CN115907519A - Information security compliance detection method and system - Google Patents
Information security compliance detection method and system Download PDFInfo
- Publication number
- CN115907519A CN115907519A CN202211368134.XA CN202211368134A CN115907519A CN 115907519 A CN115907519 A CN 115907519A CN 202211368134 A CN202211368134 A CN 202211368134A CN 115907519 A CN115907519 A CN 115907519A
- Authority
- CN
- China
- Prior art keywords
- evaluation
- equipment
- report
- index
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 18
- 238000011156 evaluation Methods 0.000 claims abstract description 233
- 238000000034 method Methods 0.000 claims abstract description 17
- 238000012937 correction Methods 0.000 claims abstract description 5
- 238000012360 testing method Methods 0.000 claims description 16
- 230000035515 penetration Effects 0.000 claims description 15
- 238000004458 analytical method Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 9
- 238000012986 modification Methods 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000003908 quality control method Methods 0.000 claims description 6
- 238000007689 inspection Methods 0.000 claims description 4
- 238000007726 management method Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000012550 audit Methods 0.000 claims description 2
- 230000014509 gene expression Effects 0.000 claims description 2
- 230000008094 contradictory effect Effects 0.000 description 3
- 238000007405 data analysis Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012552 review Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011835 investigation Methods 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method and a system for detecting information security compliance, wherein the method comprises the following steps: receiving an evaluation task, selecting an evaluation index, detecting the evaluation task based on the evaluation index, and generating an evaluation operation instruction book; an assessment worker generates an asset table, a network topological graph, an assessment record form and a tool scanning report on an assessment site in a site assessment mode to obtain the reference information of a project; and checking the evaluation record through the standard information of the project to obtain an evaluation result, analyzing the evaluation result to generate an evaluation report, and judging the rationality of the evaluation conclusion and the correction suggestion. The invention can be applied to detection services with definite evaluation indexes, evaluation description and the like, such as information security level protection evaluation and commercial password application security evaluation.
Description
Technical Field
The invention relates to the technical field of information security evaluation, in particular to a method and a system for detecting information security compliance.
Background
In 2019 in 5 months, the state formally releases the national standard of 2.0 series of network security level protection technologies, and marks that the network security work of China enters the equal-protection 2.0 era. The equal-protection 2.0 is the comprehensive improvement of the equal-protection 1.0, and the full coverage of protection objects such as cloud computing, the Internet of things, mobile interconnection, an industrial control information system and big data is realized. Under the evaluation index system of the equal insurance 2.0, the index composition is more diverse, the coverage of evaluation objects is wider, and the relevance before and after an evaluation report is closer, so that the complexity of the equal insurance evaluation work and the evaluation data analysis process is increased.
Common network security level protection evaluation work is usually based on manual operation: and obtaining an evaluation form according to the requirements of the evaluation items as an instructive file for field evaluation and a record form for field evaluation work. The evaluation form generally includes contents such as an evaluation index, an evaluation item description, an examination method, an evaluation operation step, an expected result, and an evaluation result record.
In the field evaluation activity, firstly, the collection of field assets and the compilation of a network topological graph are carried out according to the field condition, and then the field evaluation work of each object to be evaluated is finished according to the guidance of an evaluation operation instruction. The field evaluation work is often recorded in EXCEL or WORD forms, and the compilation work of the evaluation report is usually completed under the support of a report generation system in the report compilation stage.
However, the existing evaluation method faces various field environments and evaluation objects, and the quality and professional level of the evaluation technicians are different, and has the following defects:
(1) Whether an evaluation object obtained on site is accurate can only be obtained by depending on the experience of field personnel, and it is often found that field equipment investigation is not accurate, the equipment types and the equipment quantity do not correspond to the drawn network topological graph, so that the reliability of an evaluation report is difficult to ensure, and the quality of the evaluation report is low.
(2) And (4) the field evaluation item group evaluates the activities in real time according to the evaluation method and the steps of the operation instruction, and the recorded content is used as an evaluation result. The field record is completed by the assessment personnel at the field or at the later stage, and due to the fact that the professional skill level of the assessment personnel is uneven or careless, the assessment records are obviously inaccurate, or a plurality of records are contradictory to each other, and the quality of the assessment report is influenced.
(3) The field of the equal-protection evaluation project can implement measures such as penetration test, risk evaluation and the like, and the scanning test result is also required to be imported into the test report. The assessment personnel complete configuration checking according to experience, manual comprehensive analysis is carried out by combining results of vulnerability scanning and penetration testing to obtain assessment results, the influence of personal experience and preference of the assessment personnel is large, the problem found by the penetration testing and the assessment index are not strong in correspondence, and the assessment conclusion is lack of objectivity, accuracy and consistency.
Disclosure of Invention
The invention aims to provide an information safety compliance detection method and system, which solve the problems of inconsistent standard understanding and poor technical capability due to personal negligence of field technicians in the level protection compliance evaluation activity, improve the accuracy of evaluation acquisition, index analysis and report generation by an informatization means, reduce human errors and improve the evaluation quality and the report compiling efficiency.
In order to achieve the purpose, the invention provides the following scheme:
an information security compliance detection method, comprising:
receiving an evaluation task, selecting an evaluation index, detecting the evaluation task based on the evaluation index, and generating an evaluation operation instruction;
an assessment worker generates an asset table, a network topological graph, an assessment record form and a tool scanning report on an assessment site in a site assessment mode to obtain the reference information of a project;
and checking the evaluation record through the reference information of the project to obtain an evaluation result, analyzing the evaluation result to generate an evaluation report, and judging the rationality of the evaluation conclusion and the correction suggestion.
Preferably, generating the evaluation work instruction includes:
case scene knowledge is retrieved from an industry knowledge base of a detection system, a corresponding evaluation index is selected from the knowledge base, and the evaluation operation instruction is generated; the assessment operation instruction comprises a network topological graph of a typical case scene, assessment prompts of high-risk essential items, assessment indexes, assessment item descriptions, an inspection method, assessment operation steps, expected results, assessed system information and assessed system user information.
Preferably, the information of the system to be evaluated comprises the system infrastructure condition, the carried service and the grade protection rating of the system to be evaluated; the user information of the system to be evaluated comprises: unit name, contact, unit attribute.
Preferably, generating the asset table, the network topology map, the evaluation record form and the tool scan report comprises:
and (3) evaluating the assets in the asset table acquired on site one by one according to the evaluation items listed in the evaluation operation instruction, generating an evaluation record form, drawing the network topological graph by the evaluation personnel through field equipment, carrying out penetration test on the system, and submitting the tool scanning report.
Preferably, the assets in the asset table include: the system comprises network equipment, safety equipment, a server, storage equipment, terminal equipment, system management software, a business application system, data resources, safety related personnel and safety management documents.
Preferably, obtaining the reference information of the item includes:
and uploading the asset table and the network topological graph to an evaluation system, comparing equipment names, equipment quantity, equipment location areas, equipment models and equipment manufacturer information, feeding back to an evaluation person for modification if the equipment names, the equipment quantity, the equipment location areas, the equipment models and the equipment manufacturer information are different, confirming the asset table and the network topological graph, and obtaining the reference information of the project.
Preferably, obtaining the assessment results comprises:
performing file analysis on an evaluation form entering an evaluation system, checking the integrity of the evaluation form, performing formal audit on the evaluation form, determining the integrity of each evaluation record, and returning to an evaluation person for modification if the evaluation record is incomplete;
comparing the evaluation record in the evaluation table with an expected result according to the evaluation operation instruction of the corresponding case scene, and judging whether the index of the object to be tested is reasonable;
and judging the reason for cutting the indexes according to the indexes compiled by the evaluation personnel, if the quality control personnel identifies that the evaluation indexes are unreasonable or obviously wrong, judging that the reason for cutting the indexes cannot be accepted, and modifying the indexes by the evaluation personnel.
Preferably, the unreasonable evaluation indexes are: comparing the selected indexes of the typical scene case to judge whether the selected evaluation index is reasonable;
the obvious errors of the evaluation indexes are identification of obvious errors caused by an evaluation person by comparing error libraries which are accumulated continuously, and the obvious errors comprise: the common input error, the misspelled characters and the spelling, the place name confusion, the name of the user unit and the evaluation record exceed the expected range of the evaluation.
Preferably, the evaluation result is analyzed, including:
collecting the verified evaluation records to form a grade protection or password evaluation form, and summarizing problem expressions of non-conforming items in the evaluation records to form a problem set; wherein the problem set comprises control points, associated assets, and problem descriptions;
importing the scanning report into an evaluation system, and respectively corresponding high and medium risk points in the penetration report to the evaluation control points according to the typical scene scanning vulnerability corresponding relation to form a penetration test risk set;
and comparing the risk set of the penetration test with the problem set by the risk judgment of the control point.
In order to achieve the above object, the present invention also provides an information security compliance detection system, including:
an acquisition module: the system is used for collecting an asset table, a network topological graph, an evaluation record form and a tool scanning report;
a processing module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring data;
a knowledge base: the system is used for providing a related index library and a report template during verification and evaluation, wherein the related index library and the report template comprise a typical scene knowledge base, a network topological graph, a typical asset table, index selection, key index expected description, a rectification suggestion library and a common error library.
The invention has the beneficial effects that:
the invention fully utilizes the evaluation knowledge base of a typical scene, compares evaluation index points and evaluation analysis by adopting an informatization mode, and implements data acquisition, data analysis and utilization in three links of asset acquisition, evaluation result analysis and evaluation report compilation, thereby solving the problems of unreasonable acquisition index, unsatisfactory evaluation record and contradictory evaluation result to a great extent, supporting the capability promotion of evaluation personnel by adopting an informatization means, and promoting the compilation efficiency and report quality of evaluation reports.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of a method for detecting information security compliance according to an embodiment of the present invention;
FIG. 2 is a flow chart of asset comparison in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating comparison of evaluation indexes according to an embodiment of the present invention;
FIG. 4 is a comparative flow chart of analysis in an embodiment of the present invention;
fig. 5 is a block diagram of an information security compliance detection system according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As shown in fig. 1, the present embodiment provides a method for detecting information security compliance, which mainly includes:
1. and after the project group reaches the evaluation task, selecting an evaluation index from a knowledge base of the detection system, and producing an evaluation operation instruction book of the project.
The evaluation operation instruction generally comprises user information of the system to be evaluated, such as unit name, contact, unit attribute and the like, and information of the system to be evaluated, such as system basic construction condition, loaded service and grade protection rating of the system to be evaluated; and according to the situation, retrieving knowledge of the case scene from an industry knowledge base of the detection system, selecting a corresponding evaluation index from an index base, and generating an evaluation operation instruction book.
The evaluation operation instruction book comprises a network topological graph of a typical case scene and an evaluation prompt of a high-risk necessity item, and the evaluation operation book comprises contents such as an evaluation index, an evaluation item description, an inspection method, an evaluation operation step and an expected result.
2. The assessment personnel carry out on-site assessment in modes of interview, questionnaire survey, configuration inspection, tool scanning and the like, and an asset table, a network topological graph, an assessment record form and a tool scanning report are generated on the assessment site.
The asset table collected on site usually includes network devices, security devices, servers, storage devices, terminal devices, system management software, service application systems, data resources, security related personnel, security management documents, and the like, and the assets need to be evaluated one by one according to evaluation items listed in an evaluation operation guide book to generate an evaluation record form, and meanwhile, the evaluation personnel need to draw a network topology map of the field devices. In most cases, the system needs to be subjected to penetration testing by using a tool, and a tool scanning report comprising network layer, system layer and application layer security vulnerability identification is submitted.
3. And (4) asset confirmation, namely comparing the equipment drawn in the network topological graph and the records in the asset table by virtue of an asset comparison tool, checking the equipment type and the equipment number of the tested object, comparing the typical scenes of the case scenes, determining the correctness of a deployment area, and determining to generate the network topological graph and the asset table. The implementation is shown in fig. 2.
And after the asset table and the network topological graph collected on site by the evaluation personnel are uploaded to an evaluation system, analyzing a file entering the system, comparing information such as equipment names, equipment quantity, equipment areas, equipment models, equipment manufacturers and the like, if the information is different, feeding the information back to the evaluation personnel for modification, and finally generating the asset table and the network topological graph.
And comparing the asset table and the network topological graph with a typical scene network topological graph by the quality control personnel, determining the correctness of the deployment area and reasonably allocating the key equipment, wherein the asset table and the network topological graph after the quality control personnel review form the reference information of the project.
4. Checking the evaluation records, namely ensuring that all the assets to be tested in the asset list have the evaluation records which are complete and have no missing items; and each evaluation result is compared with an expected result, so that unreasonable description items do not exist. The implementation is shown in fig. 3.
After uploading the evaluation form to an evaluation system, an evaluation person analyzes the file of the evaluation form entering the system, firstly, the integrity of the evaluation form is checked, the evaluation form is formally checked, each evaluation record is clear to be complete, and if the evaluation record is incomplete, the evaluation person returns to the evaluation person to modify the evaluation record; and secondly, comparing the evaluation records in the evaluation table with expected results according to the operation instruction book of the corresponding case scene. And the identified evaluation indexes are submitted to an evaluator by unreasonable and obvious errors for modification, the identified unreasonable index description needs to be judged by a quality control worker, if the unreasonable description cannot be accepted, the evaluation worker needs to modify, otherwise, the quality control worker can organize further evaluation.
If the identified evaluation indexes are unreasonable in selection, the selection indexes of the typical scene case are compared to judge whether the selection identification is reasonable or not, and the misuse of third-level indexes of second-level evaluation items caused by negligence of evaluation personnel and selection errors of the inadaptability of the indexes are avoided.
The obvious errors are obvious errors caused by carelessness of an appraiser, such as common input errors, wrongly written or read characters, place name confusion, names of user units, evaluation records exceeding an expected range of the appraisal, and the like, which are identified by comparing error libraries accumulated continuously.
5. And analyzing the evaluation result, checking the rationality of the field evaluation record, comparing the field evaluation record with the knowledge base of the evaluation scene, and judging the rationality of the evaluation conclusion and the rectification suggestion, wherein the rationality is shown in fig. 4.
Under the support of a detection system platform, collecting the tested evaluation records, collecting the evaluation result description and the evaluation problem description of the associated assets by taking each control point in the grade protection or password evaluation standard as an order, and submitting the formed main safety problem set as the input of manual comparison. At the moment, the main problem set and the typical scene high-risk problem library are manually compared, the accuracy and the reasonability of the evaluation result of the control point are judged, and if the judgment is not reasonable, manual correction is carried out.
And (4) importing the scanning report in the evaluation into a system, respectively corresponding high and medium risk points in the penetration report to the evaluation control points according to the corresponding relation of the typical scene scanning loopholes to form a penetration test risk set, and comparing the penetration test risk set with the summary problem of the evaluation result to judge the risk of the control points. And the comparison result guides an evaluation person to analyze the evaluation result to form a final evaluation non-conformity question set.
In a report compiling link, report compiling and report content auxiliary checking are implemented by depending on a typical scene report template and a typical scene rectification suggestion library, and the main implemented checking contents comprise: inconsistent description before and after the conformity of the evaluation items, inconsistent before and after the evaluation problem quantity, inconsistent before and after the sampling object quantity, inconsistent before and after the risk grade judgment, inconsistent grade condition of the problem analysis and the tested system and the like. Meanwhile, an establishment suggestion of the evaluation question and the correction suggestion is provided, the evaluation question is selected when being described in the suggestion library, and manual review is provided if a new suggestion exists.
6. According to the requirements of the operation instruction, the detection system automatically generates an evaluation report, and records the content which is manually checked into a scene knowledge base, so that the evaluation knowledge base of a typical scene is perfected.
The embodiment further provides an information security compliance detection system (as shown in fig. 5), including:
an acquisition module: the system is used for collecting an asset table, a network topological graph, an evaluation record form and a tool scanning report;
a processing module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring data;
a knowledge base: and the system is used for providing a related index library and a report template during the verification and evaluation, wherein the related index library and the report template comprise a typical scene knowledge base, a network topology graph, a typical asset table, index selection, key index expected description, a rectification suggestion library and a common error library.
The invention fully utilizes the evaluation knowledge base of a typical scene and adopts an informatization mode to compare evaluation index points and evaluation analysis. The method has the advantages that the data acquisition, the data analysis and the utilization are implemented in three links of asset acquisition, evaluation result analysis and evaluation report compilation, so that the problems that acquisition indexes are unreasonable, evaluation records are not qualified and evaluation results are contradictory are solved to a great extent, the capacity of evaluation personnel is improved by an informatization means, and the evaluation report compilation efficiency and the report quality are improved.
The above-described embodiments are merely illustrative of the preferred embodiments of the present invention, and do not limit the scope of the present invention, and various modifications and improvements of the technical solutions of the present invention can be made by those skilled in the art without departing from the spirit of the present invention, and the technical solutions of the present invention are within the scope of the present invention defined by the claims.
Claims (10)
1. A method for detecting information security compliance is characterized by comprising the following steps:
receiving an evaluation task, selecting an evaluation index, detecting the evaluation task based on the evaluation index, and generating an evaluation operation instruction;
an evaluation person generates an asset table, a network topological graph, an evaluation recording form and a tool scanning report on an evaluation site in a field evaluation mode to obtain the reference information of a project;
and checking the evaluation record through the reference information of the project to obtain an evaluation result, analyzing the evaluation result to generate an evaluation report, and judging the rationality of the evaluation conclusion and the correction suggestion.
2. The information security compliance detection method according to claim 1, wherein generating the evaluation work instruction includes:
case scene knowledge is retrieved from an industry knowledge base of a detection system, a corresponding evaluation index is selected from the knowledge base, and the evaluation operation instruction is generated; the assessment operation instruction comprises a network topological graph of a typical case scene, assessment prompts of high-risk essential items, assessment indexes, assessment item descriptions, an inspection method, assessment operation steps, expected results, assessed system information and assessed system user information.
3. The method for detecting information security compliance according to claim 2, wherein the information of the system under test includes system infrastructure condition, loaded service, grade protection level of the system under test; the user information of the system to be evaluated comprises: unit name, contact, unit attribute.
4. The method of claim 1, wherein generating the asset table, the network topology map, the evaluation record form and the tool scan report comprises:
and (3) evaluating the assets in the asset table acquired on site one by one according to the evaluation items listed in the evaluation operation instruction, generating an evaluation record form, drawing the network topological graph by the evaluation personnel through field equipment, carrying out penetration test on the system, and submitting the tool scanning report.
5. The method of claim 4, wherein the assets in the asset table comprise: the system comprises network equipment, safety equipment, a server, storage equipment, terminal equipment, system management software, a business application system, data resources, safety related personnel and safety management documents.
6. The information security compliance detection method according to claim 4, wherein obtaining the reference information of the item includes:
and uploading the asset table and the network topological graph to an evaluation system, comparing equipment names, equipment quantity, equipment location areas, equipment models and equipment manufacturer information, feeding back to an evaluation person for modification if the equipment names, the equipment quantity, the equipment location areas, the equipment models and the equipment manufacturer information are different, confirming the asset table and the network topological graph, and obtaining the reference information of the project.
7. The information security compliance detection method according to claim 1, wherein obtaining the evaluation result includes:
performing file analysis on an evaluation form entering an evaluation system, checking the integrity of the evaluation form, performing formal audit on the evaluation form, determining the integrity of each evaluation record, and returning to an evaluation person for modification if the evaluation record is incomplete;
comparing the evaluation record in the evaluation table with an expected result according to the evaluation operation instruction book corresponding to the case scene, and judging whether the index of the object to be tested is reasonable;
and judging the reason for cutting the indexes according to the indexes compiled by the evaluation personnel, if the quality control personnel identifies that the evaluation indexes are unreasonable or obviously wrong, judging that the reason for cutting the indexes cannot be accepted, and modifying the indexes by the evaluation personnel.
8. The method for detecting information security compliance according to claim 7, wherein the unreasonable selection of the evaluation index is: comparing the selected indexes of the typical scene case to judge whether the selected evaluation index is reasonable;
the obvious errors of the evaluation indexes are identification of obvious errors caused by an evaluation person by comparing error libraries which are accumulated continuously, and the obvious errors comprise: the common input error, the misspelled characters and the spelling, the place name confusion, the name of the user unit and the evaluation record exceed the expected range of the evaluation.
9. The method of claim 1, wherein analyzing the evaluation result comprises:
collecting the verified evaluation records to form a grade protection or password evaluation form, and collecting the problem expressions which do not accord with the items in the evaluation records to form a problem set; wherein the problem set comprises control points, associated assets, and problem descriptions;
importing the scanning report into an evaluation system, and respectively corresponding high and medium risk points in the penetration report to the evaluation control points according to the typical scene scanning vulnerability corresponding relation to form a penetration test risk set;
and comparing the penetration test risk set with the problem set by the risk judgment of the control point.
10. An information security compliance detection system, comprising:
an acquisition module: the system is used for collecting an asset table, a network topological graph, an evaluation record form and a tool scanning report;
a processing module: the system comprises a data acquisition module, a data processing module and a data processing module, wherein the data acquisition module is used for acquiring data;
a knowledge base: the system is used for providing a related index library and a report template during verification and evaluation, wherein the related index library and the report template comprise a typical scene knowledge base, a network topological graph, a typical asset table, index selection, key index expected description, a rectification suggestion library and a common error library.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211368134.XA CN115907519A (en) | 2022-11-03 | 2022-11-03 | Information security compliance detection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211368134.XA CN115907519A (en) | 2022-11-03 | 2022-11-03 | Information security compliance detection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115907519A true CN115907519A (en) | 2023-04-04 |
Family
ID=86481594
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211368134.XA Pending CN115907519A (en) | 2022-11-03 | 2022-11-03 | Information security compliance detection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115907519A (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104766166A (en) * | 2015-03-27 | 2015-07-08 | 杭州安恒信息技术有限公司 | Grade-protection-oriented information system security compliance check method |
| CN107248985A (en) * | 2017-06-07 | 2017-10-13 | 广东南方信息安全研究院 | A kind of network security test and appraisal and project quality assessment system |
| CN108055280A (en) * | 2017-12-26 | 2018-05-18 | 国网河南省电力公司信息通信公司 | A kind of electric power data network safety detecting method |
| CN109150918A (en) * | 2018-10-31 | 2019-01-04 | 云南电网有限责任公司 | A kind of information security hierarchical protection assessment method and system based on fort machine |
| CN111930726A (en) * | 2020-06-22 | 2020-11-13 | 南京南瑞信息通信科技有限公司 | Off-line form-based grade protection evaluation data acquisition and analysis method and system |
| CN114978584A (en) * | 2022-04-12 | 2022-08-30 | 深圳市蔚壹科技有限公司 | Network security protection safety method and system based on unit cell |
-
2022
- 2022-11-03 CN CN202211368134.XA patent/CN115907519A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104766166A (en) * | 2015-03-27 | 2015-07-08 | 杭州安恒信息技术有限公司 | Grade-protection-oriented information system security compliance check method |
| CN107248985A (en) * | 2017-06-07 | 2017-10-13 | 广东南方信息安全研究院 | A kind of network security test and appraisal and project quality assessment system |
| CN108055280A (en) * | 2017-12-26 | 2018-05-18 | 国网河南省电力公司信息通信公司 | A kind of electric power data network safety detecting method |
| CN109150918A (en) * | 2018-10-31 | 2019-01-04 | 云南电网有限责任公司 | A kind of information security hierarchical protection assessment method and system based on fort machine |
| CN111930726A (en) * | 2020-06-22 | 2020-11-13 | 南京南瑞信息通信科技有限公司 | Off-line form-based grade protection evaluation data acquisition and analysis method and system |
| CN114978584A (en) * | 2022-04-12 | 2022-08-30 | 深圳市蔚壹科技有限公司 | Network security protection safety method and system based on unit cell |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113407517B (en) | Data quality health degree analysis method and system based on multidimensional analysis technology | |
| CN109784758B (en) | Engineering quality supervision early warning system and method based on BIM model | |
| CN109376093B (en) | Insurance product testing method and device, storage medium and electronic equipment | |
| CN114519498B (en) | Quality inspection and evaluation method and system based on BIM model | |
| CN109002391A (en) | The method of automatic detection embedded software interface testing data | |
| CN111522741A (en) | Interface test code generation method and device, electronic equipment and readable storage medium | |
| CN108269059B (en) | Data management system | |
| CN115357906A (en) | Intelligent auxiliary evaluation method and system for network security level protection 2.0 | |
| CN112199277A (en) | Browser-based defect reproduction method, device, equipment and storage medium | |
| CN114281877A (en) | Data management system and method | |
| CN113722370A (en) | Data management method, device, equipment and medium based on index analysis | |
| CN115952081A (en) | Software testing method, device, storage medium and equipment | |
| CN115907519A (en) | Information security compliance detection method and system | |
| CN112465456A (en) | Engineering evaluation data information management method, system and electronic equipment | |
| CN114117425A (en) | DSMM-based data acquisition safety detection method | |
| CN113791980A (en) | Test case conversion analysis method, device, equipment and storage medium | |
| CN117093497B (en) | Test report processing method and device, electronic equipment and storage medium | |
| CN117435468A (en) | Method and system for testing compliance of direct report platform | |
| CN116303104B (en) | Automated process defect screening management method, system and readable storage medium | |
| CN114791886B (en) | Software problem tracking method and system | |
| CN117785651A (en) | Test case processing method, case management platform, electronic equipment and storage medium | |
| CN117147172A (en) | Automatic vehicle testing method, system and readable storage medium | |
| TR202019877A2 (en) | CREATING A TEST SCENARIO SYSTEM | |
| CN116563760A (en) | Intelligent acceptance system and method for cable lines and auxiliary equipment | |
| CN117668007A (en) | Data quality detection method and device and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230404 |