CN116777225A

CN116777225A - Quantification method, device, computer equipment and medium for enterprise security risk level

Info

Publication number: CN116777225A
Application number: CN202311035793.6A
Authority: CN
Inventors: 黄全义; 王可
Original assignee: Tsinghua University
Current assignee: Tsinghua University
Priority date: 2023-08-17
Filing date: 2023-08-17
Publication date: 2023-09-19

Abstract

The application relates to a quantification method, a quantification device, computer equipment and a quantification medium for enterprise security risk levels. The method comprises the following steps: acquiring classification information and grade information of each enterprise personnel of a target enterprise; acquiring a security risk quantification value of each enterprise personnel and a security risk weight value of each enterprise personnel according to classification information and grade information of each enterprise personnel; acquiring a security risk quantification report of a target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize the security risk level of the target enterprise. By adopting the method, the security risk assessment can be carried out on the enterprise personnel, and further, security responsibility level improvement measures are provided for each enterprise personnel, so that the overall security operation level of the enterprise is improved.

Description

Quantification method, device, computer equipment and medium for enterprise security risk level

Technical Field

The present application relates to the field of security assessment technologies, and in particular, to a method and apparatus for quantifying security risk level of an enterprise, a computer device, and a medium.

Background

Multiple risks exist in the enterprise production process, so that enterprise accidents can be caused, personnel loss and property loss are caused, and therefore, how to evaluate the enterprise security risk is a problem to be solved currently.

At present, the security risk state of an enterprise is generally evaluated from the viewpoint of hidden danger points causing major accidents of the enterprise, and further, enterprise security operation improvement measures can be proposed from the aspects of personnel, machines, articles, environment, management and the like based on the security risk state evaluation result of the enterprise.

However, the conventional technology has a problem that security risk assessment cannot be performed on the whole enterprise personnel.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a method, an apparatus, a computer device, and a medium for quantifying an enterprise security risk level that can perform security risk assessment on an enterprise whole person.

In a first aspect, the present application provides a method for quantifying an enterprise security risk level. The method comprises the following steps:

acquiring classification information and grade information of each enterprise personnel of a target enterprise;

acquiring a security risk quantification value of each enterprise personnel and a security risk weight value of each enterprise personnel according to classification information and grade information of each enterprise personnel;

Acquiring a security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize a security risk level of the target enterprise.

In one embodiment, the obtaining the security risk quantification value of each enterprise personnel according to the classification information and the grade information of each enterprise personnel includes:

determining security risk test questions of the enterprise personnel according to the classification information and the grade information of the enterprise personnel;

and testing the security risk level of each enterprise personnel by using the security risk test questions of each enterprise personnel to obtain the security risk quantification value of each enterprise personnel.

In one embodiment, the determining the security risk test question of each enterprise personnel according to the classification information and the grade information of each enterprise personnel includes:

aiming at each enterprise personnel, determining initial test questions corresponding to the enterprise personnel from a preset test question library according to classification information and grade information of the enterprise personnel;

and combining the initial test questions according to a preset combination rule to obtain the safety risk test questions.

In one embodiment, the obtaining the security risk weight value of each enterprise personnel according to the classification information and the grade information of each enterprise personnel includes:

determining classification weight values of the enterprise personnel according to the classification information of the enterprise personnel;

determining importance weight values of the enterprise personnel according to the grade information of the enterprise personnel;

and acquiring the security risk weight value of each enterprise personnel according to the classification weight value and the importance weight value of each enterprise personnel.

In one embodiment, the obtaining the security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person includes:

according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel, acquiring the contribution value of each enterprise personnel to the security risk level of the target enterprise;

determining a security risk quantification value of the target enterprise according to the contribution value of each enterprise personnel to the security risk level of the target enterprise and the security risk weight value of each enterprise personnel;

And acquiring the security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel.

In one embodiment, the obtaining the security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel includes:

determining the security risk level of the target enterprise according to the security risk quantification value of the target enterprise and a preset corresponding relation;

and generating the security risk quantification report according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel.

In one embodiment, the method further comprises:

and obtaining the safe operation optimization scheme of the target enterprise according to the safe risk quantification report and a preset safe operation optimization scheme generation rule.

In a second aspect, the application further provides a quantifying device for enterprise security risk level. The device comprises:

the first acquisition module is used for acquiring classification information and grade information of each enterprise personnel of the target enterprise;

the second acquisition module is used for acquiring the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel according to the classification information and the grade information of each enterprise personnel;

The third acquisition module is used for acquiring a security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize a security risk level of the target enterprise.

In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor which when executing the computer program performs the steps of:

In a fourth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

In a fifth aspect, the present application also provides a computer program product. The computer program product comprises a computer program which, when executed by a processor, implements the steps of:

According to the enterprise security risk level quantification method, device, computer equipment and medium, the security risk quantification value and the security risk weight value of each enterprise person can be further obtained according to the classification information and the level information of each enterprise person by obtaining the classification information and the level information of each enterprise person of the target enterprise, so that the security risk quantification report representing the security risk level of the target enterprise is obtained. Compared with the prior art, from the point of hidden danger causing major accidents of enterprises, the quantification method of the enterprise security risk level in the application can obtain the security risk quantification value of the enterprise personnel from the point of view of each enterprise personnel in the target enterprise, provide security responsibility level improvement measures for each enterprise personnel, and improve the evaluation result and the improvement measures to the security operation level improvement effect of the enterprise.

Drawings

FIG. 1 is an application environment diagram of a method for quantifying enterprise security risk levels in one embodiment;

FIG. 2 is a flow chart illustrating a method for quantifying security risk levels of an enterprise in one embodiment;

FIG. 3 is a flowchart illustrating a method for quantifying security risk levels of an enterprise according to another embodiment;

FIG. 4 is a flowchart illustrating a method for quantifying security risk levels of an enterprise according to another embodiment;

FIG. 5 is a flowchart illustrating a method for quantifying security risk levels of an enterprise according to another embodiment;

FIG. 6 is a flowchart illustrating a method for quantifying security risk levels of an enterprise according to another embodiment;

FIG. 7 is a flowchart illustrating a method for quantifying security risk levels of an enterprise according to another embodiment;

FIG. 8 is a block diagram illustrating a quantization apparatus for enterprise security risk level in one embodiment;

FIG. 9 is a block diagram illustrating a quantization apparatus for enterprise security risk level in another embodiment;

FIG. 10 is a block diagram illustrating a quantization apparatus for enterprise security risk level in another embodiment;

FIG. 11 is a block diagram illustrating a quantization apparatus for enterprise security risk level in another embodiment;

fig. 12 is a block diagram of an apparatus for quantifying security risk level of an enterprise according to another embodiment.

Detailed Description

The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.

It should be noted that, in the prior art, methods such as a security check table, an index system, a fault tree, an event tree, a bowknot model, a bayesian network and the like are mostly adopted to evaluate the security risk state of the enterprise, so that corresponding improvement measures are provided. However, the above method is most from the point of hidden trouble causing major accidents of enterprises, and cannot evaluate the factors affecting the safe operation of enterprises more comprehensively, such as the high risk state of enterprises caused by public health events or natural environmental problems. In addition, the improvement measures proposed by the assessment method according to the prior art cannot be completely put on the safety responsibility of all enterprise personnel, and the personal safety responsibility level of all enterprise personnel cannot be pertinently improved, so that the assessment results and the improvement measures have the effect of improving the safety operation level of the enterprise to a certain extent.

The method for quantifying the enterprise security risk level provided by the embodiment of the application can be applied to an application environment shown in fig. 1. The computer device may be a terminal comprising a processor, a memory, a communication interface, a display screen and input means connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program, when executed by a processor, implements a method for quantifying an enterprise security risk level. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

In one embodiment, as shown in fig. 2, a method for quantifying an enterprise security risk level is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:

s201, obtaining classification information and grade information of each enterprise personnel of the target enterprise.

The classification information of the enterprise personnel is used for representing the work class of each enterprise personnel, and the grade information of the enterprise personnel is used for representing the importance degree of each enterprise personnel. Optionally, each enterprise personnel in the target enterprise may be divided into three major classes, including enterprise management personnel, production operation personnel and enterprise auxiliary personnel, each major class may include a plurality of middle classes, each middle class may include a plurality of minor classes, each minor class may include a plurality of job types, generally, classification information of each enterprise personnel may be divided into job types, but if there is a situation that classification information of a part of enterprise personnel cannot be divided into job types, the lowest-level personnel classification is used as classification information, for example, if personnel classification of a certain enterprise personnel is lowest divided into minor classes, the minor classes cannot be divided into a plurality of job types, and classification information of the enterprise personnel is represented by the corresponding minor classes. Illustratively, the production crew may include a plurality of middle classes, wherein one middle class may be a miner, the miner may include a plurality of subclasses, wherein one subclass may be a mineral picker, the mineral picker includes a plurality of subclasses, wherein one subclass may be an open air miner, the open air miner may include a plurality of work species, wherein one work species is an open air mining excavator driver, and if one enterprise personnel is an open air mining excavator driver, the classification information of the enterprise personnel is an open air mining excavator driver in the production crew class. For enterprise personnel with identities containing a plurality of work species, the most important work species are used as the personnel classification information, so that the uniqueness of each personnel classification information of the enterprise is ensured. Alternatively, the level information for each enterprise person may include generally important, moderately important, very important, and the like.

In this embodiment, personnel classification can be performed on each enterprise personnel of the target enterprise according to the classification standard of the target enterprise on the enterprise personnel, so as to obtain classification information of each enterprise personnel. It will be appreciated that the levels of posts in the enterprise are not the same for each enterprise person, and that different levels of posts correspond to different levels of importance. Further, in this embodiment, the level information of each enterprise person may be determined according to the classification information of each enterprise person and the corresponding post level of each enterprise person. It can be understood that when the post of the enterprise personnel in the target enterprise changes or the working content changes, the classification information and the grade information corresponding to each enterprise personnel may also change, and the classification information and the grade information of the enterprise personnel with the post changing or the working content changing need to be adaptively modified.

S202, according to the classification information and the grade information of each enterprise personnel, acquiring the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel.

The lower the security risk quantification value of the enterprise personnel is, the lower the security awareness and the lack of security capability of the enterprise personnel are, and the more likely to cause enterprise security risk accidents; the security risk weight value of each enterprise personnel is used for representing the importance degree of each enterprise personnel in the enterprise security risk, and the higher the security risk weight value of each enterprise personnel is, the higher the importance degree of each enterprise personnel in the enterprise security risk is.

Optionally, a plurality of quantization standards of the enterprise personnel may be stored in the terminal in advance, and when the classification information or the grade information of each enterprise personnel is different, each enterprise personnel corresponds to different quantization standards, and according to each quantization standard and the security information of each enterprise personnel, the security risk of each enterprise personnel is quantized, so as to obtain the security risk quantization value of each enterprise personnel and the security risk weight value of each enterprise personnel. Illustratively, the security information of each enterprise personnel may include a attendance rate of security training of the enterprise personnel, a security accident occurrence frequency of the enterprise personnel, and the like, and each item of security information of the enterprise personnel may be quantized according to a quantization standard corresponding to the enterprise personnel, so as to obtain a security risk quantization value of each security personnel; in addition, the security risk weight value corresponding to the classification information and the grade information of the enterprise personnel can be obtained according to the quantization standard corresponding to the enterprise personnel.

S203, acquiring a security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize the security risk level of the target enterprise.

The security risk level may include high risk, higher risk, medium risk, lower risk, low risk, etc.; the security risk quantification report may include a security risk quantification report of each enterprise personnel and a security risk quantification report of the enterprise population.

In this embodiment, the security risk quantification value of the target enterprise may be determined according to the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person, the security risk quantification report of each enterprise person may be generated according to the security risk quantification value of each enterprise person, and the security risk quantification report of the target enterprise may be generated according to the security risk quantification value of the target enterprise.

Optionally, the security risk quantification report of the enterprise personnel may include security risk quantification values of each enterprise personnel, security risk quantification value ranks of the enterprise personnel, and the security risk quantification report of the target enterprise may include security risk quantification value distribution conditions of the enterprise personnel.

According to the enterprise security risk level quantification method, the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person can be further obtained according to the classification information and the level information of each enterprise person by obtaining the classification information and the level information of each enterprise person of the target enterprise, so that the security risk quantification report representing the security risk level of the target enterprise is obtained. Compared with the prior art, from the viewpoint of hidden danger causing major accidents of enterprises, the quantification method of the enterprise security risk level in the application can obtain the security risk quantification value of the enterprise personnel from the viewpoint of each enterprise personnel in the target enterprise, provide security operation level improvement countermeasures for each enterprise personnel, and improve the evaluation result and the improvement effect of the improvement measures on the security operation level of the enterprise.

In the scenario of acquiring the security risk quantification value of each enterprise personnel according to the classification information and the grade information of each enterprise personnel, the security risk test question corresponding to each enterprise personnel may be determined according to the classification information and the grade information of each enterprise personnel, so that the security risk quantification value of each enterprise personnel is acquired according to the test result of each enterprise personnel. In one embodiment, as shown in fig. 3, S202 includes:

s301, determining security risk test questions of all enterprise personnel according to classification information and grade information of all enterprise personnel.

Optionally, the test question types of the security risk test question may include single choice questions, multiple choice questions, judgment questions, gap-filling questions, and the like, the test question content of the security risk test question may include a consciousness aspect, a capability aspect, and an environmental aspect, wherein the consciousness aspect may include three dimensions of security consciousness, risk consciousness, and responsibility consciousness, the capability aspect may include three dimensions of risk identification capability, risk prevention and control capability, and emergency disposition capability, and the environmental aspect may include three dimensions of equipment facility environment, physical space environment, and personal behavior environment.

In this embodiment, the proportion of different test question contents in the security risk test questions of each enterprise personnel may be determined according to the classification information of each enterprise personnel, so that the security risk test questions of each enterprise personnel are determined according to the proportion of each test question content in the security risk test questions of each enterprise personnel, the classification information and the grade information of each enterprise personnel.

For example, the ratio of each test question content in the security risk test questions of each enterprise personnel may be shown in table 1, when the enterprise personnel belong to the enterprise management personnel, the ratio of the test questions in the aspect of the awareness of the test question content in the security risk test questions of the enterprise personnel may be 40%, the ratio of the test questions in the aspect of the capability of the test question content in the security risk test questions of the enterprise personnel may be 40%, and the ratio of the test questions in the aspect of the environment of the test question content in the security risk test questions of the enterprise personnel may be 20%; when enterprise personnel belong to production operators, the proportion of test questions with the consciousness of the test questions in the safety risk test questions of the enterprise personnel can be 35%, the proportion of test questions with the capacity of the test questions in the safety risk test questions of the enterprise personnel can be 35%, and the proportion of test questions with the environment of the test questions in the safety risk test questions of the enterprise personnel can be 30%; when enterprise personnel belong to enterprise auxiliary personnel, the proportion of test questions in the aspect of consciousness of the test question content in the security risk test questions of the enterprise personnel can be 40%, the proportion of test questions in the aspect of capability of the test question content in the security risk test questions of the enterprise personnel can be 30%, and the proportion of test questions in the aspect of environment of the test question content in the security risk test questions of the enterprise personnel can be 30%.

TABLE 1

S302, acquiring the security risk quantification value of each enterprise personnel by using the security risk test questions of each enterprise personnel.

In this embodiment, the security risk quantification value of each enterprise personnel is obtained by using the security risk test questions of each enterprise personnel, further, the quantification value of the security risk test questions is calculated according to the answers of each question in the security risk test questions input by each enterprise personnel and the preset scoring rule, and the quantification value of each security risk test question is determined as the security risk quantification value of each enterprise personnel.

Optionally, the preset scoring rule may be a score set by the question when the answer of each question input by each enterprise personnel is the same as the preset correct answer of each question, and the quantized value corresponding to the question is determined to be correct, where the score may be 1; when the answer of each question is different from the preset correct answer of each question, judging that the result of the question is wrong, and adding the quantized values corresponding to the questions to obtain the quantized values of the security risk test questions, wherein the quantized values corresponding to the questions are 0.

In this embodiment, because the classification information and the grade information of each enterprise personnel are different, the determined security risk test questions of each enterprise personnel have different and lower repeatability, so that the purpose of quantifying the security risk for different enterprise personnel can be achieved.

In the above scenario of determining the security risk test questions of each enterprise personnel according to the classification information and the grade information of each enterprise personnel, first, determining the initial test questions corresponding to each enterprise personnel according to the classification information and the grade information of each enterprise personnel, and obtaining the security risk test questions of each enterprise personnel according to the preset combination rules and the initial test questions. In one embodiment, as shown in fig. 4, S301 includes:

s401, determining initial test questions corresponding to enterprise personnel from a preset test question library according to classification information and grade information of the enterprise personnel for each enterprise personnel.

In this embodiment, each topic in the preset topic library corresponds to a different content tag, a classification tag and a class tag, where the content tag includes security awareness, risk awareness, responsibility awareness, risk identification capability, risk prevention and control capability, emergency disposal capability, equipment facility environment, physical space environment and personal behavior environment; the classification labels correspond to the classification information of enterprise personnel and can comprise classification information corresponding to each middle class, subclass, fine class and work class; the level labels correspond to the level information of the enterprise personnel and may include general importance, medium importance, and very important. And determining the topics of the labels corresponding to the classification information and the grade information of the enterprise personnel in the preset topic library as initial topics of the enterprise personnel. For example, if the classification information of a certain enterprise personnel is an opencast mining driver in a production operator class and the grade information is very important, the initial test questions corresponding to the enterprise personnel are a plurality of test questions of which the classification labels are very important in a preset test question library.

It should be noted that, when the content tag includes multiple dimensions, the multiple dimensions belong to the same aspect, and the content tag of a subject may be security consciousness and risk consciousness, for example.

S402, combining the initial test questions according to a preset combination rule to obtain a security risk test question.

In this embodiment, the quantization values corresponding to the types of each test question in the preset test question library may be different, and the preset combination rule may be to extract the questions with the total quantization value of 100 minutes from the initial test questions according to the proportion of the security risk test questions of each enterprise personnel, and arrange the extracted questions according to the preset sequence, so as to obtain the security risk test questions.

For example, the quantization values corresponding to the types of the test questions in the preset test question library may be different, the quantization value corresponding to each single choice question in the preset test question library may be 0.5 score, the quantization value corresponding to multiple choice questions may be 1 score, the quantization value corresponding to the judgment questions may be 1 score, and the quantization value corresponding to the blank filling questions may be 2 scores; the quantization values corresponding to the test questions in the preset test question library can be the same, and the quantization values corresponding to the single-choice questions, the multiple-choice questions, the judgment questions and the gap filling questions in the preset test question library are all 1 minute.

It should be noted that, the preset question library is designed according to the type of the enterprise and the personnel classification in the enterprise, different enterprises correspond to different question libraries, the enterprises of the same type or similar type can use the same parent question library, and the adjustment is performed according to the actual situation of each enterprise on the basis of the parent question library, so as to obtain the question library corresponding to each enterprise, and the actual situation of each enterprise can include the geographic position and social environment where the enterprise is located, for example.

In this embodiment, first, according to classification information and grade information of each enterprise person, test questions meeting the classification information and grade information of each enterprise person in a preset test question library are determined as initial test questions, the test question range corresponding to each enterprise person is narrowed to be within the range of the initial test questions, and further, the initial test questions are combined according to a preset combination rule to obtain security risk test questions corresponding to each enterprise person, so that the obtained security risk test questions have higher pertinence.

In the scenario of acquiring the security risk weight value of each enterprise personnel according to the classification information and the grade information of each enterprise personnel, determining the corresponding classification weight value according to the classification information of each enterprise personnel, and determining the corresponding importance weight value according to the grade information of each enterprise personnel, thereby determining the security risk weight value of each enterprise personnel according to the classification weight value and the importance weight value. In one embodiment, as shown in fig. 5, S202 includes:

S501, determining classification weight values of all enterprise personnel according to classification information of all enterprise personnel.

In this embodiment, the classification information of each enterprise personnel is different, and the corresponding classification weight value is also different, so that the classification weight value of each enterprise personnel can be determined according to the classification information of each enterprise personnel and the preset corresponding relationship of the classification weights.

Optionally, the preset classification weight correspondence may be shown in table 2, where when the classification information of the enterprise personnel belongs to a large class of enterprise management personnel, the classification weight value corresponding to the enterprise personnel is 0.3, when the classification information of the enterprise personnel belongs to a large class of production operation personnel, the classification weight value corresponding to the enterprise personnel is 0.5, and when the classification information of the enterprise personnel belongs to a large class of enterprise auxiliary personnel, the classification weight value corresponding to the enterprise personnel is 0.2.

TABLE 2

S502, determining importance weight values of all enterprise personnel according to the grade information of all enterprise personnel.

In this embodiment, the level information of each enterprise personnel is different, and the corresponding level weight values are also different, so that the importance weight value of each enterprise personnel can be determined according to the corresponding relationship between the level information of each enterprise personnel and the preset level weight.

Optionally, the preset corresponding relation of the level weights may be shown in table 3, where when the level information of the enterprise personnel is very important, the importance weight corresponding to the enterprise personnel is 0.5, when the level information of the enterprise personnel is moderately important, the importance weight corresponding to the enterprise personnel is 0.3, and when the level information of the enterprise personnel is generally important, the importance weight corresponding to the enterprise personnel is 0.2.

TABLE 3 Table 3

S503, according to the classification weight value and the importance weight value of each enterprise personnel, acquiring the security risk weight value of each enterprise personnel.

Alternatively, in this embodiment, the product of the classification weight value and the importance weight value of each enterprise person may be determined as the security risk weight value of each enterprise person. For example, the security risk weight value of each enterprise person may be expressed asWherein->Representing a security risk weight value of an ith enterprise person; />The importance weight of the g level of the ith enterprise personnel is represented, the importance weight of the first level is the importance weight value 0.5 corresponding to very important importance, the importance weight of the second level is the importance weight value 0.3 corresponding to medium importance, and the importance weight of the third level is the importance weight value 0.2 corresponding to general importance; / >The classification weight of the ith enterprise personnel in the h level is represented, the classification weight value of the first level is 0.3 of the classification weight value corresponding to the enterprise manager, and the classification weight value of the second level is corresponding to the production operatorThe classification weight value is 0.5, and the classification weight value of the third level is 0.2 corresponding to the auxiliary personnel of the enterprise.

For example, if the classification information of a certain enterprise personnel belongs to an enterprise manager, and the level information is generally important, the security risk weight corresponding to the enterprise personnel is 0.3×0.3=0.9.

In this embodiment, when the security risk weight value of each enterprise personnel is calculated, calculation is performed from two angles of classification information and grade information of each enterprise personnel, and the security risk weight value of each enterprise personnel is obtained on the basis of obtaining the classification weight value corresponding to the classification information and the importance weight value corresponding to the grade information, so that the obtained security risk weight value of each enterprise personnel is relatively comprehensive.

In the scenario of acquiring the security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person, the contribution value of each enterprise person to the security risk level of the target enterprise is acquired according to the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person, so as to determine the security risk quantification value of the target enterprise, and further acquire the security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise person. In one embodiment, as shown in fig. 6, S203 described above includes:

S601, according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel, the contribution value of each enterprise personnel to the security risk level of the target enterprise is obtained.

In this embodiment, the product of the security risk quantification value of each enterprise person and the security risk weight value of the enterprise person may be used as the contribution value of each enterprise person to the security risk level of the target enterprise, and the contribution value of each enterprise person to the security risk level of the target enterprise may be expressed asWherein->Representing the contribution value of the ith enterprise personnel to the security risk level of the target enterprise, +.>Representing the security risk weight value of each enterprise personnel, < ->Representing the security risk quantification values of i enterprise personnel, wherein the security risk quantification value ranges from [0,100 ]]Between them.

S602, determining a security risk quantification value of the target enterprise according to the contribution value of each enterprise personnel to the security risk level of the target enterprise and the security risk weight value of each enterprise personnel.

Optionally, the security risk quantification value of the target enterprise may be a sum of contribution values of all enterprise personnel to the security risk level of the target enterprise; or, the preset number of contribution values with the smallest contribution value to the security risk level of the target enterprise in all enterprise personnel may be removed, the preset number of contribution values with the largest contribution value to the security risk level of the target enterprise in all enterprise personnel may be removed, and the average value of the contribution values of the rest enterprise personnel to the security risk level of the target enterprise may be used as the security risk quantification value of the target enterprise.

Alternatively, in this embodiment, the security risk quantification value of the target enterprise may be expressed asWherein G represents a security risk quantification value of the target enterprise,/->Representing the contribution value of the ith enterprise personnel to the security risk level of the target enterprise, +.>The safety risk weight value of each enterprise personnel is represented, and n represents the number of the enterprise personnel.

S603, acquiring a security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel.

In this embodiment, the security risk quantification report may include a security risk quantification report of each enterprise person and a security risk quantification report of the enterprise as a whole.

Optionally, the security risk quantification report of each enterprise personnel may include a security risk quantification value of each enterprise personnel, a ranking of the security risk quantification value of each enterprise personnel in a security risk quantification value of each enterprise personnel, a ranking of the security risk quantification value of each security risk quantification value in a large class where each enterprise personnel is located, a proportion of nine dimension test question quantification values to a total quantification value of each dimension test question, a ranking of nine dimension test question quantification values to a total quantification value of each dimension test question, a personal security production responsibility implementation evaluation conclusion, and the like.

Optionally, the security risk quantification report of the enterprise ensemble may include the distribution of security risk quantification results and related quantification conclusions of the enterprise personnel, and the security risk quantification results and evaluation conclusions of the enterprise. The distribution situation and the related quantification conclusion of the enterprise personnel security risk quantification result may include an ascending order list of the enterprise personnel security risk quantification value, a statistics chart of each subsection of the quantification value, an ascending order list of the proportion of nine dimension test questions quantification values to the total quantification value of the dimension test questions, a statistics chart of the proportion of nine dimension test questions quantification values to the total quantification value of the dimension test questions, an enterprise security management situation quantification conclusion, an enterprise personnel standardized operation situation conclusion, an enterprise personnel advanced emergency treatment situation conclusion and the like, and the enterprise security risk quantification result and the quantification conclusion may include enterprise awareness, capability and environmental quantification value occupation ratio, enterprise security risk quantification values, enterprise security risk level, enterprise personnel total security production responsibility implementation situation conclusion and the like.

Illustratively, taking the quantized value duty ratio in the aspect of enterprise awareness as an example, the related calculation formula may be: the weight of the contribution of each enterprise personnel to the quantized value duty ratio in the aspect of enterprise consciousness is as follows Wherein->Importance weight representing the g-th level of the ith enterprise personnel, +.>A classification weight representing an ith level of business personnel; the contribution value of each enterprise personnel to the score ratio in the aspect of enterprise consciousness is->Wherein->Representing the proportion value of the quantized value of the three-dimensional test questions in the consciousness aspect of the ith enterprise personnel to the total quantized value of the three-dimensional test questions of the enterprise personnel; assessment score in terms of enterprise awarenessN represents the number of personnel in the enterprise.

In this embodiment, firstly, according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel, the contribution value of each enterprise personnel to the security risk level of the target enterprise is obtained, so as to determine the security risk quantification value of the target enterprise, further obtain the security risk quantification report, have simple calculation logic and are not easy to make mistakes, provide security responsibility level improvement measures for each enterprise personnel, and improve the evaluation result and the effect of the improvement measures on the security operation level of the enterprise.

In the scenario of acquiring the security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel, the security risk level of the target enterprise may be determined according to the security risk quantification value of the target enterprise and a preset corresponding relationship, so that the security risk quantification report is generated according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel. In one embodiment, as shown in fig. 7, S603 includes:

S701, determining the security risk level of the target enterprise according to the security risk quantification value of the target enterprise and a preset corresponding relation.

In this embodiment, a correspondence between a security risk quantization value and a security risk level of a target enterprise is formed according to an actual situation of the target enterprise, and the correspondence is stored in a terminal in advance. For example, as shown in table 4, when the security risk quantification value of the target enterprise is within the range of [0,60 ], the security risk level of the target enterprise is level i, where level i is used to indicate that the security risk of the target enterprise is at a high risk; when the security risk quantification value of the target enterprise is in the range of [60,70 ], the security risk level of the target enterprise is level II, wherein the level II is used for indicating that the security risk of the target enterprise is at a higher risk; when the security risk quantification value of the target enterprise is in the range of [70,80 ], the security risk level of the target enterprise is III, wherein III is used for indicating that the security risk of the target enterprise is at medium risk; when the security risk quantification value of the target enterprise is in the range of [80,90 ], the security risk level of the target enterprise is IV, and the IV is used for indicating that the security risk of the target enterprise is at a lower risk; when the security risk quantification value of the target enterprise is in the range of [90,100], the security risk level of the target enterprise is V, and the V is used for indicating that the security risk of the target enterprise is at a low risk.

TABLE 4 Table 4

S702, generating a security risk quantification report according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel.

In this embodiment, according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel, a security risk quantification report of each enterprise personnel and a security risk quantification report of the enterprise overall are generated.

Optionally, the security risk level of the target enterprise may be analyzed and described according to the preset generation logic and the security risk level of the target enterprise in the security risk quantification report of the enterprise population.

In this embodiment, according to the security risk quantification value of the target enterprise and a preset corresponding relationship, the security risk level of the target enterprise is determined, the security risk of the target enterprise is visualized, and the security risk level of the current target enterprise is displayed more intuitively.

After the security risk quantification report is generated, a security operation optimization scheme of the target enterprise can be generated according to the security risk quantification report. In one embodiment, the method further comprises: and obtaining the safe operation optimization scheme of the target enterprise according to the safe risk quantification report and a preset safe operation optimization scheme generation rule.

The safe operation optimization scheme of the target enterprise comprises a safe operation optimization scheme of personnel of each enterprise and a safe operation optimization scheme of the whole target enterprise; the safe operation optimization scheme generation rule is a rule which is preset according to the needs of each enterprise and comprises a plurality of generation logics.

In the embodiment, generating rules and enterprise personnel security risk quantification reports according to a preset security operation optimization scheme, and generating an optimization scheme of each enterprise personnel; and generating a safe operation optimization scheme of the target enterprise overall according to a preset safe operation optimization scheme generation rule, a safe risk quantification report of enterprise personnel and a quantified risk report of the enterprise overall.

Optionally, the optimization scheme for the safe operation of each enterprise personnel can comprise specific measures for improving the safe operation level of the enterprise personnel. The preset security operation optimization scheme generating rule may determine whether the enterprise personnel needs to continuously learn security knowledge according to the level of the security risk quantization value of the enterprise personnel in the corresponding major class; or, the preset safe operation optimization scheme generation rule can determine knowledge of relevant dimensions of the enterprise personnel needing reinforcement learning according to the proportion of the quantized values of each dimension test question in the test questions of the enterprise personnel; or, the preset safety operation optimization scheme generation rule can also determine the safety production responsibility implementation target of the enterprise personnel according to the safety risk quantification report of the enterprise personnel.

Optionally, the security operation optimization scheme of the target enterprise population may include specific measures for improving the security operation level of the enterprise personnel population. The preset security operation optimization scheme generation rule can determine the effect of historical security training according to a security risk quantification value segmentation population statistics chart of enterprise personnel in a quantitative risk report of the enterprise population, and determine enterprise personnel needing to continue security training; or, the preset safe operation optimization scheme generation rule can determine the aspect of the enterprise personnel needing reinforcement learning according to the quantized value duty ratio of consciousness aspect, capacity aspect and environment aspect in the quantized risk report of the enterprise overall; or, the preset safe operation optimization scheme generation rule can determine enterprise personnel needing to be subjected to post adjustment according to the rank of the quantized value corresponding to each dimension test question in the total quantized value of the dimension test questions in the overall quantized risk report of the enterprise; or, the preset safe operation optimization scheme generation rule can also determine the safe production responsibility implementation target of the enterprise according to the quantitative risk report of the enterprise population.

In this embodiment, according to the security risk quantification report, and in combination with a preset security operation optimization scheme generation rule, the obtained security operation optimization scheme of the target enterprise is more targeted, so that the security operation level of the target enterprise can be improved through the security operation optimization scheme of the target enterprise.

An embodiment of the present disclosure is described below in connection with a particular enterprise security risk level quantification scenario, the method comprising the steps of:

s1, acquiring classification information and grade information of each enterprise personnel of a target enterprise.

S2, aiming at each enterprise personnel, determining initial test questions corresponding to the enterprise personnel from a preset test question library according to classification information and grade information of the enterprise personnel; and combining the initial test questions according to a preset combination rule to obtain the security risk test questions.

S3, acquiring the security risk quantification value of each enterprise personnel by using the security risk test questions of each enterprise personnel.

S4, determining classification weight values of all enterprise personnel according to the classification information of all enterprise personnel; determining importance weight values of all enterprise personnel according to the grade information of all enterprise personnel; and acquiring the security risk weight value of each enterprise personnel according to the classification weight value and the importance weight value of each enterprise personnel.

S5, acquiring contribution values of the enterprise personnel to the security risk level of the target enterprise according to the security risk quantification values of the enterprise personnel and the security risk weight values of the enterprise personnel; and determining the security risk quantification value of the target enterprise according to the contribution value of each enterprise personnel to the security risk level of the target enterprise and the security risk weight value of each enterprise personnel.

S6, determining the security risk level of the target enterprise according to the security risk quantification value of the target enterprise and a preset corresponding relation; generating a security risk quantification report according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel; the security risk quantification report is used to characterize the security risk level of the target enterprise.

S7, according to the security risk quantitative report and a preset security operation optimization scheme generation rule, obtaining a security operation optimization scheme of the target enterprise.

According to the enterprise security risk level quantification method, the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person can be further obtained according to the classification information and the level information of each enterprise person by obtaining the classification information and the level information of each enterprise person of the target enterprise, so that the security risk quantification report representing the security risk level of the target enterprise is obtained. Compared with the prior art, from the point of hidden danger causing major accidents of enterprises, the quantification method of the enterprise security risk level in the application can obtain the security risk quantification value of the enterprise personnel from the point of view of each enterprise personnel in the target enterprise, provide security responsibility level improvement measures for each enterprise personnel, and improve the evaluation result and the improvement measures to the security operation level improvement effect of the enterprise.

It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.

Based on the same inventive concept, the embodiment of the application also provides a quantification device for the enterprise security risk level, which is used for realizing the quantification method for the enterprise security risk level. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation in the embodiment of the quantifying device for one or more enterprise security risk levels provided below may refer to the limitation of the quantifying method for enterprise security risk levels in the above description, and will not be repeated here.

In one embodiment, as shown in fig. 8, there is provided a quantifying device for enterprise security risk level, including: a first acquisition module 10, a second acquisition module 11, and a third acquisition module 12, wherein:

the first acquiring module 10 is configured to acquire classification information and grade information of each enterprise personnel of the target enterprise.

The second obtaining module 11 is configured to obtain a security risk quantification value of each enterprise personnel and a security risk weight value of each enterprise personnel according to the classification information and the level information of each enterprise personnel.

A third obtaining module 12, configured to obtain a security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize the security risk level of the target enterprise.

The quantization device for enterprise security risk level provided in this embodiment may execute the above method embodiment, and its implementation principle and technical effects are similar, and will not be described herein.

In one embodiment, as shown in fig. 9, the second obtaining module 11 includes: a first determination unit 111 and a first acquisition unit 112, wherein:

the first determining unit 111 is configured to determine a security risk test question of each enterprise personnel according to the classification information and the level information of each enterprise personnel.

The first obtaining unit 112 is configured to obtain a security risk quantification value of each enterprise personnel by using the security risk test question of each enterprise personnel.

In one embodiment, the first determining unit 111 is configured to determine, for each enterprise person, an initial test question corresponding to the enterprise person from a preset test question library according to classification information and level information of the enterprise person; and combining the initial test questions according to a preset combination rule to obtain the security risk test questions.

In one embodiment, as shown in fig. 10, the second obtaining module 11 includes: a second determination unit 113, a third determination unit 114, and a second acquisition unit 115, wherein:

and a second determining unit 113, configured to determine a classification weight value of each enterprise personnel according to the classification information of each enterprise personnel.

The third determining unit 114 is configured to determine importance weight values of the enterprise personnel according to the level information of the enterprise personnel.

The second obtaining unit 115 is configured to obtain a security risk weight value of each enterprise personnel according to the classification weight value and the importance weight value of each enterprise personnel.

In one embodiment, as shown in fig. 11, the third obtaining module 12 includes: a third acquisition unit 121, a fourth determination unit 122, and a fourth acquisition unit 123, wherein:

the third obtaining unit 121 is configured to obtain a contribution value of each enterprise personnel to the security risk level of the target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel.

The fourth determining unit 122 is configured to determine a security risk quantification value of the target enterprise according to the contribution value of each enterprise person to the security risk level of the target enterprise and the security risk weight value of each enterprise person.

The fourth obtaining unit 123 is configured to obtain a security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel.

In one embodiment, the fourth obtaining unit 123 is configured to determine a security risk level of the target enterprise according to the security risk quantization value of the target enterprise and a preset correspondence; and generating a security risk quantification report according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel.

In one embodiment, as shown in fig. 12, the apparatus further comprises: a fourth acquisition module 13, wherein:

and the fourth obtaining module 13 is configured to obtain a safe operation optimization scheme of the target enterprise according to the safe risk quantification report and a preset safe operation optimization scheme generation rule.

The above-mentioned respective modules in the enterprise security risk level quantifying device may be implemented in whole or in part by software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:

acquiring a security risk quantification report of a target enterprise according to the security risk quantification value of each enterprise personnel and the security risk weight value of each enterprise personnel; the security risk quantification report is used to characterize the security risk level of the target enterprise.

In one embodiment, the processor when executing the computer program further performs the steps of:

determining security risk test questions of each enterprise personnel according to the classification information and the grade information of each enterprise personnel;

and acquiring the security risk quantification value of each enterprise personnel by using the security risk test questions of each enterprise personnel.

And combining the initial test questions according to a preset combination rule to obtain the security risk test questions.

determining classification weight values of all enterprise personnel according to the classification information of all enterprise personnel;

determining importance weight values of all enterprise personnel according to the grade information of all enterprise personnel;

and acquiring a security risk quantification report according to the security risk quantification value of the target enterprise and the security risk quantification value of each enterprise personnel.

and generating a security risk quantification report according to the security risk level of the target enterprise and the security risk quantification value of each enterprise personnel.

In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:

In one embodiment, the computer program when executed by the processor further performs the steps of:

In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:

The user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present application are information and data authorized by the user or sufficiently authorized by each party.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as Static Random access memory (Static Random access memory AccessMemory, SRAM) or dynamic Random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the embodiments provided herein may include at least one of a relational database and a non-relational database. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processor referred to in the embodiments provided in the present application may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, or the like, but is not limited thereto.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The foregoing examples illustrate only a few embodiments of the application and are described in detail herein without thereby limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of the application should be assessed as that of the appended claims.

Claims

1. A method for quantifying a security risk level of an enterprise, the method comprising:

2. The method according to claim 1, wherein the obtaining the security risk quantification value of each of the enterprise personnel according to the classification information and the level information of each of the enterprise personnel comprises:

3. The method of claim 2, wherein determining the security risk test questions for each of the enterprise personnel based on the classification information and the class information for each of the enterprise personnel comprises:

4. A method according to any one of claims 1-3, wherein the obtaining the security risk weight value of each of the enterprise personnel according to the classification information and the level information of each of the enterprise personnel comprises:

5. The method according to claim 1, wherein the obtaining the security risk quantification report of the target enterprise according to the security risk quantification value of each enterprise person and the security risk weight value of each enterprise person includes:

6. The method of claim 5, wherein the obtaining the security risk quantification report based on the security risk quantification value of the target enterprise and the security risk quantification value of each of the enterprise personnel comprises:

7. A method according to any one of claims 1-3, wherein the method further comprises:

8. A quantization apparatus for enterprise security risk level, the apparatus comprising:

9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1 to 6 when the computer program is executed.

10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 6.