CN116227919A - Enterprise safety risk assessment method and device and electronic equipment - Google Patents
Enterprise safety risk assessment method and device and electronic equipment Download PDFInfo
- Publication number
- CN116227919A CN116227919A CN202211686070.8A CN202211686070A CN116227919A CN 116227919 A CN116227919 A CN 116227919A CN 202211686070 A CN202211686070 A CN 202211686070A CN 116227919 A CN116227919 A CN 116227919A
- Authority
- CN
- China
- Prior art keywords
- enterprise
- score
- evaluation item
- importance
- candidate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012502 risk assessment Methods 0.000 title claims abstract description 80
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000011156 evaluation Methods 0.000 claims abstract description 250
- 238000013209 evaluation strategy Methods 0.000 claims description 34
- 239000011159 matrix material Substances 0.000 claims description 25
- 238000012545 processing Methods 0.000 claims description 15
- 239000013598 vector Substances 0.000 claims description 15
- 230000008569 process Effects 0.000 claims description 13
- 238000004590 computer program Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 3
- 238000011160 research Methods 0.000 abstract description 10
- 238000004451 qualitative analysis Methods 0.000 abstract description 4
- 230000002349 favourable effect Effects 0.000 abstract 1
- 238000004519 manufacturing process Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 5
- 238000012360 testing method Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 239000000428 dust Substances 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- XPRGFWCOARUGAL-UHFFFAOYSA-N 3-anilino-1-phenylpyrrolidine-2,5-dione Chemical compound O=C1N(C=2C=CC=CC=2)C(=O)CC1NC1=CC=CC=C1 XPRGFWCOARUGAL-UHFFFAOYSA-N 0.000 description 2
- XEEYBQQBJWHFJM-UHFFFAOYSA-N Iron Chemical compound [Fe] XEEYBQQBJWHFJM-UHFFFAOYSA-N 0.000 description 2
- 229910000831 Steel Inorganic materials 0.000 description 2
- 229910052782 aluminium Inorganic materials 0.000 description 2
- XAGFODPZIPBFFR-UHFFFAOYSA-N aluminium Chemical compound [Al] XAGFODPZIPBFFR-UHFFFAOYSA-N 0.000 description 2
- 238000005266 casting Methods 0.000 description 2
- 239000003245 coal Substances 0.000 description 2
- 238000004880 explosion Methods 0.000 description 2
- 239000010959 steel Substances 0.000 description 2
- 108010076282 Factor IX Proteins 0.000 description 1
- 238000003723 Smelting Methods 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012854 evaluation process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 239000000383 hazardous chemical Substances 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 229910052742 iron Inorganic materials 0.000 description 1
- 229910052751 metal Inorganic materials 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000003449 preventive effect Effects 0.000 description 1
- 238000011002 quantification Methods 0.000 description 1
- 238000013139 quantization Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Tourism & Hospitality (AREA)
- Marketing (AREA)
- Game Theory and Decision Science (AREA)
- General Business, Economics & Management (AREA)
- Quality & Reliability (AREA)
- Operations Research (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides an enterprise security risk assessment method, which comprises the following steps: basic information of an enterprise to be evaluated is obtained; acquiring an nth level evaluation item for evaluating the enterprise to be evaluated, and an importance score of the nth level evaluation item; obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score; and carrying out enterprise security risk assessment on the enterprise to be assessed according to the score. The method and the system can accurately and intelligently evaluate the safety risk of the enterprise, solve the problems that qualitative analysis is influenced by subjective evaluation, risk evaluation is not comprehensive enough, evaluation indexes cannot be quantified and data support is lacking, realize efficient research and judgment of the safety risk of the enterprise, and are favorable for timely and effectively supervising the enterprise to be evaluated.
Description
Technical Field
The application relates to the technical field of security management, in particular to an enterprise security risk assessment method and device and electronic equipment.
Background
Enterprise security risk assessment is one of the effective ways to comprehensively assess whether an enterprise has potential safety hazards in production camping activities. The accurate and reliable enterprise security risk assessment result can be used as a powerful basis for reasonably supervising the enterprise, so that the supervision effect of preventing the occurrence of security production accidents is achieved by solving and eliminating various unsafe factors in the operation of the enterprise.
However, in the related art, when the enterprise security risk assessment is performed on the enterprise, there are often problems that the degree of data processing intelligence is not high, the assessment result is biased to subjective experience, and the accuracy is low.
Therefore, how to accurately and intelligently evaluate the security risk of the enterprise, and further, to efficiently research, judge and effectively monitor the enterprise based on the accurate and reliable enterprise security risk evaluation result, has become a problem to be solved urgently.
Disclosure of Invention
The present application aims to solve, at least to some extent, one of the technical problems in the related art.
Therefore, a first objective of the present application is to provide an enterprise security risk assessment method, which is used for solving the problems of low data processing intelligentization degree, bias of assessment results on subjective experience, low accuracy and the like in the prior art.
To achieve the above object, an embodiment of a first aspect of the present application provides an enterprise security risk assessment method, including: basic information of an enterprise to be evaluated is obtained; acquiring an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item, wherein n is an integer greater than 1; obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score; and carrying out enterprise security risk assessment on the enterprise to be assessed according to the score.
In addition, according to the method for evaluating enterprise security risk according to the above embodiment of the present application, the method may further have the following additional technical features:
according to one embodiment of the present application, the obtaining an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item includes: selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy; and taking the candidate evaluation items in the target evaluation strategy as the n-th stage evaluation items, and taking the candidate importance scores in the target evaluation strategy as the importance scores.
According to one embodiment of the present application, the obtaining an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item includes: performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as the nth-stage evaluation item; and acquiring an identifier of each n-th-level evaluation item, and taking an importance score selected from candidate importance scores according to the identifier as the importance score of the n-th-level evaluation item.
According to one embodiment of the present application, the generating process of the candidate importance score includes: obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert; acquiring authority scores of all the experts scoring the importance of any nth-level candidate evaluation item; and determining the candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
According to one embodiment of the present application, the obtaining the basic importance score obtained by scoring the importance of any expert on any nth-level candidate evaluation item includes: obtaining a comparison judgment matrix according to any two n-th-level candidate evaluation items; analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors; and carrying out consistency check according to the feature root and the feature vector, and determining that the consistency check is passed.
According to one embodiment of the present application, the obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score includes: processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item; obtaining the sub-score of the enterprise to be evaluated according to the grading information and the nth grade evaluation item; and obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
According to one embodiment of the present application, the performing enterprise security risk assessment on the enterprise to be assessed according to the score includes: obtaining a fraction interval in which the fraction is located; and determining an enterprise security risk assessment result of the enterprise to be assessed according to the score interval.
According to one embodiment of the present application, after determining the enterprise security risk assessment result of the enterprise to be assessed, the method further includes: and acquiring a notification message of the enterprise security risk assessment result, and sending the notification message to the enterprise to be assessed.
To achieve the above object, an embodiment of a second aspect of the present application provides an enterprise security risk assessment apparatus, including: the first acquisition module is used for acquiring basic information of an enterprise to be evaluated; the second acquisition module is used for acquiring an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item, wherein n is an integer greater than 1; the third acquisition module is used for acquiring the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score; and the evaluation module is used for evaluating the enterprise security risk of the enterprise to be evaluated according to the score.
In addition, the enterprise security risk assessment apparatus according to the above embodiment of the present application may further have the following additional technical features:
according to an embodiment of the present application, the second obtaining module is further configured to: selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy; and taking the candidate evaluation items in the target evaluation strategy as the n-th stage evaluation items, and taking the candidate importance scores in the target evaluation strategy as the importance scores.
According to an embodiment of the present application, the second obtaining module is further configured to: performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as the nth-stage evaluation item; and acquiring an identifier of each n-th-level evaluation item, and taking an importance score selected from candidate importance scores according to the identifier as the importance score of the n-th-level evaluation item.
According to one embodiment of the present application, the generating process of the candidate importance score includes: obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert; acquiring authority scores of all the experts scoring the importance of any nth-level candidate evaluation item; and determining the candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
According to one embodiment of the present application, the obtaining the basic importance score obtained by scoring the importance of any expert on any nth-level candidate evaluation item includes: obtaining a comparison judgment matrix according to any two n-th-level candidate evaluation items; analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors; and carrying out consistency check according to the feature root and the feature vector, and determining that the consistency check is passed.
According to an embodiment of the present application, the third obtaining module is further configured to: processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item; obtaining the sub-score of the enterprise to be evaluated according to the grading information and the nth grade evaluation item; and obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
According to one embodiment of the application, the evaluation module is further configured to: obtaining a fraction interval in which the fraction is located; and determining an enterprise security risk assessment result of the enterprise to be assessed according to the score interval.
According to one embodiment of the application, the evaluation module is further configured to: and acquiring a notification message of the enterprise security risk assessment result, and sending the notification message to the enterprise to be assessed.
In order to achieve the above objective, an embodiment of a third aspect of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor executes the program to implement the foregoing enterprise security risk assessment method.
In order to achieve the above object, a fourth aspect of the present application provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the aforementioned enterprise security risk assessment method.
To achieve the above object, an embodiment of a fifth aspect of the present application proposes a computer program product comprising a computer program which, when executed by a processor, implements an enterprise security risk assessment method as described above.
The technical scheme provided by the embodiment of the application at least comprises the following beneficial effects:
the method comprises the steps of obtaining basic information of an enterprise to be evaluated, obtaining an n-th level evaluation item and an importance score of the n-th level evaluation item for evaluating the enterprise to be evaluated, obtaining the score of the enterprise to be evaluated according to the basic information, the n-th level evaluation item and the importance score, and further carrying out enterprise security risk evaluation on the enterprise to be evaluated according to the score. Therefore, the quantitative calculation method is provided for accurately and intelligently evaluating the safety risk of the enterprise, the problems that qualitative analysis is affected by subjective evaluation, risk evaluation is not comprehensive enough, evaluation indexes cannot be quantified and data support is lacking are solved, efficient research and judgment of the safety risk of the enterprise is realized, and timely and effective supervision of the enterprise to be evaluated is facilitated.
It should be understood that the description of this section is not intended to identify key or critical features of the embodiments of the application or to delineate the scope of the application. Other features of the present application will become apparent from the description that follows.
Drawings
The drawings are for better understanding of the present solution and do not constitute a limitation of the present application. Wherein:
fig. 1 is a schematic flow chart of an enterprise security risk assessment method according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
FIG. 5 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
FIG. 6 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
FIG. 7 is a flowchart illustrating another method for evaluating enterprise security risk according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an enterprise security risk assessment apparatus according to an embodiment of the present application;
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Exemplary embodiments of the present application are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present application to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The enterprise security risk assessment method, the enterprise security risk assessment device and the electronic equipment are described in detail by adopting the embodiment.
Fig. 1 is a flow chart of an enterprise security risk assessment method according to an embodiment of the present application.
It should be noted that, the execution body of the enterprise security risk assessment method in this embodiment is an enterprise security risk assessment device, and the enterprise security risk assessment device may specifically be a hardware device, or software in the hardware device, etc. Wherein the hardware devices such as terminal devices, servers, etc.
As shown in fig. 1, the enterprise security risk assessment method provided in this embodiment includes the following steps:
S101, acquiring basic information of an enterprise to be evaluated.
It should be noted that, when performing enterprise security risk assessment on an enterprise to be assessed, analysis is often performed based on the system theory of the MMEM (Man Machine Environment Management, people, machines, environments, and management). Among other things, conventional MMEM system theory believes that everything is an unexpected and undesirable event due to the mismatch and interaction of the "people, machines, environments, and management" elements. In order to avoid the occurrence of safety production accidents, enterprises should effectively control and coordinate the interrelationship among people, machines, environments and management in the daily operation management process, and take corresponding preventive control measures. Wherein, human factors are mainly reflected in aspects of light safety risk consciousness, lack of knowledge skills, poor physical condition and the like; the factors of the machine are mainly reflected in the aspects of defects of equipment, incomplete safety facilities, incomplete warning marks and the like; the factors of the ring are mainly reflected in the aspects of risk existing in the working place, influence of natural environment factors and the like. According to MMEM theory, the hazard factors can be identified and controlled from the three aspects, and the hazard factors are effectively managed, so that the safety control of a production system is realized.
However, in the related art, only the risk factors affecting the enterprise safety production can be qualitatively evaluated based on the MMEM theory, and efficient research, judgment and supervision of the enterprise safety risk cannot be realized through quantifiable evaluation indexes.
Therefore, the enterprise security risk assessment method and the enterprise security risk assessment device can quantify the enterprise risk index, and can effectively improve the research, judgment and supervision efficiency of the supervision department on the enterprise risk through quantification processing of the enterprise risk index.
As one possible implementation, basic information of the enterprise under evaluation may be obtained.
The enterprise to be evaluated can be any enterprise under supervision; basic information refers to enterprise information uploaded by an enterprise to be evaluated, and the information can be related original information related to an enterprise production process uploaded by the enterprise to be evaluated.
It should be noted that, for enterprises to be evaluated with different properties, the corresponding basic information may be consistent or inconsistent.
For example, for high-risk enterprises such as coal mines, non-coal mines, hazardous chemicals, steel, aluminum processing (deep well casting), and part of dust explosion enterprises, the corresponding basic information may have a larger coverage range; heavy-point enterprises such as metal smelting (excluding iron and steel and aluminum processing (deep well casting) enterprises), partial dust explosion enterprises and the like, and the corresponding basic information can be covered for a plurality of times; the corresponding basic information of a part of dust-related enterprises with secondary importance is likely to have smaller coverage.
S102, acquiring an nth level evaluation item and an importance score of the nth level evaluation item for evaluating an enterprise to be evaluated, wherein n is an integer greater than 1.
It should be noted that, in order to more accurately perform enterprise security risk assessment on an enterprise to be assessed, the enterprise security risk assessment may be performed by dividing the obtained multi-level assessment items.
As one possible implementation, an nth level of evaluation item for evaluating an enterprise to be evaluated and an importance score of the nth level of evaluation item may be obtained.
Where n is an integer greater than 1, for example, n may be set to 2, in which case a level 2 evaluation item for evaluating an enterprise to be evaluated and an importance score of the level 2 evaluation item may be obtained.
S103, obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score.
In the embodiment of the application, after the basic information, the nth level evaluation item and the importance score are acquired, the score of the enterprise to be evaluated may be acquired according to the basic information, the nth level evaluation item and the importance score.
As one possible implementation manner, after the basic information is processed, scoring is performed based on the n-th level evaluation item, and the score of the enterprise to be evaluated is obtained according to the scoring result and the importance score.
S104, carrying out enterprise security risk assessment on the enterprise to be assessed according to the score.
In the embodiment of the present application, after the score of the enterprise to be evaluated is obtained, enterprise security risk evaluation may be performed on the enterprise to be evaluated according to a preset evaluation policy, for example, a mapping relationship between the score and an evaluation result.
The method comprises the steps of obtaining basic information of an enterprise to be evaluated, obtaining an n-th level evaluation item and an importance score of the n-th level evaluation item for evaluating the enterprise to be evaluated, obtaining the score of the enterprise to be evaluated according to the basic information, the n-th level evaluation item and the importance score, and further carrying out enterprise security risk evaluation on the enterprise to be evaluated according to the score. Therefore, the quantitative calculation method is provided for accurately and intelligently evaluating the safety risk of the enterprise, the problems that qualitative analysis is affected by subjective evaluation, risk evaluation is not comprehensive enough, evaluation indexes cannot be quantified and data support is lacking are solved, efficient research and judgment of the safety risk of the enterprise is realized, and timely and effective supervision of the enterprise to be evaluated is facilitated.
In this application, when the n-th level evaluation item and the importance score of the n-th level evaluation item for evaluating the enterprise to be evaluated are obtained, the importance score may be obtained in various manners.
Optionally, if an evaluation policy including information such as a preset fixed division round is preset, the evaluation policy may be directly selected, and a preset fixed nth stage evaluation item and an importance score thereof may be extracted from the evaluation policy.
As a possible implementation manner, as shown in fig. 2, on the basis of the foregoing embodiment, a specific process of obtaining an nth level evaluation item for evaluating an enterprise to be evaluated and an importance score of the nth level evaluation item in the foregoing steps includes the following steps:
s201, selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy.
For example, the following 3 candidate evaluation strategies 1 to 3 are preset, and in this case, the candidate evaluation strategy 1 or strategy 2 or strategy 3 may be selected as the target evaluation strategy.
S202, taking candidate evaluation items in the target evaluation strategy as n-th-level evaluation items, and taking candidate importance scores in the target evaluation strategy as the importance scores.
The candidate evaluation strategy comprises at least one level of candidate evaluation items and candidate importance scores corresponding to the last level of candidate evaluation items.
For example, the partitioning round of candidate evaluation policy 1 is 2 times, and candidate evaluation policy 1 includes: the candidate importance scores 1-37 corresponding to the first-level candidate evaluation items 1-6, the second-level candidate evaluation items 1-37 and the second-level candidate evaluation items 1-37.
Further, the candidate evaluation items can be selected according to actual requirements, so that an n-th evaluation item and an importance score thereof can be obtained.
For example, only the second-level candidate evaluation items 1 to 37 and the candidate importance scores 1 to 37 corresponding to the second-level candidate evaluation items 1 to 37 may be extracted, or the first-level candidate evaluation items 1 to 6 may be extracted while the current evaluation is performed by extracting the second-level candidate evaluation items 1 to 37 and the candidate importance scores 1 to 37 corresponding to the second-level candidate evaluation items 1 to 37, so that the evaluation policy may be optimized after the user finishes the current evaluation.
In this case, the information such as the division round in the target evaluation policy is preset and fixed information. For example, the target evaluation policy a includes candidate evaluation items obtained by dividing 2 times and importance scores of the candidate evaluation items obtained by dividing 2 times; for another example, the target evaluation policy a includes candidate evaluation items obtained by 3 divisions and importance scores of candidate evaluation items obtained by 3 divisions.
On the basis of the above example, if only two-stage division of the evaluation items is required, in this case, the second-stage candidate evaluation items 1 to 37 and the candidate importance scores 1 to 37 corresponding to the second-stage candidate evaluation items 1 to 37 may be extracted.
Optionally, if the evaluation policy is not preset, the evaluation items may be divided and selected step by step, and then the importance scores thereof are obtained according to the unique identifier of the last selected evaluation item.
As a possible implementation manner, as shown in fig. 3, on the basis of the foregoing embodiment, a specific process of obtaining an nth level evaluation item for evaluating an enterprise to be evaluated and an importance score of the nth level evaluation item in the foregoing steps includes the following steps:
s301, performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as an nth-stage evaluation item.
In this case, the division is not fixed, and the division may be performed according to actual situations. For example, the division may be performed 2 times to obtain 2-level candidate evaluation items in total, that is, a first-level candidate evaluation item and a second-level candidate evaluation item, in which case, the candidate evaluation item obtained by the last division is the candidate evaluation item obtained by the second division; for another example, 3 divisions may be performed to obtain a total of 3 levels of candidate evaluation items, namely, a first level candidate evaluation item, a second level candidate evaluation item, and a third level candidate evaluation item, in which case the candidate evaluation item obtained by the last division is the candidate evaluation item obtained by the third division.
S302, obtaining the identification of each nth level evaluation item, and taking the importance score selected from the candidate importance scores according to the identification as the importance score of the nth level evaluation item.
Therefore, the method for evaluating the enterprise security risk can select the acquisition mode of the nth level evaluation item and the importance score thereof according to actual conditions, and further provides an efficient acquisition mode or an acquisition mode with personalized customization characteristics more through various modes, so that the intelligent degree in the enterprise security risk evaluation process is further improved.
It should be noted that, in the present application, when the score of the enterprise to be evaluated is obtained, an importance score is introduced to more accurately reflect the importance and influence of the enterprise security risk evaluation results of the enterprise to be evaluated by different evaluation items.
As a possible implementation manner, as shown in fig. 4, on the basis of the foregoing embodiment, the specific process of obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score in the foregoing step includes the following steps:
s401, processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item.
It should be noted that, because the basic information is the original data uploaded by the enterprise to be evaluated, which is not processed by splitting or the like, the basic information may be processed according to the nth level evaluation item to obtain the hierarchical information corresponding to the nth level evaluation item.
For example, if the second level evaluation items are respectively: the total number of practitioners, personnel density, proportion of registered security engineers, proportion of full-time security manager, proportion of part-time security manager, and rate of evidence holding of special operators, in this case, the basic information may be processed according to the second-stage evaluation item to obtain the grading information K corresponding to the second-stage evaluation item 11 ~K 16 The method comprises the following steps of: 2000 people, 1:5, 1:20, 1:25, 1:30, 1:20.
S402, obtaining the sub-scores of the enterprises to be evaluated according to the grading information and the nth-level evaluation items.
In the embodiment of the application, after the hierarchical information and the nth level evaluation item are acquired, the sub-score of the enterprise to be evaluated can be acquired in various manners. Alternatively, the sub-score may be obtained by querying preset ranking information and a mapping relationship between the n-th level evaluation item and the sub-score. Wherein the number of sub-scores corresponds to the number of second level evaluation items.
For example, if the second level evaluation item corresponds to the hierarchical information K 11 ~K 16 The method comprises the following steps of: 2000 people, 1:5, 1:20, 1:25, 1:30, 1:20, the sub-score N can be obtained by querying the mapping relationship 11 ~N 16 The method comprises the following steps of: 150. 200, 100, 150.
S403, obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
For example, as shown in table 5, the sub-scores of the second level evaluation items are respectively: s11 to S112, S21, S31 to S310, S41 to S44, S551 to S58 and S61 to S62; the importance scores are U11 to U112, U21, U31 to U310, U41 to U44, U551 to U58 and U61 to U62, respectively. In this case, the score APSI of the enterprise under evaluation may be obtained by the following formula:
APSI=(U 11 S 11 + 12 S 12 +…U 1i S 1o )+ 21 S 21 +U 31 S 31 + 32 S 32 +
… 1j S 1j )+(U 41 S 41 + 42 S 42 +…U 4k S 4k )+(U 51 S 51 + 52 S 52 +
… 5m S 5m )+(U 61 S 61 + 62 S 62 )
TABLE 1
The importance score may be a predetermined expert support obtained through processing.
It should be noted that the importance score is any selected candidate importance score, which is a fixed parameter subjected to quantitative processing, and the candidate importance score may be obtained in advance in various manners.
As a possible implementation manner, as shown in fig. 5, on the basis of the foregoing embodiment, the specific process of generating the candidate importance scores in the foregoing steps includes the following steps:
S501, obtaining a basic importance score obtained by scoring importance of any expert on any nth-level candidate evaluation item.
As a possible implementation manner, as shown in fig. 6, on the basis of the foregoing embodiment, a specific process of obtaining a basic importance score obtained by scoring the importance of any n-th candidate evaluation item by any expert in the foregoing steps includes the following steps:
s601, acquiring a comparison judgment matrix according to any two n-th-level candidate evaluation items.
Optionally, a reasonable scale can be selected, importance of a factor on an upper layer is evaluated among factors on the same layer, an expert quantifies thinking judgment by using a 1-9 scale method, and a pairwise comparison judgment matrix is constructed by referring to tables 2 (importance definition table) and 3 (secondary importance definition table).
| Scale with a scale bar | Meaning of |
| 1 | Compared with two factors, has equal importance |
| 3 | One factor is slightly more important than the other factor compared to the two factors |
| 5 | Two factors are compared, one factor being more important than the other |
| 7 | Two factors are compared, one factor being more important than the other factor |
| 9 | Comparing two factors, one factor is extremely important than the other factor |
| 2、4、6、8 | Median between the two adjacent determinations |
TABLE 2
| Scale with a scale bar | Meaning of |
| 1/3 | Two factors are compared, one being slightly less than the other |
| 1/5 | Two factors are compared, one factor being less than the other factor |
| 1/7 | Two factor phasesIn comparison, one factor is less important than the other |
| 1/9 | Two factors are compared, one factor being extremely less important than the other factor |
| 2、4、6、8 | Median between the two adjacent determinations |
TABLE 3 Table 3
Further, referring to table 4 (pairwise comparison judgment matrix of index factors), in the judgment matrix, element aij represents the ratio of the relative importance of element i to element j, and the following relationship exists:
a ij >0;a ii =0;a ij =1/a ij (i,j=1,2,……,n)
| index (I) | A 1 | A 1 | … | A 1 |
| A 1 | a 11 | a 11 | … | a 1n |
| A 2 | a 21 | a 22 | … | a 2n |
| … | … | … | … | … |
| A n | … | a nn |
TABLE 4 Table 4
S602, analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors.
In the embodiment of the application, after the comparison judgment matrix is obtained, the judgment matrix can be solved to obtain the characteristic root and the characteristic vector, and consistency test is performed.
The evaluation factors are compared in pairs according to table 4 to obtain a judgment matrix, and the relative weight of each index is required to be further calculated. The methods for calculating the importance score vector and the feature root are "sum product method", "root method" and "root method". The exact value of the importance score of each index, i.e. the eigenvalue of matrix a, should be calculated theoretically, but the weight used in general is an approximate estimate of matrix a, and in practice, the approximation of the eigenvalue of matrix is usually calculated by a sum-product method, which is relatively simple to calculate.
As one possible implementation, the matrix a may be normalized by column by the following formula:
the normalized judgment matrix of each column is then added by row, that is
And normalizing the obtained sum vector to obtain importance score vector->
Further, the matrix maximum feature root can be calculated by the following formula:
s603, carrying out consistency test according to the feature root and the feature vector, and determining that the consistency test is passed.
In the examples of the present application, lambda is obtained max And then, consistency test is needed to ensure consistency of the evaluator on the multi-factor evaluation thought logic, so that all the evaluations are coordinated and consistent without internal result contradiction, which is a necessary condition for ensuring reliable evaluation conclusion. When completely consistent, the following transfer relationship should exist:
a ik =a ij a jk (i,j,k=1,2,……n)
otherwise, the two are inconsistent.
When judging complete agreement, should have lambda max =n, the remaining feature roots are all zero. Wherein, the consistency index
When not consistent, table 5 (average random uniformity index table 1-15) is thus generally given with respect to average randomConsistency index r.i. if +.>
The judgment result of the obtained comparison matrix is considered acceptable.
| n | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| R.I. | 0 | 0 | 0.52 | 0.89 | 1.12 | 1.26 | 1.36 | 1.41. | 1.46 | 1.49 | 1.52 | 1.54 | 1.56 | 1.58 | 1.59 |
TABLE 5
S502, acquiring authority scores of all any expert scoring the importance of any candidate evaluation item.
In the application, four indexes of working years, learning and research directions and the grasping degree of an expert on an evaluation problem can be selected to evaluate expert group members to obtain expert support degree, target evaluation index values are subjected to normalization processing and uniformly transformed into a range of (0, 1), in the evaluation index for evaluating the expert support degree, the importance score of the working years is 0.1, the importance score of the learning is 0.2, the importance score of the closeness of the research field is 0.3, and the importance score of the evaluation grasping degree is 0.4.
S503, determining a candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
For example, the weight of any candidate evaluation item may be set to a i At the same time satisfy
The evaluation quantization value of the ith candidate evaluation item of the jth expert is +.>
In this case, expert support, i.e. candidate importance score->
Wherein,,
is a normalized value.
Therefore, the basic importance scores obtained by scoring the importance of any n-th candidate evaluation item by any expert are obtained, the authority scores of all any expert scoring the importance of any candidate evaluation item are obtained, and then the candidate importance score corresponding to any candidate evaluation item is determined according to the basic importance score and the authority score, so that the accuracy deviation caused by subjective evaluation of the expert and the difficulty that the evaluation index cannot be quantified are avoided by determining the candidate importance score, and the effect and reliability of enterprise security risk research and judgment are further improved.
It should be noted that, in the present application, after the score of the enterprise to be evaluated is obtained, the enterprise security risk evaluation result of the enterprise to be evaluated may be obtained according to the score.
As a possible implementation manner, as shown in fig. 7, based on the above embodiment, the specific process of performing enterprise security risk assessment on an enterprise to be assessed according to the score in the above steps includes the following steps:
s701, obtaining a score interval in which the score is located.
As a possible implementation manner, candidate score intervals may be divided in advance, and then the score interval in which the candidate score intervals are located is determined according to the score.
For example, the following 4 candidate score intervals may be pre-partitioned: the score is greater than or equal to 900 time division and is a first interval, the score is greater than or equal to 750 time division and is less than 900 time division and is a second interval, the score is greater than or equal to 600 time division and is less than 750 time division and is a third interval, and the score is less than 600 time division and is a fourth interval.
S702, determining an enterprise security risk assessment result of an enterprise to be assessed according to the score interval.
As a possible implementation manner, a mapping relationship between the score interval and the enterprise security risk assessment result may be preset. Optionally, after the score interval is acquired, the enterprise security risk assessment result can be obtained by inquiring the mapping relation.
It should be noted that, the display form of the enterprise security risk assessment result may be selected according to the actual situation. For example, the enterprise security risk assessment result may be set to be text display, optical display of different colors, voice broadcast, and the like.
For example, when the score interval is preset as the first interval, the enterprise security risk assessment result may be very dangerous, in which case, when the red light is flashed while the voice broadcast is performed, and when the score interval is the second interval, the enterprise security risk assessment result may be dangerous, in which case, when the orange light is flashed while the voice broadcast is performed, and when the score interval is the third interval, the enterprise security risk assessment result may be very safe, in which case, when the yellow light is flashed while the voice broadcast is performed, and when the score interval is the fourth interval, the enterprise security risk assessment result may be very safe, in which case, the blue light may be flashed while the voice broadcast is performed.
Further, after the enterprise security risk assessment result of the enterprise to be assessed is determined, relevant personnel such as the enterprise to be assessed, the risk processing group and the like can be informed in time.
As one possible implementation manner, a notification message for the enterprise security risk assessment result may be obtained, and the notification message is sent to the enterprise to be assessed.
Therefore, the enterprise security risk assessment result of the enterprise to be assessed is determined by acquiring the score interval in which the score is located and according to the score interval. Further, after the enterprise security risk assessment result of the enterprise to be assessed is determined, a notification message of the enterprise security risk assessment result is acquired, and the notification message is sent to the enterprise to be assessed, so that the intelligent degree in the enterprise security risk assessment process and the efficiency of supervising the enterprise to be assessed are further improved.
In order to implement the above embodiment, the present embodiment provides an enterprise security risk assessment apparatus, and fig. 8 is a schematic structural diagram of an enterprise security risk assessment apparatus provided in the embodiment of the present application.
As shown in fig. 8, the enterprise security risk assessment apparatus 1000 includes: a first acquisition module 110, a second acquisition module 120, a third acquisition module 130, and an evaluation module 140. Wherein,,
a first obtaining module 110, configured to obtain basic information of an enterprise to be evaluated;
a second obtaining module 120, configured to obtain an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item, where n is an integer greater than 1;
A third obtaining module 130, configured to obtain a score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score;
and the evaluation module 140 is configured to perform enterprise security risk evaluation on the enterprise to be evaluated according to the score.
According to an embodiment of the present application, the second obtaining module 120 is further configured to:
selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy;
and taking the candidate evaluation items in the target evaluation strategy as the n-th stage evaluation items, and taking the candidate importance scores in the target evaluation strategy as the importance scores.
According to an embodiment of the present application, the second obtaining module 120 is further configured to:
performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as the nth-stage evaluation item;
and acquiring an identifier of each n-th-level evaluation item, and taking an importance score selected from candidate importance scores according to the identifier as the importance score of the n-th-level evaluation item.
According to an embodiment of the present application, the generating process of the candidate importance score includes: obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert; acquiring authority scores of all the experts scoring the importance of any nth-level candidate evaluation item; and determining the candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
According to an embodiment of the present application, the obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert includes: obtaining a comparison judgment matrix according to any two n-th-level candidate evaluation items; analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors; and carrying out consistency check according to the feature root and the feature vector, and determining that the consistency check is passed.
According to an embodiment of the present application, the third obtaining module 130 is further configured to:
processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item;
obtaining the sub-score of the enterprise to be evaluated according to the grading information and the nth grade evaluation item;
and obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
According to an embodiment of the present application, the evaluation module 140 is further configured to:
obtaining a fraction interval in which the fraction is located;
and determining an enterprise security risk assessment result of the enterprise to be assessed according to the score interval.
According to an embodiment of the present application, the evaluation module 140 is further configured to:
And acquiring a notification message of the enterprise security risk assessment result, and sending the notification message to the enterprise to be assessed.
According to the enterprise security risk assessment method provided by the application, basic information of an enterprise to be assessed can be obtained, an nth level assessment item and an importance score of the nth level assessment item for assessing the enterprise to be assessed are obtained, then the score of the enterprise to be assessed is obtained according to the basic information, the nth level assessment item and the importance score, and then enterprise security risk assessment is carried out on the enterprise to be assessed according to the score. Therefore, the quantitative calculation method is provided for accurately and intelligently evaluating the safety risk of the enterprise, the problems that qualitative analysis is affected by subjective evaluation, risk evaluation is not comprehensive enough, evaluation indexes cannot be quantified and data support is lacking are solved, efficient research and judgment of the safety risk of the enterprise is realized, and timely and effective supervision of the enterprise to be evaluated is facilitated.
In order to implement the above embodiment, the application further provides an electronic device 3000, as shown in fig. 9, including a memory 310, a processor 320, and a computer program stored in the memory 310 and capable of running on the processor 320, where the processor implements the above enterprise security risk assessment method when executing the program.
In order to implement the above-described embodiments, the present application also proposes a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the aforementioned enterprise security risk assessment method.
To achieve the above embodiments, the present application also proposes a computer program product comprising a computer program which, when executed by a processor, implements an enterprise security risk assessment method as described above.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present application may be performed in parallel, sequentially, or in a different order, provided that the desired results of the technical solutions disclosed in the present application can be achieved, and are not limited herein.
The above embodiments do not limit the scope of the application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application are intended to be included within the scope of the present application.
Claims (19)
1. An enterprise security risk assessment method, comprising:
basic information of an enterprise to be evaluated is obtained;
acquiring an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item, wherein n is an integer greater than 1;
obtaining the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score;
and carrying out enterprise security risk assessment on the enterprise to be assessed according to the score.
2. The method for evaluating the security risk of an enterprise according to claim 1, wherein the acquiring the n-th level of evaluation item for evaluating the enterprise to be evaluated and the importance score of the n-th level of evaluation item comprises:
selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy;
and taking the candidate evaluation items in the target evaluation strategy as the n-th stage evaluation items, and taking the candidate importance scores in the target evaluation strategy as the importance scores.
3. The method for evaluating the security risk of an enterprise according to claim 1, wherein the acquiring the n-th level of evaluation item for evaluating the enterprise to be evaluated and the importance score of the n-th level of evaluation item comprises:
Performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as the nth-stage evaluation item;
and acquiring an identifier of each n-th-level evaluation item, and taking an importance score selected from candidate importance scores according to the identifier as the importance score of the n-th-level evaluation item.
4. The enterprise security risk assessment method according to claim 2 or 3, wherein the generation process of the candidate importance scores comprises:
obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert;
acquiring authority scores of all the experts scoring the importance of any nth-level candidate evaluation item;
and determining the candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
5. The method for evaluating the security risk of an enterprise according to claim 4, wherein the obtaining the basic importance score obtained by scoring the importance of any nth candidate evaluation item by any expert comprises:
Obtaining a comparison judgment matrix according to any two n-th-level candidate evaluation items;
analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors;
and carrying out consistency check according to the feature root and the feature vector, and determining that the consistency check is passed.
6. The enterprise security risk assessment method of claim 1, wherein the obtaining the score for the enterprise to be assessed based on the base information, the nth level assessment entry, and the importance score comprises:
processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item;
obtaining the sub-score of the enterprise to be evaluated according to the grading information and the nth grade evaluation item;
and obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
7. The enterprise security risk assessment method according to claim 1 or 6, wherein the enterprise security risk assessment for the enterprise to be assessed according to the score comprises:
obtaining a fraction interval in which the fraction is located;
And determining an enterprise security risk assessment result of the enterprise to be assessed according to the score interval.
8. The method for evaluating the security risk of an enterprise according to claim 7, further comprising, after determining the result of evaluating the security risk of the enterprise to be evaluated:
and acquiring a notification message of the enterprise security risk assessment result, and sending the notification message to the enterprise to be assessed.
9. An enterprise security risk assessment apparatus, comprising:
the first acquisition module is used for acquiring basic information of an enterprise to be evaluated;
the second acquisition module is used for acquiring an nth level evaluation item for evaluating the enterprise to be evaluated and an importance score of the nth level evaluation item, wherein n is an integer greater than 1;
the third acquisition module is used for acquiring the score of the enterprise to be evaluated according to the basic information, the nth level evaluation item and the importance score;
and the evaluation module is used for evaluating the enterprise security risk of the enterprise to be evaluated according to the score.
10. The enterprise security risk assessment apparatus of claim 9, wherein the second acquisition module is further configured to:
Selecting any evaluation strategy from the candidate evaluation strategies as a target evaluation strategy;
and taking the candidate evaluation items in the target evaluation strategy as the n-th stage evaluation items, and taking the candidate importance scores in the target evaluation strategy as the importance scores.
11. The enterprise security risk assessment apparatus of claim 9, wherein the second acquisition module is further configured to:
performing evaluation item division from the first-stage candidate evaluation item, and taking the candidate evaluation item obtained by the last division as the nth-stage evaluation item;
and acquiring an identifier of each n-th-level evaluation item, and taking an importance score selected from candidate importance scores according to the identifier as the importance score of the n-th-level evaluation item.
12. The apparatus according to claim 10 or 11, wherein the generation process of the candidate importance score includes:
obtaining a basic importance score obtained by scoring the importance of any nth-level candidate evaluation item by any expert;
acquiring authority scores of all the experts scoring the importance of any nth-level candidate evaluation item;
And determining the candidate importance score corresponding to any candidate evaluation item according to the basic importance score and the authority score.
13. The enterprise security risk assessment apparatus of claim 12, wherein the obtaining a base importance score for any expert scoring the importance of any nth level candidate assessment item comprises:
obtaining a comparison judgment matrix according to any two n-th-level candidate evaluation items;
analyzing the comparison judgment matrix to obtain characteristic roots and characteristic vectors;
and carrying out consistency check according to the feature root and the feature vector, and determining that the consistency check is passed.
14. The enterprise security risk assessment apparatus of claim 9, wherein the third acquisition module is further configured to:
processing the basic information according to the nth stage evaluation item to acquire grading information corresponding to the nth stage evaluation item;
obtaining the sub-score of the enterprise to be evaluated according to the grading information and the nth grade evaluation item;
and obtaining the score of the enterprise to be evaluated according to the sub-score and the importance score.
15. The enterprise security risk assessment apparatus of claim 9 or 14, wherein the assessment module is further configured to:
obtaining a fraction interval in which the fraction is located;
and determining an enterprise security risk assessment result of the enterprise to be assessed according to the score interval.
16. The enterprise security risk assessment apparatus of claim 15, wherein the assessment module is further configured to:
and acquiring a notification message of the enterprise security risk assessment result, and sending the notification message to the enterprise to be assessed.
17. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-8.
18. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-8.
19. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211686070.8A CN116227919A (en) | 2022-12-27 | 2022-12-27 | Enterprise safety risk assessment method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211686070.8A CN116227919A (en) | 2022-12-27 | 2022-12-27 | Enterprise safety risk assessment method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116227919A true CN116227919A (en) | 2023-06-06 |
Family
ID=86568757
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211686070.8A Pending CN116227919A (en) | 2022-12-27 | 2022-12-27 | Enterprise safety risk assessment method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116227919A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777225A (en) * | 2023-08-17 | 2023-09-19 | 清华大学 | Quantification method, device, computer equipment and medium for enterprise security risk level |
-
2022
- 2022-12-27 CN CN202211686070.8A patent/CN116227919A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116777225A (en) * | 2023-08-17 | 2023-09-19 | 清华大学 | Quantification method, device, computer equipment and medium for enterprise security risk level |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110163500B (en) | Fuzzy fault tree-based oil storage tank area fire explosion risk assessment method | |
| Raviv et al. | Analyzing risk factors in crane-related near-miss and accident reports | |
| Wang et al. | An application of nonlinear fuzzy analytic hierarchy process in safety evaluation of coal mine | |
| Verma et al. | Highlights from the literature on risk assessment techniques adopted in the mining industry: a review of past contributions, recent developments and future scope | |
| Zhou et al. | A hybrid approach for safety assessment in high-risk hydropower-construction-project work systems | |
| Zhao et al. | Analysis of factors that influence hazardous material transportation accidents based on Bayesian networks: A case study in China | |
| Hassan et al. | Risk-based asset integrity indicators | |
| Jahangiri et al. | A neuro-fuzzy risk prediction methodology for falling from scaffold | |
| CN106503807B (en) | Improved RCM analysis method and mobile equipment integrity evaluation system based on same | |
| Soner | Application of fuzzy DEMATEL method for analysing of accidents in enclosed spaces onboard ships | |
| WO2018205570A1 (en) | Risk assessment method for operation state of charging station | |
| Li et al. | An integrated methodology to manage risk factors of aging urban oil and gas pipelines | |
| Silva et al. | Finding occupational accident patterns in the extractive industry using a systematic data mining approach | |
| CN116227919A (en) | Enterprise safety risk assessment method and device and electronic equipment | |
| CN112183912B (en) | Method and device for evaluating failure probability of pipeline of oil delivery station | |
| CN111639864A (en) | Quantitative assessment method for post security competence of port operating personnel | |
| CN106127607A (en) | A kind of analysis method of electric power accident upper and lower level reason degree of association | |
| Aliabadi et al. | Analysis of the severity of occupational injuries in the mining industry using a Bayesian network | |
| Medeiros et al. | Hydrogen pipelines: enhancing information visualization and statistical tests for global sensitivity analysis when evaluating multidimensional risks to support decision-making | |
| CN115471097A (en) | Data-driven underground local area safety state evaluation method | |
| Kuzucuoğlu et al. | Prioritization of risk mitigation strategies for contact with sharp object accidents using hybrid bow-tie approach | |
| Zheng et al. | A hybrid approach for evaluating faulty behavior risk of high‐risk operations using ANP and evidence theory | |
| CN113935571A (en) | Gas station security risk assessment grading method and system | |
| CN113327062A (en) | Information grade determining method and device, computer equipment and storage medium | |
| Wang et al. | Risk assessment of coal mine safety production management activities based on FMEA-BN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |