DE102010024549A1 - Method for continuous determination and visualization of total risk evaluation of gas turbine, involves determining total risk evaluation value by relating normalized primary and temporal risk values, and displaying in different color - Google Patents

Abstract

The method involves detecting (S1) static risk evaluation values of components of gas turbine and performing weighted addition of static risk evaluation values to produce normalized primary risk value. The dynamic risk evaluation values of components are detected (S2) and weighted addition of dynamic risk evaluation values is performed to produce normalized temporal risk value. The total risk evaluation value is determined (S3) by relating the produced risk values. The total risk evaluation value is normalized (S4) and displayed in different colors for each component on a display. An independent claim is included for device for continuous determination and visualization of total risk evaluation of gas turbine.

Description

The present invention relates to a method and apparatus for continuous and permanent overall risk assessment of a system and visualization of the overall risk assessment.

The security of systems and products plays an increasing role. Above all, an assessment of risks is of fundamental importance in order to better identify critical systems or product components and to be able to track them in the life cycle or in operation.

What is needed, therefore, is a method and apparatus that evaluates the risks of products and systems finely granularly and dynamically throughout the lifecycle, that is, during development and operation, thus allowing for a continuous risk assessment of the system or product.

There are a large number of methods for the static evaluation of risks. For example, one common method of risk assessment is to assess impacts and their likelihood on various threats affecting the system or product. This is u. A. im ISO 27005 standard Are defined. These procedures can be carried out during the various life cycles of product development and provide important indications of security risks, such as lack of security measures or insufficiently protected values. However, such methods always only reflect the risk at the time of the estimate.

In addition, information is also available on systems and product components that can provide indirect indication of risks. An example of this is vulnerability information of the third-party components used, for which there are so-called scoring methods, such as Common Vulnerability Scoring System methods, which give indications of attack vectors and effects.

Furthermore, there are a variety of visualization options of the current state of a system. The use of an Intrusion Detecting System or an Intrusion Invention System are examples of this. The advantages of these systems is that they check the current state of a system. Disadvantageously, with these systems, a risk assessment, if any, is possible only very indirectly.

It is the object of the present invention to provide a method and a device for the continuous and permanent risk determination of a system during a runtime or a component over an entire life cycle precisely and dynamically as well as visualization in such a way that relevant risks can be identified in good time and preventive countermeasures can be initiated.

The object is achieved by a method according to the main claim and a device according to the independent claim.

According to a first aspect, a method is provided for the continuous and permanent overall risk assessment of a system and for the visualization of the overall risk assessment with the following steps. Once acquiring static risk assessment values of the system with respect to static risk parameters and by weighted addition of the static risk assessment values, generating a normalized basis risk value; permanently acquiring dynamic risk assessment values for each dynamic risk parameter and weighted addition of the dynamic risk assessment values to generate a normalized temporal risk score; Determining an overall risk score by linking the normalized base risk value and the normalized temporal value; Normalizing the overall risk score to a scale and visualizing the normalized overall risk score of the system using a visualization facility.

According to a second aspect, there is provided an apparatus for continuously and permanently assessing the overall risk of a system and for visualizing the overall risk score comprising: detecting, by means of detecting means, static risk assessment values of the system with respect to static risk parameters and weighted addition and the static risk assessment values, respectively Calculating means generating a base risk value; permanent detection of dynamic risk assessment values of the system with respect to dynamic risk parameters and by weighted addition of the dynamic risk assessment values by means of the computing device generating a normalized temporal risk value and determining a total risk assessment value by means of the calculation device linking the normalized base risk value and the normalized temporal risk value; normalizing the overall risk assessment value on a scale and visualizing the normalized overall risk score of the system by means of a visualization device by means of the computing device.

• a) Statische Risikobewertung. In der ersten Phase, der statischen Risikobewertung, wird eine grundlegende Risikoeinschätzung pro System durchgeführt, um einen Startwert für die permanente Bewertung zu erhalten. Dieser Schritt wird nur einmalig initial durchgeführt. In die statische Risikobewertung gehen Risikoparameter ein. Aus diesen statischen Risikoparametern wird für jede Risikoklasse rk ein normierter Basis-Risikowert BR(rk) gebildet, der durch gewichtete Addition der Einzelparameter ermittelt wird.
• b) Dynamische Risikobewertung. In der zweiten Phase, der dynamischen Risikobewertung, wird die permanent laufende Risiko-Einschätzung pro System durchgeführt. Hierzu werden laufend Risikoparameter ermittelt, um den Zustand einzelner Systeme zu verfolgen. Aus den dynamischen Risikoparametern kann für jede Risikoklasse ein Temporal-Risikowert TR(t, rk) pro Zeitpunkt t durch gewichtete Addition der Einzelparameter ermittelt werden. Dies kann beispielsweise ebenso durch eine Risikomatrix erfolgen, bei der die dynamischen Risikoparameter in dedizierte Produkt- und umgebungsspezifische Gewichtungen eingehen. Ein aktuelles Risiko R bzw. ein Gesamtrisiko-Bewertungswert ergibt sich dann beispielsweise aus folgender Verknüpfung:

R(t, rk) = BR(rk) + TR(t, rk). Formel (1) A method and a device for the permanent determination and visualization of risk-relevant system components are provided. For this purpose, the system to be considered in components with different risk classes is optionally divided on a computer level. For a permanent evaluation, two phases will follow:

• a) Static risk assessment. In the first phase, static risk assessment, a basic risk assessment per system is performed to obtain a starting value for the permanent rating. This step is only carried out once. The static risk assessment includes risk parameters. From these static risk parameters, a standardized basic risk value BR (rk) is formed for each risk class rk, which is determined by weighted addition of the individual parameters.
• b) Dynamic Risk Assessment. In the second phase, the dynamic risk assessment, the permanent risk assessment per system is carried out. For this purpose, risk parameters are constantly being determined in order to track the status of individual systems. From the dynamic risk parameters, a temporal risk value TR (t, rk) per time point t can be determined for each risk class by weighted addition of the individual parameters. For example, this can also be done through a risk matrix in which the dynamic risk parameters are taken into dedicated product and environment-specific weightings. A current risk R or a total risk evaluation value then results, for example, from the following link:

R (t, rk) = BR (rk) + TR (t, rk). Formula 1)

In this way, a dynamic overall risk assessment value is created, which in turn can be normalized to a scale, for example from 0 to 10. The method and the device are applicable both to operative systems and to products and solutions. According to the invention, a determination and visualization of a risk classification of systems takes place by means of a combination of static and dynamic risk information. A method according to the invention and a device according to the invention can also be applied to products and solutions, whereby a risk factor of individual products or product components becomes constantly transparent and the safety risk of product landscapes can be quickly detected by permanent updating. A permanent update can be done, for example, by means of a Securitty Vulnerability Monitoring.

Compared to conventional methods, which represent an up-to-date state of systems or singular risk analyzes of products, the influencing risk parameters can be constantly determined with the method according to the invention and preventive measures are carried out without a concrete attack already taking place Has.

A method and an apparatus according to the invention can be used if a secure product development process has already been implemented. This involves being able to constantly visualize the results of static risk analyzes and dynamic influencing factors across a product landscape and to be able to promptly take countermeasures against rising risks.

According to the method and the device according to the invention, results of static risk analyzes carried out can be used directly. Through a generic approach, a process can be offered in a variety of ways and integrated as an extension into a Security Vulnerability Management Application. A method according to the invention is of interest both for tasks responsible for the product and for operators in order to be able to continuously monitor the risks, especially with regard to products and solutions for critical infrastructures.

Further advantageous embodiments are claimed in conjunction with the subclaims.

According to an advantageous embodiment, an assignment of regions of the scale to a respective color or visualization of the overall risk assessment value of the system can be effected by means of the visualization device. By assigning the scale to risk values, for example, 0 = no current risk (shown in green), 10 = high current risk (shown in red) can be defined.

According to a further advantageous embodiment, the system may have components, wherein the above risk evaluations can be carried out in each case for one component.

According to a further advantageous embodiment, by means of the visualization device, a schematic representation of the system can be carried out with the components, wherein a respective overall risk assessment value is assigned and visualized for each component. The representation of the risk components can then be defined, for example, as so-called risk maps or "risk maps" in which schematic representations of the architecture or network landscape can be linked to the risk values. According to a further advantageous embodiment, a Representation of the system on the basis of a schematic illustration of the considered risk-relevant system or a corresponding construction sketch made.

According to a further advantageous embodiment, a schematic representation of the system can be carried out with the components, each component being assigned a respective overall risk evaluation value as color. Depending on the risk, the colors can be red, yellow or green. Thus, a method according to the invention or a device according to the invention enables a quick overview of the current risk classification.

According to a further advantageous embodiment, by means of the computer device, countermeasures for reducing a normalized overall risk assessment value can be carried out if this normalized overall risk evaluation value is greater than a predefined threshold value. It allows a dynamic derivation of countermeasures.

According to a further advantageous embodiment, the detection of static risk evaluation values by means of the detection device can be carried out only once initially for the generation of a starting value for the permanent detection of dynamic risk evaluation values taking place by means of the computer device.

According to a further advantageous embodiment, static risk parameters may be results of a threat and risk analysis, basic security measures and settings, a complexity or attack surface of the system or a component, a threat potential, a loss on failure or a duration of a patch cycle.

According to a further advantageous embodiment, dynamic risk parameters may include a dynamic risk assessment by means of vulnerability reports, a number of days until patches have been closed, a number of expected patches, a number of detected attacks, dependencies of risks, changes in attack scenarios or configuration changes.

According to a further advantageous embodiment, the normalized basic risk value, the normalized temporal risk value and the total risk evaluation value can each be determined for a risk class from a plurality of risk classes.

According to a further advantageous embodiment, the visualization device can display a respective risk on the basis of a schematic illustration of the considered risk-relevant system or of a construction sketch.

The present invention will be described in more detail with reference to an embodiment in conjunction with the figures. Show it:

1 an embodiment of a risk map according to the invention;

2 an embodiment of a method according to the invention;

3 an embodiment of another inventive visualization.

• – Prio 1:2 (1 ohne verfügbaren Patch)
• – Prio 2:4
• – Prio 3:7

1 shows an embodiment of a risk map according to the invention or so-called "risk map". 1 shows an example of a risk card for a service provider solution. 1 shows a schematic representation of a system with the respective components. A top level A is a so-called application layer with the functions: user administration, service provision and billing data management. An underlying second level B is a so-called core layer with the functions: user authentication, load balancing and distributed data storage. An underlying third level C is a broadband access layer providing broadband access services. The fourth level D, and thus the lowest level, concerns external transfer servers to provide enterprise access and Internet access. A server S for Internet access is risk-assessed as follows. The product is a so-called ABC Commander. Open vulnerability reports are:

• - Prio 1: 2 (1 without patch available)
• - Prio 2: 4
• - Prio 3: 7

• – Prio 1:5

Basisrisikoklassifikation: 27%
Klassifizierung des zu schützenden Werts: hoch Abhängigkeiten: Produktbenutzer-Authentifizierung Produktbreitbandzugriff. Average open days of vulnerability reporting:

• - Prio 1: 5

Basis risk classification: 27%
Classification of the value to be protected: high dependencies: Product User Authentication Product Broadband Access.

By normalizing the determined values, a dynamic risk map or "risk map" of the system or of the components can be created, which allows a quick overview of the current risk situation of a system or a component.

2 shows an embodiment of a method according to the invention. The method is used for the continuous and permanent overall risk assessment of a system and for the visualization of the overall risk assessment and has the following steps: With a first step S1, static risk assessment values of the system are recorded once with respect to static risk parameters and by means of weighted addition of the static risk assessment values, a normalized one is generated basic risk value. In a second step S2, the system continuously records dynamic risk assessment values of the system with respect to dynamic risk parameters and, by means of weighted addition of the dynamic risk assessment values, generates a normalized temporal risk value. With a third step S3, a determination of an overall risk evaluation value is carried out by linking the normalized basic risk value and the normalized temporal risk value. A fourth step S4 is used to normalize the overall risk assessment value on a scale and to visualize the normalized overall risk assessment value of the system by means of a visualization device. A visualization can be provided, for example, by coloring a component. Green components are low risk, yellow components medium and red components high risk. Accordingly, in a method according to the invention, further steps for improved risk detection and risk prevention can follow. An inventive method can be carried out by means of a control device which controls a detection device, a computer device and a visualization device.

3 shows an embodiment of a visualization according to the invention. Here, the representation of a risk-relevant system takes the form of a schematic three-dimensional image of the system under consideration. 3 shows the example of a gas turbine I, which is divided into individual risk-relevant components. Risk values are determined for the individual components and presented in appropriate colors. Green components 1 have a low risk, yellow components 2 a middle and red components 3 a high risk. Accordingly, in a method according to the invention, further steps for improved risk detection and risk prevention can follow. 3 shows an embodiment of a visualization according to the invention. A visualization device can be, for example, a personal computer with an associated display device. Display devices may be screens or printers and the like.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited non-patent literature

• ISO 27005 standard [0004]

Claims (22)

Method for continuous and permanent overall risk assessment of a system and visualization of the overall risk assessment with the steps: - recording static risk assessment values of the system once with regard to static risk parameters and by weighted addition of the static risk assessment values generating a standardized basic risk value; Permanently acquiring dynamic risk assessment values of the system with respect to dynamic risk parameters and by weighted addition of the dynamic risk assessment values, generating a normalized temporal risk value; - determining an overall risk score by linking the normalized base risk value and the normalized temporal risk score; - Standardizing the total risk assessment value on a scale and visualizing the normalized total risk assessment value of the system by means of a visualization device. The method of claim 1, characterized by assigning regions of the scale to a respective color to visualize the overall risk assessment value of the system. A method according to claim 1 or 2, characterized in that the system comprises components and the above risk assessments are each performed for a component. A method according to claim 3, characterized by schematically presenting the system with the components, wherein for each component a respective total risk evaluation value is assigned and visualized. A method according to claim 4, characterized by schematically presenting the system with the components, each component being assigned a respective total risk evaluation value as a color. Method according to one of the preceding claims, characterized by performing countermeasures for reducing a normalized total risk evaluation value, if this normalized total risk assessment value is greater than a predetermined threshold value. Method according to one of the preceding claims, characterized in that the detection of static risk assessment values is carried out only once initially for generating a starting value for the permanent detection of dynamic risk assessment values. Method according to one of the preceding claims, characterized in that static risk parameters results of a threat and risk analysis, basic security measures and settings performed, a complexity or attack surface of the system or component, a threat potential, damage on failure or a duration of a patch cycle are. Method according to one of the preceding claims, characterized in that dynamic risk parameters include a dynamic risk assessment by means of vulnerability messages, a number of days until patches have been closed, a number of expected patches, a number of detected attacks, dependencies of Risks, changes in attack scenarios, or configuration changes. Method according to one of the preceding claims, characterized in that the standardized basic risk value, the normalized temporal risk value and the total risk evaluation value are respectively determined for a risk class from a plurality of risk classes. Method according to one of the preceding claims, characterized in that the visualization device displays a respective risk based on a schematic illustration of the considered risk-relevant system or a construction sketch. Device for continuous and permanent overall risk assessment of a system and visualization of the overall risk assessment with the steps: - One-time detection of static risk assessment values of the system by means of a detection device with respect to static risk parameters and by means of weighted addition of the static risk assessment values by means of a computer device generating a normalized base risk value; Permanently acquiring dynamic risk assessment values of the system by means of the detection device, in each case with regard to dynamic risk parameters and by means of weighted addition of the dynamic risk assessment values by means of the computer device, generating a normalized temporal risk value; - Determining an overall risk assessment value by means of the computer device linking the normalized basis risk value and the normalized temporal risk value; By means of the computer device, standardizing the total risk assessment value on a scale and visualizing the normalized overall risk evaluation value of the system by means of a visualization device. Apparatus according to claim 12, characterized by assigning regions of the scale to a respective color for visualizing the overall risk assessment value of the system by means of the visualization device. Apparatus according to claim 12 or 13, characterized in that the system comprises components and the above risk assessments are carried out in each case for a component. Device according to claim 14, characterized by schematically displaying the system with the components by means of the visualization device, wherein for each component a respective total risk evaluation value is assigned and visualized. Apparatus according to claim 15, characterized by schematically presenting the system with the components, each component being assigned a respective total risk evaluation value as color. Device according to one of the preceding claims 12 to 16, characterized by performing by means of the computer means countermeasures for reducing a normalized total risk assessment value when this normalized total risk assessment value is greater than a predetermined threshold value. Device according to one of the preceding claims 12 to 17, characterized in that the taking place by means of the detection means of static risk assessment values only once initially performed by means of the computer means generating a start value for the permanent by means of the detection means taking place taking place dynamic risk assessment values. Device according to one of the preceding claims 12 to 18, characterized in that static risk parameters results of threat and risk analysis, performed basic security measures and settings, a complexity or attack surface of the system or component, a threat potential, damage in case of failure or a duration of Are patch cycle. Device according to one of the preceding claims 12 to 19, characterized in that dynamic risk parameters include a dynamic risk assessment by means of vulnerability messages, a number of days until patches have been closed, a number of expected patches, a number of detected attacks , Dependencies on risks, changes in attack scenarios, or configuration changes. Device according to one of the preceding claims 12 to 20, characterized in that the normalized basis risk value, the normalized temporal risk value and the total risk assessment value is determined in each case for one risk class from a plurality of risk classes. Device according to one of the preceding claims 12 to 21, characterized in that the visualization device displays a respective risk on the basis of a schematic illustration of the considered risk-relevant system or a construction sketch.

Images