CN117521060A - System security risk management method, device, equipment and storage medium - Google Patents
System security risk management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117521060A CN117521060A CN202311556805.XA CN202311556805A CN117521060A CN 117521060 A CN117521060 A CN 117521060A CN 202311556805 A CN202311556805 A CN 202311556805A CN 117521060 A CN117521060 A CN 117521060A
- Authority
- CN
- China
- Prior art keywords
- security risk
- system security
- information
- value
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 66
- 238000012545 processing Methods 0.000 claims abstract description 108
- 238000004458 analytical method Methods 0.000 claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 25
- 238000012502 risk assessment Methods 0.000 claims abstract description 25
- 238000012423 maintenance Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 22
- 230000008569 process Effects 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 12
- 238000003066 decision tree Methods 0.000 claims description 10
- 230000006870 function Effects 0.000 claims description 10
- 238000011156 evaluation Methods 0.000 claims description 9
- 239000013598 vector Substances 0.000 claims description 7
- 238000012549 training Methods 0.000 claims description 5
- 238000011282 treatment Methods 0.000 abstract description 7
- 230000006872 improvement Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 238000012795 verification Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 238000007781 pre-processing Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000011269 treatment regimen Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06311—Scheduling, planning or task assignment for a person or group
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- General Engineering & Computer Science (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Game Theory and Decision Science (AREA)
- Computer Hardware Design (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a system security risk management method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring system security risk information of a target system and item information of a system security service item to which the target system belongs; analyzing the system security risk information by using a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result, and determining the system security risk content; and notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value. The invention can well ensure the quality, efficiency and timeliness of the security risk treatment of the computer software system.
Description
Technical Field
The present invention relates to the field of security management technologies, and in particular, to a system security risk management method, device, apparatus, and storage medium.
Background
With the rapid development and widespread use of information technology, security risk management of various computer software systems has become one of the important challenges facing organizations and individuals. Currently, security risk monitoring is often performed on related computer software systems (such as an erp management system or a database management system purchased in an enterprise) through a security risk management system, where the security risk management system is a system designed for detecting and managing security vulnerabilities of the computer software systems.
The existing security risk management system only considers the detection of security vulnerabilities, after detecting related security risks, a manager needs to formulate a processing task according to the serious condition of the security risks and inform related security risk processing personnel to process the related processing task, so that the security risk management system is relatively dependent on personal security risk analysis experience of the manager, and has no standard security risk treatment process, so that security risk treatment of a computer software system is possibly unreasonable and not timely enough, the task completion degree is completely dependent on the personal capacity of the security risk processing personnel, and the security risk treatment quality cannot be effectively ensured; moreover, when the manager leaves the job or the project is on duty, the security risk management of these computer software systems cannot be smoothly performed. Therefore, the existing security risk management technology cannot well guarantee the quality, efficiency and timeliness of security risk processing of a computer software system.
Disclosure of Invention
The embodiment of the invention provides a system security risk management method, a device, equipment and a storage medium, which can well ensure the quality, efficiency and timeliness of security risk processing of a computer software system.
An embodiment of the present invention provides a system security risk management method, including:
acquiring system security risk information of a target system and item information of a system security service item to which the target system belongs;
analyzing the system security risk information by using a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result, and determining the system security risk content;
and notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value.
As an improvement of the above-described aspect, after notifying the corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, the method further includes:
evaluating the uploaded processing result of the security risk of the target system by the security risk processing personnel of the system to obtain the processing quality score of the security risk processing personnel of the system;
and according to the processing quality scores, corresponding security service training plans are formulated for the system security risk processing personnel.
As an improvement of the above-described aspect, after notifying the corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, the method further includes:
receiving an equipment maintenance work order uploaded by the system security risk processing personnel, and issuing an operation instruction to a corresponding manufacturer according to the work order issued by the system security risk processing personnel;
and receiving the equipment maintenance result uploaded by the manufacturer after the equipment maintenance is completed based on the equipment maintenance work order, storing the equipment maintenance result and ending the processing flow of the equipment maintenance work order.
As an improvement of the above-described scheme, the item information includes: a system security risk service scheme and system security risk processing personnel pre-configured by each system security risk service scheme;
notifying a corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, including:
determining the type of the system security risk currently existing in the target system from the system security risk content;
determining a corresponding system security risk service scheme based on the system security risk type;
and determining and notifying the system security risk processing personnel matched with the system security risk value from the list of the system security risk processing personnel configured by the determined system security risk service scheme.
As an improvement of the above solution, the analyzing the system security risk information by using a preset security risk analysis model includes:
extracting features of the system security risk information to obtain system security risk features;
inputting the system security risk characteristics into a preset security risk analysis model to output an analysis result; wherein, the security risk analysis model is: f (X) =huffmantree (P1, P2,., pn);
f (X) represents an analysis result of the system security risk, X represents a system security risk information dataset, P1, P2,..pn represents a feature vector extracted from the system security risk information dataset, and HuffmanTree represents a function of constructing a multi-level decision tree.
As an improvement of the above scheme, the calculation formula of the system security risk value is as follows:
R=Σ(Wi*(i1*i2*...*ik))
r is a system security risk value; wi is the weight of the ith safety risk index and represents the importance degree of the ith safety risk index in the calculation of the safety risk value; i1×i2..i. represents that each security risk index is multiplied continuously to obtain an evaluation value of each security risk index; and sigma represents summing the evaluation values of all the security risk indexes to obtain a final system security risk value.
As an improvement of the above scheme, the calculation formula of the processing quality score is:
F(x)=Σ(ai*xi)+Σ(bi*yi);
wherein F (x) represents a process quality score for a system security risk handler; ai and xi are weights and values of various security risk indicators that handle security risk events; bi and yi are the weights and values of the security risk indicators of the assessment results.
Another embodiment of the present invention correspondingly provides a system security risk management apparatus, including:
the acquisition module is used for acquiring system security risk information of the target system and item information of a system security service item to which the target system belongs;
the analysis module is used for analyzing the system security risk information by utilizing a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result and determining the system security risk content;
and the notification module is used for notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value.
Another embodiment of the present invention provides a system security risk management apparatus, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor executes the computer program to implement the system security risk management method according to the embodiment of the present invention.
Another embodiment of the present invention provides a storage medium, where the computer readable storage medium includes a stored computer program, where when the computer program runs, a device where the computer readable storage medium is controlled to execute the system security risk management method described in the foregoing embodiment of the present invention.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
according to the embodiment of the invention, the current system security risk of the target system is automatically analyzed by utilizing the preset security risk analysis model, so that the system security risk is ensured to be found in time; meanwhile, the system security risk value is calculated, so that the system security risk severity degree can be judged; and then notifying proper system security risk processing personnel to process the corresponding system security risk based on the project information, the system security risk content and the system security risk value, so that the distribution efficiency of the system security risk processing task can be improved, and the related system security risk can be timely processed and the processing quality of the related system security risk can be ensured. As can be seen from analysis, compared with the prior art, the embodiment of the invention can well ensure the quality, efficiency and timeliness of security risk processing of a computer software system. Of course, it is not necessary for any of the products embodying the invention to achieve all of the effects described above at the same time.
Drawings
FIG. 1 is a flow chart of a system security risk management method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a system security risk management device according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a system security risk management device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a flow chart of a system security risk management method according to an embodiment of the invention is shown. The system security risk management method is executed by system security risk management equipment, and the system security risk management equipment can be data processing equipment such as a desktop computer, a notebook computer, a tablet personal computer, a cloud server and the like. In this embodiment, the system security risk management device is a server of a system security risk management center, by way of example. The system security risk management method comprises the steps of S10 to S12:
s10, acquiring system security risk information of a target system and item information of a system security service item to which the target system belongs.
The target system may be, for example, a computer software system of a system user such as an enterprise, a school, or a hospital, such as a database management system, an erp management system, or the like. The system users can use the system security service items carried by the target system to conduct the disposal and maintenance of the system security risks, wherein the system security service items can be purchased by the system users from third-party service providers or developed and deployed inside the system users.
In this embodiment, these system security service items are taken as an example of the purchase of the system user from a third party service provider. The purchased item information of the system security service items comprises system security risk service schemes and system security risk processing personnel preconfigured by each system security risk service scheme. The system security risk service scheme is a treatment plan scheme correspondingly provided for corresponding system security risk types, and comprises contents such as a treatment plan table, a treatment strategy and the like. It will be appreciated that the item information may be pre-configured into the system file of the target system purchased, or may be obtained and pre-stored locally in a subsequent update.
Further, the system security risk information may include security vulnerability information, security event information, system availability index information, security event history handling information, etc. of the target system, as examples. The security vulnerability information may be primarily monitored and screened out by using the existing related security risk monitoring technology. For example, the security risk management device knows that a security event is generated by a certain target system, and the security risk management device rapidly acquires item information of a system security service item purchased by the target system under attack; meanwhile, the security risk management equipment rapidly filters and screens all system security risk information of the target system according to the time before and after the target system generates the security event.
S11, analyzing the system security risk information by using a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result, and determining the system security risk content.
The item information may be in a list format, and the security risk analysis model and related security risk processing personnel, which are pre-configured for the security risk service scheme of the target system, are obtained by searching the security risk service scheme of the target system in the list format.
Specifically, the system security risk information is analyzed through the security risk analysis model, so as to obtain an analysis result of the related system security risk, for example: the system comprises the current availability of the system, the number of security events, the hazard degree of all utilization vulnerabilities of the security events, a system historical vulnerability check list, a historical vulnerability verification list and the like. The method for analyzing the system security risk information can refer to the prior art.
And then, comprehensively calculating the current system security risk value of the target system according to the analysis results, so as to comprehensively judge the security risk value of the target system. If the security event generated by the current target system is generated, the vulnerability utilized by the attacker is verified in the system vulnerability verification list that the target system does not exist, and the risk value is lower. Otherwise, if the security event is generated by the target system, the vulnerability used by the attacker is a vulnerability which is verified recently and the target system does exist, and the target system is not repaired yet, the risk value is higher. Meanwhile, related system security risk content can be determined according to the analysis result, and the system security risk content can comprise the following contents: current availability of the system, number of security events, type of security risk of the system, etc. Wherein, the system security risk content can be presented in a security report.
And S12, notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value.
When the system security risk service schemes included in the project information and the system security risk processing personnel preconfigured by each system security risk service scheme are known, the system security risk problems of the system security risk content and the system security risk values for representing the severity of the system security risk problems can be determined according to the information, so that the appropriate system security risk processing personnel can correspondingly process the system security risk problems, for example, the more serious the system security risk problems are, the more high-level system security risk processing personnel (the stronger the security risk processing capability) are, so that the system security risk problems can be timely solved and the processing quality of the system security risk problems can be ensured. The fewer the reverse, but by a small number of low-level system security risk handling personnel (security risk handling capacity is weak).
In summary, the embodiment of the invention automatically analyzes the current system security risk of the target system by utilizing the preset security risk analysis model, so as to ensure that the system security risk is found in time; meanwhile, the system security risk value is calculated, so that the system security risk severity degree can be judged; and then notifying proper system security risk processing personnel to process the corresponding system security risk based on the project information, the system security risk content and the system security risk value, so that the distribution efficiency of the system security risk processing task can be improved, and the related system security risk can be timely processed and the processing quality of the related system security risk can be ensured. As can be seen from analysis, compared with the prior art, the embodiment of the invention can well ensure the quality, efficiency and timeliness of security risk processing of a computer software system.
As an example, the step S12 includes steps S120 to S122:
s120, determining the type of the system security risk currently existing in the target system from the system security risk content.
The system security risk content may include the following: current availability of the system, number of security events, type of security risk of the system, etc.
S121, determining a corresponding system security risk service scheme based on the system security risk type.
The system security service items purchased by the system user can be configured with different system security risk service schemes and system security risk processing personnel lists in advance according to different system risk types.
S122, determining and notifying the system security risk processing personnel matched with the system security risk value from the list of the system security risk processing personnel configured by the determined system security risk service scheme.
For example, if the system security risk value is below 70 minutes, the determined system security risk processor is the primary system security risk processor; if the system security risk value is 70-90 minutes, determining that the system security risk processing personnel are medium-level system security risk processing personnel; and if the system security risk value is more than 90 minutes, determining that the system security risk processing personnel are advanced system security risk processing personnel.
In this embodiment, illustratively, there are a total of N system security risk handlers who serve the target system according to its list of purchased system security service items. When the security risk value of the system is high, the system automatically dispatches and informs N system security risk processing personnel, wherein the N system security risk processing personnel comprise 1 advanced system security risk processing personnel and (N-3) common system security risk processing personnel. Such an arrangement can ensure that high risk security events faced by the system are handled and monitored to a high level. When the security risk value of the system is low, the system automatically dispatches and informs all N system security risk handling personnel, wherein the N system security risk handling personnel comprise 2 common system security risk handling personnel and (N-5) primary system security risk handling personnel. Such an arrangement can effectively handle security events of general risk while providing broader security support and monitoring capabilities. By automatically scheduling security analysts and notifying personnel with corresponding capabilities according to risk values, the system can improve the efficiency and accuracy of processing security events and ensure timely attention and processing of system security risks.
As an example, the calculation formula of the system security risk value is:
R=Σ(Wi*(i1*i2*...*ik))
r is a system security risk value; wi is the weight of the ith safety risk index and represents the importance degree of the ith safety risk index in the calculation of the safety risk value; i1×i2..i. represents that each security risk index is multiplied continuously to obtain an evaluation value of each security risk index; and sigma represents summing the evaluation values of all the security risk indexes to obtain a final system security risk value.
By way of example, the following security risk indicators are currently associated with the target system: the method comprises the steps of utilizing multidimensional factors such as availability, number of security events, hazard degree of all utilization vulnerabilities of the security events, a system history vulnerability check list, a history vulnerability verification list and the like, and comprehensively calculating the security risk value of the system where the target system is currently located by utilizing the calculation formula.
As a modification of the above embodiment, after the step S12, the method further includes:
evaluating the uploaded processing result of the security risk of the target system by the security risk processing personnel of the system to obtain the processing quality score of the security risk processing personnel of the system;
and according to the processing quality scores, corresponding security service training plans are formulated for the system security risk processing personnel.
Wherein, the calculation formula of the processing quality score is as follows:
F(x)=Σ(ai*xi)+Σ(bi*yi);
wherein F (x) represents a process quality score for a system security risk handler; ai and xi are weights and values of various security risk indicators that handle security risk events; bi and yi are the weights and values of the security risk indicators of the assessment results.
In this embodiment, the delivery process of the processing result of the system security risk processing personnel is monitored and checked. Therefore, scoring and assessment can be carried out according to the work performance and the result of the system security risk processing personnel, and the system security risk processing personnel is stimulated to continuously improve the capability and the work level of the system security risk processing personnel. For example, by recording the number of security events processed by each system security risk handler, processing time, availability of solutions, etc., and giving corresponding scores based on these metrics. Meanwhile, the work of the system security risk processing personnel can be checked regularly, such as the test of organizing the simulation security event, and the coping capacity and the processing effect of the system security risk processing personnel are evaluated. Based on the scoring and assessment results, system security risk handlers may be given a corresponding reward or training opportunity to motivate them to continuously boost their ability and level of work. Meanwhile, the safety service can be optimized and improved according to the scoring and checking results, and the quality and effect of the whole safety service are improved.
As a modification of the above embodiment, after the step S12, the method further includes:
receiving an equipment maintenance work order uploaded by the system security risk processing personnel, and issuing an operation instruction to a corresponding manufacturer according to the work order issued by the system security risk processing personnel;
and receiving the equipment maintenance result uploaded by the manufacturer after the equipment maintenance is completed based on the equipment maintenance work order, storing the equipment maintenance result and ending the processing flow of the equipment maintenance work order.
In this embodiment, the safety equipment problem analyzed by the system safety risk processing personnel is issued a work order to a manufacturer through the unified collaborative management platform, and the manufacturer finishes the work order and completes the equipment maintenance closed-loop treatment after repairing, so that comprehensive management and automatic collaborative processing of the safety risk can be realized, and the quality and effect of safety service are improved.
In addition, the embodiment of the invention integrates the security services of a plurality of factories and third party service providers by providing a unified collaborative management platform. The collaborative management platform manages the work content through processing task scheduling and related safe processing, so that repeated processing of the work content for safe processing can be avoided, and the work efficiency and quality are improved.
As an example, the analyzing the system security risk information by using a preset security risk analysis model includes:
extracting features of the system security risk information to obtain system security risk features;
inputting the system security risk characteristics into a preset security risk analysis model to output an analysis result; wherein, the security risk analysis model is: f (X) =huffmantree (P1, P2,., pn);
f (X) represents an analysis result of the system security risk, X represents a system security risk information dataset, P1, P2,..pn represents a feature vector extracted from the system security risk information dataset, and HuffmanTree represents a function of constructing a multi-level decision tree.
In this embodiment, the feature extraction may refer to the prior art, and will not be described herein. The process of constructing the security risk analysis model is as follows, by way of example:
data acquisition and preprocessing: raw data of related system activities are collected and subjected to preprocessing operations such as cleaning, filtering, normalizing and the like to obtain a data set ready for input into the model.
Feature extraction: features related to situational awareness, such as traffic size, access patterns, protocols, etc., are extracted from the preprocessed data and represented as feature vectors P1, P2.
Constructing a multi-level decision tree: using feature vectors P1, P2,..pn as input, a multi-level decision tree model is constructed. Each decision tree node is a feature vector, each branch is a classification result, and the data set is divided into different categories through a multi-level decision tree.
Situation awareness: and classifying and predicting the new data set according to the constructed multi-level decision tree model to obtain a situation awareness result f (X).
Rule matching and decision support: and matching the situation awareness result with a preset rule to determine whether a specific threat, abnormality or trend exists, and providing support for a decision maker according to the matching result, such as generating an alarm, recommending measures and the like.
Feedback loop: and continuously updating the multi-level decision tree model and the rule base according to the change and response conditions of the actual situation so as to adapt to the changed environment and threat.
Referring to fig. 2, a schematic structural diagram of a system security risk management device according to an embodiment of the invention is shown. The system security risk management apparatus includes:
an acquiring module 10, configured to acquire system security risk information of a target system and item information of a system security service item to which the target system belongs;
the analysis module 11 is configured to analyze the system security risk information by using a preset security risk analysis model, calculate a current system security risk value of the target system according to an analysis result, and determine a system security risk content;
and a notification module 12, configured to notify a corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value.
According to the embodiment of the invention, the current system security risk of the target system is automatically analyzed by utilizing the preset security risk analysis model, so that the system security risk is ensured to be found in time; meanwhile, the system security risk value is calculated, so that the system security risk severity degree can be judged; and then notifying proper system security risk processing personnel to process the corresponding system security risk based on the project information, the system security risk content and the system security risk value, so that the distribution efficiency of the system security risk processing task can be improved, and the related system security risk can be timely processed and the processing quality of the related system security risk can be ensured. As can be seen from analysis, compared with the prior art, the embodiment of the invention can well ensure the quality, efficiency and timeliness of security risk processing of a computer software system.
As a modification of the above embodiment, the apparatus further includes:
the evaluation module is used for evaluating the uploaded processing result of the safety risk of the target system by the system safety risk processing personnel to obtain the processing quality score of the system safety risk processing personnel;
and the formulating module is used for formulating a corresponding security service training plan for the system security risk processor according to the processing quality score.
As a modification of the above embodiment, the apparatus further includes:
the issuing module is used for receiving the equipment maintenance work order uploaded by the system security risk processing personnel and issuing an operation instruction to a corresponding manufacturer according to the work order issued by the system security risk processing personnel;
and the response module is used for receiving the equipment maintenance result uploaded by the manufacturer after the equipment maintenance is completed based on the equipment maintenance work order, storing the equipment maintenance result and ending the processing flow of the equipment maintenance work order.
Illustratively, the item information includes: a system security risk service scheme and system security risk processing personnel pre-configured by each system security risk service scheme;
the notification module is specifically configured to:
determining the type of the system security risk currently existing in the target system from the system security risk content;
determining a corresponding system security risk service scheme based on the system security risk type;
and determining and notifying the system security risk processing personnel matched with the system security risk value from the list of the system security risk processing personnel configured by the determined system security risk service scheme.
Illustratively, the analysis module is further specifically configured to:
extracting features of the system security risk information to obtain system security risk features;
inputting the system security risk characteristics into a preset security risk analysis model to output an analysis result; wherein, the security risk analysis model is: f (X) =huffmantree (P1, P2,., pn);
f (X) represents an analysis result of the system security risk, X represents a system security risk information dataset, P1, P2,..pn represents a feature vector extracted from the system security risk information dataset, and HuffmanTree represents a function of constructing a multi-level decision tree.
The calculation formula of the system security risk value is as follows:
R=Σ(Wi*(i1*i2*...*ik))
r is a system security risk value; wi is the weight of the ith safety risk index and represents the importance degree of the ith safety risk index in the calculation of the safety risk value; i1×i2..i. represents that each security risk index is multiplied continuously to obtain an evaluation value of each security risk index; and sigma represents summing the evaluation values of all the security risk indexes to obtain a final system security risk value.
Illustratively, the calculation formula of the process quality score is:
F(x)=Σ(ai*xi)+Σ(bi*yi);
wherein F (x) represents a process quality score for a system security risk handler; ai and xi are weights and values of various security risk indicators that handle security risk events; bi and yi are the weights and values of the security risk indicators of the assessment results.
It should be noted that, the related solution content of the embodiment of the system security risk management apparatus may correspond to the solution content of the embodiment of the system security risk management method, which is referred to above, and will not be described herein.
Referring to fig. 3, a schematic diagram of a system security risk management device according to an embodiment of the present invention is shown. The system security risk management apparatus of this embodiment includes: a processor 100, a memory 101, and a computer program, such as a system security risk management program, stored in the memory 101 and executable on the processor 100. The steps of the various system security risk management method embodiments described above are implemented by the processor 100 when executing the computer program. Alternatively, the processor 100 may implement the functions of the modules/units in the above-described device embodiments when executing the computer program.
Illustratively, the computer program may be partitioned into one or more modules/units that are stored in the memory 101 and executed by the processor 100 to accomplish the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions for describing the execution of the computer program in the system security risk management device.
The system security risk management device may be a computing device such as a desktop computer, a notebook computer, a tablet computer, a cloud server, and the like. The system security risk management device may include, but is not limited to, a processor 100, a memory 101. Those skilled in the art will appreciate that the schematic diagram is merely an example of a system security risk management device and does not constitute a limitation of the system security risk management device, and may include more or fewer components than shown, or may combine certain components, or different components, e.g., the system security risk management device may further include an input output device, a network access device, a bus, etc.
The processor 100 may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors 100, digital signal processors 100 (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. The general purpose processor 100 may be a microprocessor 100 or the processor 100 may be any conventional processor 100 or the like, the processor 100 being a control center of the system security risk management device, the various interfaces and lines being utilized to connect the various parts of the overall system security risk management device.
The memory 101 may be used to store the computer program and/or module, and the processor 100 implements various functions of the system security risk management device by running or executing the computer program and/or module stored in the memory 101 and invoking data stored in the memory 101. The memory 101 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, the memory 101 may include a high-speed random access memory 101, and may also include a non-volatile memory 101, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk memory 101 piece, flash memory device, or other volatile solid state memory 101 piece.
Wherein the modules/units integrated with the system security risk management device may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and the computer program may implement the steps of each of the method embodiments described above when executed by the processor 100. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory 101, a Read-Only Memory 101, a random access Memory 101 (RAM, random Access Memory), an electrical carrier wave signal, a telecommunication signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
It should be noted that the above-described apparatus embodiments are merely illustrative, and the units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the invention, the connection relation between the modules represents that the modules have communication connection, and can be specifically implemented as one or more communication buses or signal lines. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that changes and modifications may be made without departing from the principles of the invention, such changes and modifications are also intended to be within the scope of the invention.
Claims (10)
1. A system security risk management method, comprising:
acquiring system security risk information of a target system and item information of a system security service item to which the target system belongs;
analyzing the system security risk information by using a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result, and determining the system security risk content;
and notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value.
2. The system security risk management method of claim 1, wherein after the notifying of the corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, the method further comprises:
evaluating the uploaded processing result of the security risk of the target system by the security risk processing personnel of the system to obtain the processing quality score of the security risk processing personnel of the system;
and according to the processing quality scores, corresponding security service training plans are formulated for the system security risk processing personnel.
3. The system security risk management method of claim 1, wherein after the notifying of the corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, the method further comprises:
receiving an equipment maintenance work order uploaded by the system security risk processing personnel, and issuing an operation instruction to a corresponding manufacturer according to the work order issued by the system security risk processing personnel;
and receiving the equipment maintenance result uploaded by the manufacturer after the equipment maintenance is completed based on the equipment maintenance work order, storing the equipment maintenance result and ending the processing flow of the equipment maintenance work order.
4. The system security risk management method of claim 1, wherein the item information includes: a system security risk service scheme and system security risk processing personnel pre-configured by each system security risk service scheme;
notifying a corresponding system security risk handler based on the item information, the system security risk content, and the system security risk value, including:
determining the type of the system security risk currently existing in the target system from the system security risk content;
determining a corresponding system security risk service scheme based on the system security risk type;
and determining and notifying the system security risk processing personnel matched with the system security risk value from the list of the system security risk processing personnel configured by the determined system security risk service scheme.
5. The system security risk management method of claim 1, wherein analyzing the system security risk information using a preset security risk analysis model comprises:
extracting features of the system security risk information to obtain system security risk features;
inputting the system security risk characteristics into a preset security risk analysis model to output an analysis result; wherein, the security risk analysis model is: f (X) =huffmantree (P1, P2,., pn);
f (X) represents an analysis result of the system security risk, X represents a system security risk information dataset, P1, P2,..pn represents a feature vector extracted from the system security risk information dataset, and HuffmanTree represents a function of constructing a multi-level decision tree.
6. The system security risk management method of claim 1, wherein the calculation formula of the system security risk value is:
R=Σ(Wi*(i 1*i2*...*ik))
r is a system security risk value; wi is the weight of the ith safety risk index and represents the importance degree of the ith safety risk index in the calculation of the safety risk value; i1×i2..×ik represents that each security risk index is multiplied continuously to obtain an evaluation value of each security risk index; and sigma represents summing the evaluation values of all the security risk indexes to obtain a final system security risk value.
7. The system security risk management method of claim 2, wherein the process quality score is calculated as:
F(x)=Σ(ai*xi)+Σ(bi*yi);
wherein F (x) represents a process quality score for a system security risk handler; ai and xi are weights and values of various security risk indicators that handle security risk events; bi and yi are the weights and values of the security risk indicators of the assessment results.
8. A system security risk management apparatus, comprising:
the acquisition module is used for acquiring system security risk information of the target system and item information of a system security service item to which the target system belongs;
the analysis module is used for analyzing the system security risk information by utilizing a preset security risk analysis model, calculating the current system security risk value of the target system according to an analysis result and determining the system security risk content;
and the notification module is used for notifying corresponding system security risk processing personnel based on the project information, the system security risk content and the system security risk value.
9. A system security risk management device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the system security risk management method of any of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run, controls a device in which the computer readable storage medium is located to perform the system security risk management method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311556805.XA CN117521060A (en) | 2023-11-21 | 2023-11-21 | System security risk management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311556805.XA CN117521060A (en) | 2023-11-21 | 2023-11-21 | System security risk management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117521060A true CN117521060A (en) | 2024-02-06 |
Family
ID=89758336
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311556805.XA Pending CN117521060A (en) | 2023-11-21 | 2023-11-21 | System security risk management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117521060A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118133292A (en) * | 2024-03-20 | 2024-06-04 | 深圳市明源云链互联网科技有限公司 | System security detection method and device, electronic equipment and readable storage medium |
-
2023
- 2023-11-21 CN CN202311556805.XA patent/CN117521060A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118133292A (en) * | 2024-03-20 | 2024-06-04 | 深圳市明源云链互联网科技有限公司 | System security detection method and device, electronic equipment and readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107741955B (en) | Service data monitoring method and device, terminal equipment and storage medium | |
| CN111145009A (en) | Method and device for evaluating risk after user loan and electronic equipment | |
| CN111127178A (en) | Data processing method and device, storage medium and electronic equipment | |
| CN111210323A (en) | Enterprise tax risk monitoring method and system | |
| CN117521060A (en) | System security risk management method, device, equipment and storage medium | |
| CN112598513B (en) | Method and device for identifying stockholder risk transaction behaviors | |
| US20110191351A1 (en) | Method and Apparatus for Using Monitoring Intent to Match Business Processes or Monitoring Templates | |
| Warren Jr | Embracing the automated audit | |
| CN111179051A (en) | Financial target customer determination method and device and electronic equipment | |
| US20210056213A1 (en) | Quantifiying privacy impact | |
| CN112348521A (en) | Intelligent risk quality inspection method and system based on business audit and electronic equipment | |
| CN113849362B (en) | Business service platform management method, device and computer readable storage medium | |
| CN118154186A (en) | Method, device and server for determining abnormal operation of transaction service | |
| CN118229101A (en) | Method and device for producing demand tasks, storage medium and electronic device | |
| CN117933966A (en) | Integrated operation and maintenance information processing method, computer device and computer readable storage medium | |
| KR20040104853A (en) | Risk analysis system for information assets | |
| CN112000862A (en) | Data processing method and device | |
| CN115147195A (en) | Bidding purchase risk monitoring method, apparatus, device and medium | |
| CN113450024B (en) | Security management information processing system and risk information processing system | |
| CN114547406A (en) | Data monitoring method, system, storage medium and electronic device | |
| CN110347552B (en) | Method and device for supporting real-time monitoring of configurable decision engine and electronic equipment | |
| CN114398562A (en) | Shop data management method, device, equipment and storage medium | |
| CN113051136A (en) | Monitoring analysis method and device for unattended equipment | |
| CN118260294B (en) | Manufacturing pain signal summarizing method, system, medium and equipment based on AI | |
| CN113656271B (en) | Method, device, equipment and storage medium for processing abnormal behaviors of user |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |