) Data blood edge analysis method, medium, device and computing equipment
JP2002373087A (en) Quality control system
CN114461622A (en) Data quality inspection method and device
CN117010050A (en) GIS-based hydraulic structure management system and method
CN115907519A (en) Information security compliance detection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination