KR102232883B1 - Artificial intelligence system for authentication of information security management system - Google Patents

Abstract

The present invention relates to an artificial intelligence system for authentication of an information security management system. According to one embodiment of the present invention, the artificial intelligence system for authentication of an information security management system includes a user terminal, and a central server. According to one embodiment of the present invention, the central server generates first question information on hardware, second question information on software, third question information on a network, fourth question information about on staff, fifth question on a location, and sixth question information on a management organization, and controls to output through at least one of the website and a mobile app executed in the user terminal.

Description

Artificial intelligence system for authentication of information security management system

The present invention relates to an artificial intelligence system for authentication of an information security management system, and to an information security risk analysis automation system and an operation method thereof.

In addition, the present invention relates to an information protection consulting method, specifically, using an ISMS management program (solution) to manage essential requirements for information security management system (ISMS) certification, to make it easy to maintain and maintain a previously established management system. It is about consulting methods to help with acquisition and renewal.

Registered Patent Publication No. 10-0752677 relates to an information technology risk management system and method thereof.

In the information technology risk management system, the document decomposes the control policy into the smallest controllable unit, and then defines and stores one control item, one control action, performer and observer for each control from each of the divided control elements. Control database unit; A policy management unit for managing control elements defined in the control database unit; A risk scenario management unit that extracts a vulnerability by defining a control element defined in the control database unit in a reverse direction, and specifies a correlation between the vulnerability and the control element, information assets and threats; Among the above control elements, control actions are arranged in a time series according to the management life cycle, and the existence of each control action is determined to measure the maturity of the organization's control actions, and the level of control performance of members of the organization for the established compliance controls. a level management unit that measures (compliance); A risk processing unit supporting decision-making on a control improvement type using the control guarantee level measured by the level management unit; And a control work management unit for instructing and managing work for control according to the control guarantee level and control improvement type.

In addition, conventionally, the existing information security certification service tends to rely on the labor of a consulting team that performs consulting work. In order to acquire and maintain information security certification, a labor-dependent service was provided in which a person manually visually diagnoses the technical vulnerability check, which is a preliminary step for performing a risk assessment, and organizes it using an Excel worksheet. In this regard, there was a need for an information security certification service with low dependence on the consulting team.

Accordingly, the present invention intends to propose an improved and automated information protection risk analysis automation system and an operation method thereof.

Registered Patent Publication No. 10-0752677

An object of the present invention is to provide an information security risk analysis automation system and a method of operation thereof.

An object of the present invention is to enable an efficient management system operation and an automated system for an information security authentication service.

The technical problems to be achieved in the present invention are not limited to the technical problems mentioned above, and other technical problems that are not mentioned will be clearly understood by those of ordinary skill in the technical field to which the present invention belongs from the following description. I will be able to.

An embodiment of the present invention is a system for providing an information security authentication service, comprising: a management server for operating at least one of a website and a mobile app providing the information security authentication service; Including, the management server, the control to generate at least one question information to be output through at least one of the website and the mobile app, and receives at least one answer information corresponding to the at least one question information And, based on the at least one answer information, a system for generating and outputting at least one of information on confidentiality, information on integrity, and information on availability is proposed.

The management server generates and outputs information about confidentiality, information about integrity, and information about availability based on the at least one answer information, and outputs information about the confidentiality, information about whether the integrity or not. We propose a system that generates information indicating a risk level based on information and information on the availability.

The management server learns the artificial intelligence network of the management server based on the at least one answer information, and uses the learned artificial intelligence network to provide information on the risk management level based on the at least one answer information. It may be characterized by generating and outputting.

The information on the risk management level may include information on the risk management level, information on a first risk level corresponding to management security, and information on a second risk level corresponding to technology security.

Another embodiment of the present invention is a method for providing an information security authentication service by a management server, wherein at least one of a website and a mobile app that provides the information security authentication service by generating at least one question information Controlling to output through one; Receiving at least one answer information corresponding to the at least one question information through at least one of the website and the mobile app; And generating and outputting at least one of information on confidentiality, information on integrity, and information on availability based on the at least one answer information. It proposes a method including.

As described above, an embodiment of the present invention has a technical effect in terms of proposing a server and a system for an improved and automated automatic diagnosis analysis. Here, the automatic diagnosis analysis relates to the vulnerability of the information security system.

According to an embodiment of the present invention, it is possible to operate an efficient management system for information security authentication service and to provide an automated system.

The effect of the present invention is that in order to establish an information protection management system and obtain and maintain certification, a number of evidences for information protection status verification are conveniently managed, and evidences between the information protection manager (person in charge) and the person in charge for each information protection related task. Management and communication will be smooth. It is a system that allows you to check the fidelity of the evidence created and submitted using the solution, and then pay for it.In addition, an information security consultant who is put in regularly visits and checks (including status analysis, guideline for revision of laws, vulnerability check, etc.) By providing expert services, customers can very effectively reduce high costs and increase ISMS management efficiency, thereby enabling stable and continuous maintenance of certification.

The effects that can be obtained in the present invention are not limited to the above-mentioned effects, and other effects not mentioned can be clearly understood by those of ordinary skill in the art from the following description. will be.

Other aspects, features, and benefits as described above of certain preferred embodiments of the present invention will become more apparent from the following description taken in conjunction with the accompanying drawings.
1 is a block diagram showing a system according to an embodiment of the present invention.
2 is a view showing an object according to an embodiment of the present invention.
3 is a flowchart illustrating a method according to an embodiment of the present invention.
4 is a flow chart showing a method according to an embodiment of the present invention.
5 is a diagram showing information on a risk management level according to an embodiment of the present invention.
6 is a flowchart illustrating a method according to an embodiment of the present invention.
7 is a flow chart showing a method according to an embodiment of the present invention.
It should be noted that throughout the drawings, like reference numbers are used to show the same or similar elements, features, and structures.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

In describing the embodiments, descriptions of technical contents that are well known in the technical field to which the present invention pertains and are not directly related to the present invention will be omitted. This is to more clearly convey the gist of the present invention by omitting unnecessary description.

For the same reason, some elements in the accompanying drawings are exaggerated, omitted, or schematically illustrated. In addition, the size of each component does not fully reflect the actual size. The same reference numerals are assigned to the same or corresponding components in each drawing.

Advantages and features of the present invention, and a method of achieving them will become apparent with reference to the embodiments described below in detail together with the accompanying drawings. However, the present invention is not limited to the embodiments disclosed below, but may be implemented in various different forms, and only these embodiments make the disclosure of the present invention complete, and the general knowledge in the technical field to which the present invention pertains. It is provided to completely inform the scope of the invention to the possessor, and the invention is only defined by the scope of the claims. The same reference numerals refer to the same elements throughout the specification.

At this time, it will be appreciated that each block of the flowchart diagrams and combinations of the flowchart diagrams may be executed by computer program instructions. Since these computer program instructions can be mounted on the processor of a general purpose computer, special purpose computer or other programmable data processing equipment, the instructions executed by the processor of the computer or other programmable data processing equipment are described in the flowchart block(s). It creates a means to perform functions. These computer program instructions can also be stored in computer-usable or computer-readable memory that can be directed to a computer or other programmable data processing equipment to implement a function in a particular way, so that the computer-usable or computer-readable memory It is also possible for the instructions stored in the flow chart to produce an article of manufacture containing instruction means for performing the functions described in the flowchart block(s). Since computer program instructions can also be mounted on a computer or other programmable data processing equipment, a series of operating steps are performed on a computer or other programmable data processing equipment to create a computer-executable process to create a computer or other programmable data processing equipment. It is also possible for instructions to perform processing equipment to provide steps for executing the functions described in the flowchart block(s).

In addition, each block may represent a module, segment, or part of code that contains one or more executable instructions for executing the specified logical function(s). In addition, it should be noted that in some alternative execution examples, the functions mentioned in the blocks may occur out of order. For example, two blocks shown in succession may in fact be executed substantially simultaneously, or the blocks may sometimes be executed in the reverse order depending on the corresponding function.

In this case, the term'~ unit' used in this embodiment refers to software or hardware components such as field-programmable gate array (FPGA) or application specific integrated circuit (ASIC), and'~ unit' is a certain role. Perform them. However,'~ part' is not limited to software or hardware. The'~ unit' may be configured to be in an addressable storage medium, or may be configured to reproduce one or more processors. Thus, as an example,'~ unit' refers to components such as software components, object-oriented software components, class components, and task components, processes, functions, properties, and procedures. , Subroutines, segments of program code, drivers, firmware, microcode, circuits, data, databases, data structures, tables, arrays, and variables. Components and functions provided in the'~ units' may be combined into a smaller number of elements and'~ units', or may be further separated into additional elements and'~ units'. In addition, components and'~ units' may be implemented to play one or more CPUs in a device or a security multimedia card.

In describing the embodiments of the present invention in detail, examples of specific systems will be mainly targeted, but the main subject matter to be claimed in this specification is the scope disclosed in this specification to other communication systems and services having a similar technical background. It can be applied within a range that does not deviate greatly, and this will be possible at the judgment of a person skilled in the art.

1 is a block diagram showing a system according to an embodiment of the present invention.

Referring to FIG. 1, the system 100 includes a management server 110. In addition, as an example, the system 100 may include a user equipment 120.

The management server 110 may be a server that provides an information security authentication service and/or a server that automatically diagnoses and analyzes vulnerabilities in an information security system.

Here, the term “vulnerability” may refer to a weakness used by an attacker to lower the system's information assurance. International Organization for Standardization (ISO) 11135 defines vulnerability as'a weakness of an asset or group of assets that can be exploited by one or more threats', and the International Internet Standards Organization (IETF) RFC 2828 defines'vulnerability' as'a weakness of an asset or group of assets that can be exploited by one or more threats'. It is defined as a defect or weakness in the design, implementation or operation and management of a system, which can be exploited to violate the security policy of the system. Here, the term “exploit” refers to a procedure or set of commands, scripts, programs, or specific data designed to perform the intended actions of an attacker by using design flaws such as bugs and security vulnerabilities in computer software or hardware and computer-related electronic products. It refers to pieces, and it also refers to an act of attack using these things.

In addition, vulnerabilities can be classified according to resource class, and are related to sensitivity to humidity, to dust, to pollution, to unprotected storage from the hardware side, and to be insufficient from the software side. Related to testing, lack of audit trail, etc., related to unprotected communication lines from the network side, insecure network structure, etc., related to inappropriate recruiting process from the employee side, inappropriate security perception, etc. It is related to regions, unreliable power supply, etc., and may be related to lack of regular audits, lack of ongoing planning, lack of security, etc. from the management agency perspective.

The user terminal 120 is i) a terminal used by a first user who is a customer of the information security authentication service provided by the present invention, or ii) a service provider providing the information security authentication service and/or the management server 110 ) May be a terminal used by a second user who is an administrator who manages.

The present invention proposes a server, a system, and a method for providing an information security authentication service, and specifically, an information security risk analysis automation system and an operation method thereof. As shown in FIG. 2, the present invention enables information protection consulting that provides cost reduction and effective ISMS certification management, replacing the information protection certification service provided based on the conventional ISMS management solution and the periodic visit service of the consultant. It intends to provide an enhanced information security authentication service.

The information security authentication service in the present invention may provide services such as authentication consulting, security product development, annual service, personal information protection, system diagnosis, mock hacking, source code diagnosis, information security education and training.

Here, certification consulting services can include domestic and international information protection certification (ISO 11131/ISMS-P, PCI-DSS) services, and security product development services include integrated information protection certification management and risk analysis solution development, and linked consulting services. Can include. Here, ISMS-P is an integrated form of ISMS and PIMS, and may mean an information protection and personal information protection management system reviewed by the Korea Communications Commission. PCI-DSS refers to the Payment Card Industry Data Security Standard, Payment Card Security Standard, Payment Card Industry Information Security Standard, and Payment Card Industry Data Security Standard, an information security standard for organizations that manage brand-name credit cards for major card schemes. can do.

The annual service may include annual information protection certification, constant maintenance consulting expert service, and the like, and the personal information protection service may include personal information management level diagnosis, handling status check consulting service, and the like. The system diagnosis service may include major information communication, electronic financial infrastructure system vulnerability diagnosis consulting, and the like, and the simulated hacking service may include an application, a mobile app simulated hacking service, and the like. Source code diagnosis service includes application and mobile app source code diagnosis service, and information security education and training service provides (personal) information protection education and infringement incidents, Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS). It may include services such as response simulation training. In addition, the certification consulting service of the present invention is an information security certification integrated management solution, and may be a platform-type certification management solution for ISMS, ISMS-P certification acquisition and maintenance solution.

In addition, the management server 110 may provide an information protection authentication service including the following features. For example, the information security certification service includes i) information asset list management and importance assessment, ii) asset range can be separately operated according to major infrastructure and ISMS-P scope, iii) asset type, owner, manager, department of use, You can register and operate freely, such as for use. As another example, the information security authentication service may iv) create and/or provide a dashboard showing management physical diagnosis and personal information level diagnosis analysis data, and v) automatic analysis and automatic analysis of server and DB (database) vulnerabilities. Through the risk assessment function, diagnosis cost reduction can be provided, and vi) automation of information protection implementation plan establishment of individual risks according to the DoA (Degree of Assurance) setting can be provided. As another example, the information security authentication service can vii) provide an Excel download function in all menus showing analysis results, and viii) provide strong access control such as OTP, authority classification for each user, and specific IP (Internet Protocol) access. It can be done, and ix) it can provide a viewing function to the monitor while reducing the consumption and fatigue of resources during the examination.

1, the management server 110 includes a first control module 111, a first communication module 112, a first input module 113, a first output module 114, a storage module 115, And/or a machine learning module 116, wherein the user terminal 120 includes a second control module 121, a second communication module 122, a second input module 123 (not shown), and/or Alternatively, a second output module 124 (not shown) may be included.

The control modules 111 and 121 may directly/indirectly control the management server 110 and/or the user terminal 120 to implement the operation/step/process according to an embodiment of the present invention. In addition, the control modules 111 and 121 may include at least one processor, and the processor may include at least one central processing unit (CPU) and/or at least one graphic processing device (GPU).

In addition, the control modules 111 and 121 are based on API (Application Programming Interface), IoT (Internet of Things), IIoT (Industrial Internet of Things), and ICT (Information & Communication Technology) technology. Can be created and/or managed.

The communication modules 112 and 122 may transmit and receive various data, signals, and information, such as the management server 110 and/or the user terminal 120. In addition, the communication modules 112 and 122 may be a wireless communication module (eg, a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module (eg, a local area network (LAN) communication module). Module, or a power line communication module). In addition, the communication modules 112 and 122 may include a first network (eg, a short-range communication network such as Bluetooth, WiFi direct, or IrDA (Infrared Data Association)) or a second network (eg, a cellular network, the Internet, or a computer network (eg: LAN or WAN) to communicate with external electronic devices. These various types of communication modules may be integrated into a single component (eg, a single chip), or may be implemented as a plurality of separate components (eg, multiple chips).

The input modules 113 and 123 transmit commands or data to be used for components of the management server 110 and/or the user terminal 120 (eg, control modules 111 and 121), and/or the management server 110 and/or It may be received from the outside of the user terminal 120 (eg, a user (eg, a first user, a second user, etc.), an administrator of the management server 110, etc.). In addition, the input modules 113 and 123 include a touch recognition capable display installed in the management server 110 and/or the user terminal 120, a touch pad, a button type recognition module, a voice recognition sensor, a microphone, a mouse, or a keyboard. can do. Here, the touch-recognizable display, touch pad, and button-type recognition module may recognize a touch through a user's body (eg, a finger) through a pressure-sensitive and/or capacitive method.

The output modules 114 and 124 are signals generated by the control modules 111 and 121 of the management server 110 and/or the user terminal 120 or acquired through the communication modules 112 and 122 (e.g., voice signals). ), information, data, images, and/or various objects. For example, the output modules 114 and 124 may include a display, a screen, a display unit, a speaker, and/or a light emitting device (eg, an LED lamp).

In addition, the management server 110 and/or the user terminal 120 may further include storage modules 115 and 125, and control the operation of the management server 110 and/or the user terminal 120. It stores data such as basic program, application program, and setting information. In addition, the storage modules 115 and 125 include a flash memory type, a hard disk type, a multimedia card micro type, and a card type memory (for example, SD or XD memory, etc.), magnetic memory, magnetic disk, optical disk, RAM (Random Access Memory, RAM), SRAM (Static Random Access Memory), ROM (Read-Only Memory, ROM), PROM (Programmable Read-Only Memory), EEPROM It may include at least one storage medium among (Electrically Erasable Programmable Read-Only Memory).

In addition, the storage modules 115 and 125 may store personal information of a customer (first user) using the management server 110 and/or the user terminal 120, personal information of an administrator (second user), and the like. . Here, the personal information is a name, ID (identifier), password, social security number, street name address, phone number, mobile phone number, email address, and/or a reward generated by the management server 110 (e.g., points, etc. ), and the like may be included. In addition, the control modules 111 and 121 may perform various operations using various images, programs, contents, data, etc. stored in the storage modules 115 and 125.

Meanwhile, features of the machine learning module 116 will be described later.

3 is a flowchart illustrating a method according to an embodiment of the present invention.

Referring to FIG. 3, a method according to an embodiment of the present invention may include the step of executing a website and/or a mobile app that provides or supports the information protection authentication service of the present invention by a first user (S310 ).

For example, the first user is a website that provides or supports the information protection authentication service of the present invention through the user terminal 120 (and/or the network equipment of the first user (eg, tablet, PC, etc.)) and/or Alternatively, the mobile app may be executed, and in this case, the first user may input his/her personal information through the website and/or the mobile app. The personal information may be transmitted from the terminal 120 to the management server 110 and recorded in the management server 110 and/or the storage module 115. Here, the personal information is the first user's name, ID (ID; identifier), password, social security number, street name address, phone number, mobile phone number, email address, and/or a reward generated by the management server 110 ( Yes; may include information indicating points, etc.).

In addition, the method may include the step of performing, by the management server 110, an authentication procedure based on the personal information of the first user (S320).

For example, the website and/or mobile app of the present invention performs an operation corresponding to the following steps S330 to S350 only after performing a predetermined authentication procedure through the user's first information (eg, personal information). You can also run it. As an example, the predetermined authentication procedure may include an identity authentication process performed based on the personal information of the first user. Here, the identity authentication process is pre-stored in the storage module 115 of the management server 110 and personal information input when the first user accesses (and/or logs in) the website and/or mobile app of the present invention ( And/or a process of determining whether or not the recorded personal information is identical. As another example, in the predetermined authentication procedure, the amount of payment (and/or payment details and/or information on the rewards (points) used) by the first user through the website and/or mobile app of the present invention is determined by the present invention. It may include a process of determining whether or not a criterion required by the information security authentication service is satisfied.

In addition, the method may include the step of outputting the question information by the management server 110 (S330).

The management server 110, for example, may control to generate question information and output it through a user terminal of a first user who runs a website and/or a mobile app that provides a service of the present invention.

For example, the question information may include first question information for risk analysis, second question information for risk assessment, third question information for risk management level, and fourth question information for information protection plan.

As another example, the question information may include the fifth question information on the hardware side such as sensitivity to humidity, sensitivity to dust, sensitivity to contamination, sensitivity to unprotected storage, software such as insufficient testing, lack of audit trail, etc. Question 6 information on the side of the network, question 7 information on the network side such as unprotected communication lines, insecure network structure, etc. Question 8 information on the employee side such as improper recruiting process, inappropriate security awareness, etc. It may include information about the ninth question in terms of location such as region, unreliable power supply, etc., information about the tenth question in terms of management agencies such as lack of regular audits, lack of continuous planning, lack of security, and the like.

In addition, the method may include receiving, by the management server 110, answer information input by the first user (S340).

A website and/or mobile app providing the service of the present invention is executed, and the website and/or mobile app may output a response information input page through which a first user can input response information. In this case, the first user may input at least one answer information corresponding to each of the above-described question information through the response information input page.

At this time, the first user may input first to tenth answer information corresponding to each of the above-described first question information to the tenth question information (refer to step S330) through the website and/or mobile app. . At this time, each of the first answer information to the tenth answer information i) includes a qualitative answer corresponding to the answer (opinion) of the first user to each of the question information, or ii) Expressed as'YES' or'NO', iii) expressed as'top','middle', or'bottom' corresponding to each item, iv) integer value 0 corresponding to each item It can be expressed as a score (or number, value) of to 10.

In addition, the method may include generating, by the management server 110, information on risk management based on at least one answer information (S350).

Information on risk management includes, for example, i) qualitative analysis, ii) information indicating the status of risk management, such as'risk','normal','safety', or iii) Including information expressed as'top','middle', or'bottom' corresponding to each item, or iv) an integer value corresponding to each item, expressed as a score (or number, value) of 0 to 10 May contain information.

The management server 110 may generate information on risk management based on each of the above-described first answer information to tenth answer information (refer to step S340). The management server 110, for example, generates first risk management information based on the first answer information, generates second risk management information based on the second answer information, and generates second risk management information based on the third answer information. Generate 3rd risk management information, generate 4th risk management information based on the 4th answer information, generate 5th risk management information based on the 5th answer information, and generate 6th risk management information based on the 6th answer information Create risk management information, create 7th risk management information based on the 7th answer information, generate 8th risk management information based on the 8th answer information, and manage the 9th risk based on the 9th answer information Information may be generated, and the tenth risk management information may be generated based on the tenth answer information.

Information on risk management may include, for example, information on the level of risk management. The information on the risk management level includes i) information indicating the number of risks corresponding to the risk, ii) information indicating the degree of assurance (DoA), and/or iii) management security and technical security, respectively. It may include information indicating the corresponding risk (risk 0 to risk 10) and the total number of risks. For example, each of the first risk management information to the tenth risk management information may include, for example, first risk management level information to tenth risk management level information, and the first risk management level information to the first risk management information. 10 Each of the risk management level information corresponds to i) information indicating the number of risks corresponding to the risk level, ii) information indicating the degree of assurance (DoA), and/or iii) management security and technical security, respectively. It may include information indicating the number of risks (risk 0 to 10) and the total number of risks.

Meanwhile, for each of the first risk management level information to the tenth risk management level information, i) information indicating the number of risks corresponding to the risk level, ii) information indicating the degree of assurance (DoA), and/ Or iii) the information representing the risk (risk 0 to 10) and the total number of risks corresponding to each of management security and technical security may be 1) generated by the management server 110 as described above (this will be described later) Supported by the operation of the machine learning module 116), 2) directly input by the first user who is the customer who uses the information protection authentication service of the present invention (via the first user terminal and/or the information protection of the present invention) It may be directly entered by a service provider (e.g., a consultant) that provides or supports the information protection authentication service of the present invention (through a website and/or a mobile app that provides or supports the authentication service), 3) Through the terminal and/or through the website and/or mobile app).

In addition, the S310 to S350 may be implemented sequentially, but the order may be changed, and only some of the S310 to S350 may be implemented in combination with other substrates (methods) of the present invention.

And, the machine learning module 116 is directly input through the customer (first user) and/or service provider (second user) i) information indicating the number of risks corresponding to the risk, and ii) the risk management level (DoA ; Information indicating Degree of Assurance), and/or iii) Information indicating the total number of risks (risk 0 to 10) and total number of risks corresponding to each of management security and technical security, and information from the first answer to the tenth answer. The artificial intelligence network of the machine learning module 116 may be trained by using as training data. Based on the artificial intelligence network learned in this way, the machine learning module 116 generates first risk management information based on the first answer information, generates second risk management information based on the second answer information, and 3 Create 3rd risk management information based on the answer information, generate 4th risk management information based on the 4th answer information, generate 5th risk management information based on the 5th answer information, and create the 6th answer The 6th risk management information is generated based on the information, the 7th risk management information is generated based on the 7th answer information, the 8th risk management information is generated based on the 8th answer information, and the 9th answer information is Based on the ninth risk management information may be generated, and the tenth risk management information may be generated based on the tenth answer information.

Specifically, the machine learning module 116 includes information on risk management, information on risk management level, first risk management information to tenth risk management information (and/or i) risk corresponding to the risk level based on the artificial intelligence network. Information indicating the number, ii) information indicating the degree of assurance (DoA), and/or iii) the risk (risk 0 to 10) and the total number of risks corresponding to each of management security and technical security. Information) can be generated. In addition, the machine learning module 116 uses machine learning on big data stored in the database to provide information on risk management, information on risk management level, first risk management information to tenth risk. Management information (and/or i) information indicating the number of risks corresponding to the risk, ii) information indicating the degree of assurance (DoA), and/or iii) management security and technical security, respectively. You can create a risk level (a risk level of 0 to a risk level of 10) and information indicating the total number of risks.

In addition, the machine learning module 116 learns an artificial intelligence network using big data stored in the database of the server 110 as an input variable. Learning is performed so that correlations can be derived. The value input for learning of the artificial intelligence network is information indicating the number of risks corresponding to i) risk, which is directly input through a customer (first user) and/or service provider (second user), as described above, and , ii) Information indicating the level of risk management (DoA; Degree of Assurance), and/or iii) information indicating the number of risks (risk 0 to 10) and the total number of risks corresponding to each of management security and technical security. .

For example, the machine learning module 116 may set different learning modes of the artificial intelligence network based on whether the first user's payment details exceed a predetermined threshold. Here, the payment details may be related to the amount paid by the first user through a website and/or a mobile app that provides or supports the information protection authentication service of the present invention. As an example, when the payment details of the first user indicate less than a predetermined first threshold, the machine learning module 116 inputs i) information indicating the number of risks corresponding to the risk, and , ii) Information indicating the degree of assurance (DoA), and/or iii) information indicating the number of risks (risk 0 to 10) and the total number of risks corresponding to each of management security and technical security, and The output through the first artificial intelligence network learned in the first learning mode for learning by setting the 1 answer information to the fourth answer information as learning data can be provided to the first user through the information protection authentication service of the present invention. have. As another example, the machine learning module 116 is input by an expert (second user, consultant) when the first user's payment details are greater than or equal to the first threshold and are less than or equal to another predetermined threshold (i.e., second threshold). i) Information indicating the number of risks corresponding to the degree of risk, ii) Information indicating the degree of assurance (DoA), and/or iii) the degree of risk corresponding to each of management security and technical security (risk from 0 to risk) 10) and information indicating the total number of risks, and the output through the second artificial intelligence network learned in the second learning mode in which learning by setting the fifth answer information to the tenth answer information as learning data is the information of the present invention. It can be provided to the first user through the protection authentication service. As another example, when the payment details of the first user indicate that the payment details of the first user exceed the predetermined second threshold, the non-expert (first user, customer) and the expert (second user, consultant) input i. ) Information indicating the number of risks corresponding to the degree of risk, ii) Information indicating the degree of assurance (DoA), and/or iii) the degree of risk corresponding to each of management security and technical security (risk 0 to 10 risk). ), information representing the total number of risks, and the output through the third artificial intelligence network learned in a third learning mode in which all of the first answer information to the tenth answer information is set as learning data, and the information of the present invention It can be provided to the first user through the protection authentication service.

In addition, in the case of a correlation between information input/output through the machine learning module 116, an input is at least one of the first answer information to the tenth answer information, and the output is dangerous. Information on management, information on the level of risk management, information on the first risk management information to the 10th risk management information (and/or i) information indicating the number of risks corresponding to the risk level, and ii) the level of risk management (DoA; Degree of Assurance) and/or iii) management security and technical security corresponding to each of the risks (risk 0 to 10) and information representing the total number of risks). In addition, in the end, the machine learning module 116 may calculate weights of a plurality of inputs in the function through learning through deep learning.

In addition, various models such as a recurrent neural network (RNN), a deep neural network (DNN), and a dynamic recurrent neural network (DRNN) may be used as an artificial intelligence network model used for such learning.

Here, RNN is a deep learning technique that considers both current and past data at the same time, and a recurrent neural network (RNN) represents a neural network in which the connections between units constituting the artificial intelligence network form a directed cycle. Furthermore, various methods can be used for a structure capable of configuring a recurrent neural network (RNN), for example, a Fully Recurrent Network, a Hopfield Network, an Elman Network, and an ESN (Echo). state network), long short term memory network (LSTM), bi-directional RNN, continuous-time RNN (CTRNN), hierarchical RNN, and secondary RNN are representative examples. In addition, as a method for training a recurrent neural network (RNN), a gradient descent method, Hessian Free Optimization, Global Optimization Method, or the like may be used.

4 is a flow chart showing a method according to an embodiment of the present invention.

Referring to FIG. 4, the method according to an embodiment of the present invention includes the step of generating, by the management server 110, information on whether confidentiality is based on at least one of first answer information to tenth answer information. Can be (S410).

Here, the term "confidentiality" means that unauthorized users or objects cannot know the contents of the information, and may also be referred to as confidentiality. In addition, confidentiality is closely related to privacy protection in the sense that it prevents the disclosure of unwanted information.

In addition, information on information on confidentiality includes, for example, information displayed as'YES' or'NO' corresponding to each item, or in another example,'○' or'×' It may include information indicated by.

In addition, the method may include the step of generating, by the management server 110, information on whether or not integrity based on at least one of the first answer information to the tenth answer information (S420).

Here, integrity means that unauthorized users or objects cannot tamper with information. In other words, when the recipient receives the information, or when the stored information is taken out, the information is in the middle. This is to ensure that it has not been corrected or corrected.

In addition, information on information on whether or not integrity includes, for example, information displayed as'YES' or'NO' corresponding to each item, or in another example,'○' or'×' It may include information indicated by.

In addition, the method may include the step of generating, by the management server 110, information on availability based on at least one of the first answer information to the tenth answer information (S430).

Availability here means that when an authorized user or object tries to access the information, it is not disturbed. As an example, a denial of service attack (e.g., DDoS attack (Distributed Denial of Service Attack), etc.), which is widely known to the public due to the advancement of the network, can be said to be an attack that harms such availability.

In addition, information on availability information includes, for example, information displayed as'YES' or'NO' corresponding to each item, or in another example,'○' or'×' It may include information indicated by.

In addition, the method may include the step of setting a risk level based on at least one of information on confidentiality, information on integrity, and information on availability by the management server 110 (S440). .

In addition, the risk level may be determined by further considering authenticity, accountability, non-repudiation, and reliability. This can refer to the ISO/IEC 27000 series (eg, ISO/IEC 27000:2009) of the Information Security Management Systems (ISMS) standard series.

In addition, information on confidentiality, information on integrity, and/or information on availability is provided by the first user through the website and/or mobile app (providing or supporting the information protection authentication service of the present invention). It can also be entered directly. In this case, the management server 110 may set a risk level based on at least one of information on confidentiality input by the first user, information on integrity, and information on availability.

On the other hand, the S410 to S440 may be implemented sequentially, but the order may be changed, and only some of the S410 to S440 may be implemented in combination with other substrates (methods) of the present invention.

Meanwhile, i) information on confidentiality, ii) information on integrity, and/or iii) information on availability may be 1) generated by the management server 110 as described above ( This is supported by the operation of the machine learning module 116 to be described later), 2) directly input by the first user who is a customer who uses the information security authentication service of the present invention (via the first user terminal and/or the present invention) It may be directly entered by a service provider (e.g., a consultant) that provides or supports the information security authentication service of the present invention (through a website and/or a mobile app that provides or supports the information security authentication service of the present invention) ( Through a second user terminal and/or through the website and/or mobile app).

In addition, the machine learning module 116 is directly input through a customer (first user) and/or a service provider (second user) i) information on confidentiality, ii) information on integrity, and/or Alternatively, iii) the artificial intelligence network of the machine learning module 116 may be trained by using information on availability and the first answer information to the tenth answer information as learning data. Based on the artificial intelligence network learned in this way, the machine learning module 116 provides first confidentiality information (first information regarding confidentiality) and first integrity information (first information regarding integrity) based on the first answer information. ), first availability information (first information on availability), and based on the second answer information, second confidentiality information (second information on confidentiality), second integrity information (regarding integrity or not) 2 information), second availability information (second information regarding availability), and based on the third answer information, third confidentiality information (third information regarding confidentiality), third integrity information 3rd information), 3rd availability information (3rd information about availability), and based on the 4th answer information, 4th confidentiality information (4th information about confidentiality), 4th integrity information (integrity) 4th information on availability), 4th availability information (4th information on availability), and based on the 5th answer information, 5th confidentiality information (first information about confidentiality), 5th integrity information (Fifth information on integrity), 5th availability information (5th information on availability), and 6th confidentiality information (6th information on confidentiality), 6th based on the 6th answer information Integrity information (the sixth information on whether or not the integrity), the sixth availability information (the sixth information on the availability), and based on the seventh answer information, the seventh confidentiality information (the seventh information on the confidentiality), Creates 7th integrity information (7th information about integrity) and 7th availability information (7th information about availability), and based on the 8th answer information, 8th confidentiality information (8th information about confidentiality) ), the 8th integrity information (the 8th information about the integrity), the 8th availability information (the 8th information about the availability), and based on the 9th answer information, 9 information), 9 integrity information (9 information about integrity), 9 availability information (9 information about availability) B), and based on the tenth answer information, the tenth confidentiality information (the tenth information on whether or not confidentiality), the tenth integrity information (the tenth information on the integrity), and the tenth availability information (the availability 10th information) can be generated.

Specifically, the machine learning module 116 may generate i) information on confidentiality, ii) information on integrity, and/or iii) information on availability based on the artificial intelligence network. In addition, the machine learning module 116 uses machine learning on big data stored in the database: i) information on confidentiality, ii) information on integrity, and/or iii. ) You can create information about availability.

In addition, the machine learning module 116 learns an artificial intelligence network using big data stored in the database of the server 110 as an input variable. Learning is performed so that correlations can be derived. As described above, the value input for learning of the artificial intelligence network is i) confidentiality information directly inputted through a customer (first user) and/or service provider (second user), and ii) integrity. It may be information on whether or not, and/or iii) information on availability, and iv) first answer information to tenth answer information.

For example, the machine learning module 116 may set different learning modes of the artificial intelligence network based on whether the first user's payment details exceed a predetermined threshold. Here, the payment details may be related to the amount paid by the first user through a website and/or a mobile app that provides or supports the information protection authentication service of the present invention. For example, when the first user's payment details indicate less than a third threshold, the machine learning module 116 inputs i) confidentiality information and ii) integrity. Information on whether or not, and/or iii) availability, and iv) through the 4th AI network learned in the 4th learning mode for learning by setting the 1st answer information to the 4th answer information as learning data. The output can be provided to the first user through the information protection authentication service of the present invention. As another example, the machine learning module 116 is input by an expert (second user, consultant) when the first user's payment details are equal to or greater than the third threshold and are equal to or less than another predetermined threshold (ie, the fourth threshold). i) Confidentiality information, ii) Integrity information, and/or iii) Availability information, and iv) 5th answer information or 10th answer information as learning data. The output through the fifth artificial intelligence network learned in the 5 learning mode may be provided to the first user through the information protection authentication service of the present invention. As another example, when the payment details of the first user exceeds the predetermined fourth threshold, the machine learning module 116 is input by a non-expert (first user, customer) and an expert (second user, consultant). ) Information on confidentiality, ii) information on integrity, and/or iii) information on availability, and iv) information on whether the first answer to the tenth answer are all set as learning data. The output through the sixth artificial intelligence network learned in the 6 learning mode may be provided to the first user through the information protection authentication service of the present invention.

In addition, in the case of a correlation between information input/output through the machine learning module 116, an input is at least one of the first answer information to the tenth answer information, and the output is dangerous. Information on management, information on the level of risk management, information on the first risk management information to the 10th risk management information (and/or i) information indicating the number of risks corresponding to the risk level, and ii) i) information on confidentiality, and , ii) information on integrity and/or iii) availability. In addition, in the end, the machine learning module 116 may calculate weights of a plurality of inputs in the function through learning through deep learning.

In addition, various models such as a recurrent neural network (RNN), a deep neural network (DNN), and a dynamic recurrent neural network (DRNN) may be used as an artificial intelligence network model used for such learning.

5 is a diagram showing information on a risk management level according to an embodiment of the present invention.

5, information on the level of risk management includes i) information (and/or graph) indicating the number of risks corresponding to the risk, ii) information indicating the degree of assurance (DoA), and /Or iii) management security and technical security corresponding to each of the risk (risk 0 to risk 10) and information indicating the total number of risks may be included.

However, the information on the level of risk management shown in FIG. 5 is only an example, and may be configured in a different form and/or design (or interface).

6 is a flowchart illustrating a method according to an embodiment of the present invention.

Referring to FIG. 6, the method according to an embodiment of the present invention may include the step of generating, by the management server 110, priority information based on information on risk management (S610).

In addition, the method may include the step of generating, by the management server 110, information on the action plan based on the information on the priority (S620).

7 is a flow chart showing a method according to an embodiment of the present invention.

Referring to FIG. 7, a method according to an embodiment of the present invention may include the step of obtaining, by the management server 110, information on an information asset (S710).

In addition, the method may include the step of generating, by the management server 110, information indicating the importance of the information asset based on the information on the information asset (S720).

In addition, the method may include the step of generating and outputting, by the management server 110, information on risk management based on information indicating the importance of the information asset (S730).

On the other hand, the S710 to S730 may be implemented sequentially, but the order may be changed, and only some of the S710 to S730 may be implemented in combination with other substrates (methods) of the present invention.

In addition, the management server 110 may output a result of calculating the asset value through the following asset value calculation method.

Here, AV represents a business process based asset value, QV represents a qualitative value conversion value from a quantitative price, and W represents the weight of a business-process based asset classification factor. . Here, QV may be determined based on Table 1 below.

Qualitative value Qualitative asset value conversion standard ranking Conversion value Very low One The quantitative asset price is less than $100 lowness 2 Quantitative asset price between $100 and $300 middle 3 Quantitative asset price between $300 and $600 height 4 Quantitative asset price between $600 and $1,000 Very high 5 Quantitative asset price of $1,000 or more

In addition, W may be calculated based on Equation 2 below.

For example, each of w0 to wn may represent a weight for each of a plurality of asset classes. For example, n is set to 2, w0 represents a weight for hardware (disk and server), w1 represents a weight for software (MS OFFICE ^TM and messenger), and w2 represents a weight for network (router and LAN). It can be a weight. As another example, n is set to 5, w0 is a weight for a disk (e.g., hard disk), w1 is a weight for a server, and w2 is an office software (e.g. MS OFFICE ^TM , Hangul ^TM, etc.) represents about weight, w3 is a messenger (ie, in-house messenger, kakaohtok ^TM, NateOn ^TM, etc.) represents a weight on, w4 denotes the weight of the router, w5 the LAN; about (LAN Local Area Network) It can be a weight. Also, w0 to wn may be set by the management server 110.

In addition, the management server 110 may perform risk assessment based on Equation 3 below.

Here, RV represents the risk value, AV represents the asset value, Tf represents the threat frequency, Ed represents the exposure degree, and EDS represents the security countermeasure. It can show the effect (Effectiveness Degree of Safeguard).

Regarding the calculation of the effectiveness of the security countermeasure, if the implementation result of the security countermeasure is IR and the degree of protection is PD, the effectiveness of the security countermeasure is 100% impossible, so the effect of the security countermeasure is calculated by the following equation. It can be calculated based on 4.

Here, EDS represents the effectiveness of the security countermeasure (Effectiveness Degree of Safeguard), S _IR represents the result of implementing the security countermeasure, and PD can represent the protection degree.

S _IR (security countermeasure implementation result) may follow the evaluation method of ISO/IEC 17799 as described in Table 2 below.

Baseline Explanation 0.0 No correlation between risk and countermeasure 0.165 Risk and countermeasures are indirectly related 0.5 Risk and countermeasures are directly related 0.865 Implemented countermeasures against specific risks

PD (Protection Degree) can follow the evaluation method of ISO/IEC 17799 as shown in Table 3 below.

Baseline Explanation 0.1 No security countermeasures 0.3 Risks have been identified, but no specific countermeasures are available, and social engineering countermeasures are used intermittently. 0.5 Security procedures have been established, countermeasures have been implemented and test operations have begun 0.7 Operate security procedures and countermeasures 0.9 Implement and operate practical and specific security countermeasures

The management server 110 may calculate a final risk assessment based on Equation 5 below.

Here, RV represents the risk value, AV represents the asset value, Tf represents the threat frequency, Ed represents the exposure degree, and S _IR represents the security value. Shows the result of implementing countermeasures (see Table 2), and PD can indicate the degree of protection (see Table 3).

In addition, the information protection authentication service of the present invention may be provided through a web site and/or application (mobile app) operated by the management server 110, and may include the following features.

The information security authentication service of the present invention enables efficient authentication maintenance by enabling the information security manager and/or administrator to handle key tasks related to the information security management system in one place for ISMS, ISMS-P authentication, etc. It may be an information security authentication integrated management solution. In addition, the above information protection certification service includes information asset registration, management, physics, technology, legal status level diagnosis, risk analysis and evaluation, information protection plan establishment, information protection education and training management, information protection policy registration and reading, certification review response menu. It can be configured to manage all of the key tasks of the information security management system.

In the information protection authentication service of the present invention, the website and/or application (mobile app) operated by the management server 110 is policy management (service), asset management (service), diagnostic management (service), risk management (service ), evidence management (service), security audit (service), etc., menus that can be selected by the user (main menu, task-specific menu) and/or objects can be output. Policy management (service) is related to information protection policy, personal information internal management plan, information protection guidelines/procedures, manual/guideline verification, etc., and asset management (service) is related to registering and maintaining identified information assets. I can. In addition, diagnostic management (service) is i) in the case of the (old) ISMS version, provides administrative, physical, and technical diagnosis management, and ii) in the case of the ISMS version, establishes and operates a management system, requirements for protection measures, and manages technical diagnosis. And iii) In the case of ISMS-P version, it may be related to providing management system establishment and operation, protection measure requirements, personal information processing step-by-step requirements, and technical diagnosis management. Risk management (service) provides automatic risk analysis and management for discovered vulnerabilities, evidence management (service) provides documentation and maintenance of security activities within the scope of ISMS, and security audit (service) provides ISMS review and management. Menus provided to auditors/auditors (giving necessary menu read rights) can be provided when performing security audits. In addition, in the present invention, the term'evidence' may refer to evidence (for audit).

In addition, the web site and/or application (mobile app) may output sub-menus such as detailed menus for each category, status of users, and license period display.

The information security authentication service is the asset management graph of FIG. 6 (and/or the current diagnosis status display among all assets) generated by the management server 110, and the diagnosis management graph of FIG. 7 (and/or the current registered asset status display). ), the risk management graph of FIG. 8 (and/or the indication of the priority status of the discovered risk management), and/or the evidence management graph of FIG. 9 (and/or the status display of each implementation cycle for the registered evidence list). It can be output through a website and/or an application (mobile app).

In addition, in the present invention, the (information) asset may include an information system, an information protection system, and information, and the information system collects and processes information such as servers, terminals such as PCs, auxiliary storage media, network equipment, and application programs. It may refer to hardware and software necessary for storage, retrieval, and transmission/reception. The information protection system is a system built to prevent damage, alteration, and leakage of information, and may include an intrusion prevention system, an intrusion detection system, an intrusion prevention system, and a personal information leakage prevention system. The information may include documentary information and/or electronic information. In addition, (information) assets may include management systems, protection measures, personal information, server systems, database management systems (DBMS), applications, network equipment, security equipment, PCs, and the like.

In addition, in the present invention, the vulnerability (vulnerability, vulnerable point) may refer to a weakness that can be used to damage the confidentiality, integrity or availability of computer information assets. 2) the status of being able to execute commands by disguised as a user), 2) the status of the attacker being able to access that data by ignoring the specified access rights to the specific data, 3) the status of the attacker being able to disguise as another entity State, 4) The attacker may be in a state in which a denial of service attack can be performed.

The information security authentication service may output an improvement level graph for each area generated by the management server 110. As an example, the improvement level graph for each area may be generated based on the score (and/or numerical value) for each of the management system base preparation, risk management, management system operation, management system inspection and improvement. As another example, the improvement level graph for each area is i) policy, organization, asset management, ii) personal security, iii) outsider security, iv) physical security, v) authentication and authority management, vi) access control, vii) encryption application. , viii) Development security, ix) Operational management, x) Security management, xi) Accident prevention and response, xii) Disaster recovery can be generated based on scores (and/or numbers) for each. As another example, the improvement level graph for each area may be generated based on the score (and/or numerical value) for each of the collection of personal information, possession and use of personal information, provision of personal information, destruction of personal information, and protection of the rights of the information subject.

In addition, the information security authentication service may output a graph of the status of implementation actions for each area generated by the management server 110. As an example, a graph of the implementation action status may be generated based on the rate of action (%) for each of the establishment of a management system foundation, risk management, management system operation, management system inspection, and improvement. As another example, the graph of the implementation measures is i) policy, organization, asset management, ii) personal security, iii) outsider security, iv) physical security, v) authentication and authorization management, vi) access control, vii) encryption application, viii) Development security, ix) Operation management, x) Security management, xi) Accident prevention and response, xii) Disaster recovery can be generated based on the action rate (%) for each. As another example, a graph of implementation measures may be generated based on the rate of action (%) for each of collection of personal information, retention and use of personal information, provision of personal information, destruction of personal information, and protection of data subject rights. Here, the action rate may be determined based on a ratio between good, weak, and/or undiagnosed evaluated for each area as illustrated in FIGS. 13 to 15.

In addition, the management server 110 may generate information on the vulnerability according to the following method, for example, and control it to be output through the user terminal.

The method may include the step of receiving, by the management server 110, second information on the target entity. Here, the target entity may be a target subject to security authentication through the information protection authentication service of the present invention. For example, the target entity may include i) a web server (e.g., a test web server, a development web server), a cloud server, an intranet server, a DB (database) server, etc. that provides a predetermined online service, or ii) the first user It may include a server operated by. As another example, the target entity may mean a set including a server system, a DBMS, an application, a network device, a security device, a PC, and the like.

For example, the first user runs a website and/or a mobile app that provides the service of the present invention through the user terminal 120, and a target entity (ie, an observation target) through the website and/or mobile app. Entity) can be input. The second information may be transmitted from the terminal 120 to the management server 110 and recorded in the management server 110 and/or the control module 210.

The second information includes a plurality of question information related to each of policy management, asset management, diagnostic management, risk management, evidence management, and/or security audit, and answer information of the first user corresponding to each of the plurality of question information. Can include.

Policy management can be about the highest level of information protection policy, personal information internal management plan, guidelines and procedures, manuals and guidelines. Asset management can be about asset listings and network diagrams. Diagnosis management may be related to the establishment and operation of a management system, requirements for protection measures, requirements for each stage of personal information processing, and technical diagnosis. Risk management may be related to risk analysis, risk assessment, risk management level, and information protection plan. Evidence management is concerned with managing evidence for audit and/or auditing, including evidence list (e.g. area classification, evidence code, proof name, performance cycle, person in charge, date of last upload, etc.), and operational statement. Can be. Here, the operational specification may include items such as control items, details, operation status, operation status (or reasons for not being selected), related documents (policies, guidelines, etc.), and/or records (evidence data). Security audit may be related to the menu required by the auditor and/or auditor during the ISMS audit and/or security audit.

On the other hand, the management server 110 is the first question information in terms of hardware such as sensitivity to humidity, sensitivity to dust, sensitivity to contamination, sensitivity to unprotected storage, etc., insufficient testing, lack of audit trail, etc. The second question information on the software side, the third question information on the network side such as unprotected communication lines, insecure network structure, etc., the fourth question information on the employee side such as inappropriate recruiting process, inappropriate security awareness, etc., the risk of flooding Provide the information protection authentication service of the present invention with information about the 6th question from the side of the management agency, such as the location of the location where there is an area, unreliable power supply, etc., lack of regular audits, lack of continuous planning, lack of security, etc. Or, it may be provided to the first user through a supported website and/or a mobile app.

In response to this, the first user may input first to sixth response information corresponding to each of the first to sixth question information through the website and/or the mobile app.

In this case, the second information may include the first to sixth response information. For example, the first response information to the sixth response information are i) expressed as'yes' or'no' corresponding to each item, or ii)'top' and'upper' corresponding to each item It may be expressed as'medium' or'lower', or iii) a score (numerical value) of 1 to 10 integer values corresponding to each item.

In addition, the method may include the step of generating and outputting, by the management server 110, information on the vulnerability based on the first information (and/or the second information) (S340).

For example, the management server 110 may generate information on the vulnerability based on the first to sixth response information. In this case, the management server 110 may generate information on the vulnerability by further considering the personal information of the first user.

For example, the management server 110 i) the first response information for each of the plurality of first question information, such as sensitivity to humidity, sensitivity to dust, sensitivity to contamination, sensitivity to unprotected storage, etc. Based on this, the first vulnerability information indicating the vulnerability in the hardware side is generated, and ii) based on the second response information for each of the plurality of second question information such as insufficient testing (a small number of testing) and lack of an audit trail. Generates second question information indicating software-side vulnerability, and iii) analyzes network-side vulnerability based on third response information for each of a plurality of third question information such as unprotected communication lines and insecure network structures. Generates third vulnerability information indicating, iv) generates fourth vulnerability information indicating employee-side vulnerability based on the fourth response information for each of the plurality of fourth question information such as inappropriate recruiting process, inappropriate security awareness, etc. v) Based on the 5th response information for each of the 5th question information, such as areas at risk of flooding and unreliable power supply, 5th vulnerability information indicating the vulnerability in terms of location is generated, and vi) regular audits The sixth vulnerability information indicating the vulnerability of the management organization may be generated based on the sixth response information for each of the plurality of sixth question information such as lack, lack of continuous plan, lack of security, and the like. In this case, the management server 110 may generate the first to sixth vulnerability information by further considering the personal information of the first user. In addition, the first vulnerability information to the sixth vulnerability information are i) expressed as'YES' or'NO' corresponding to each item, or ii)'Higher' or'Medium' corresponding to each item. , Or'lower', or iii) an integer value corresponding to each item may be expressed as a score (numerical value) of 1 to 10.

As another example, the management server 110 includes a plurality of question information related to each of policy management, asset management, diagnosis management, risk management, evidence management, and/or security audit, and the first Information on the vulnerability may be generated based on the user's response information. At this time, the management server 110 may generate information on the vulnerability by further considering the personal information of the first user. In addition, the information on the above vulnerabilities is i) expressed as'yes' or'no' corresponding to each item, or ii)'up','middle', or'lower' corresponding to each item. Or iii) an integer value corresponding to each item may be expressed as a score (numerical value) of 1 to 10.

For example, the second information includes evaluation information including qualitative analysis, and the information on the vulnerability includes an evaluation value corresponding to evaluation information including qualitative evaluation of the second information. Can include. In other words, the management server 110 determines an evaluation value corresponding to the qualitative evaluation, based on the second information including the qualitative evaluation, and information including the evaluation value (ie, information on the vulnerability) Can be created.

In addition, the method according to an embodiment of the present invention determines whether the remaining period until the first information (and/or the second information) of the first user and the authentication examination (the examination date of the authentication examination) satisfies the first service criterion. It may include the step of determining.

As an example, the next step may be executed only after the authentication procedure is completed based on the personal information of the first user in the first information.

In addition, the method may include generating and outputting information indicating that a remote support service is provided based on whether the first service criterion is satisfied.

The first service criterion may be satisfied when the period remaining until the certification review (the date of the certification review) is lower than the first period threshold.

The remote support service may be, for example, a service for solving a vulnerability in terms of software by remotely supporting a PC screen of a first user by a professional counselor.

In this regard, the first service criterion is that the evaluation value (or field evaluation value) corresponding to the information on the vulnerability in the software side is lower than a predetermined threshold and/or the information on risk management (or the first risk management Information to the tenth risk management information or information on the risk management level) may be satisfied only when they are lower than other predetermined thresholds.

In addition, the method may include determining whether the remaining period until the first information (and/or the second information) of the first user and the certification examination (the date of examination of the certification examination) satisfies the second service criterion. have.

In addition, the method may include generating and outputting information indicating that an expert dispatch service is provided based on whether the second service criterion is satisfied.

The second service criterion may be satisfied when the remaining period until the certification review (the date of the certification review) is lower than the second period threshold. Here, the second period threshold may be set lower than the first period threshold.

The expert dispatch service may include, for example, an expert's business trip service capable of managing or consulting a vulnerability related to the information security authentication service at the work place (or company) of the first user.

On the other hand, experts who go on a business trip to the first user's work site through the expert dispatch service are the hardware field (side), software field (side), network field (side), employee field (side), location field (side), and management agency. It may be specialized and matched in at least one of the fields (sides). The management server 110 may store such matching information, and when the second service criterion is satisfied, the matching information is sent to the first user through a website and/or a mobile app that provides or supports the information protection authentication service of the present invention. Can be provided to. For example, the matching information may include information on a specialty field matched to each of a plurality of experts, an expert level, and whether or not an emergency business trip service is available.

In addition, the method may include determining whether the remaining period until the first information (and/or the second information) of the first user and the certification examination (the audit date of the certification examination) satisfies the third service criterion. have.

In addition, the method may include generating and outputting information indicating that the emergency business trip service is provided based on whether or not the third service criterion is satisfied.

The third service criterion may be satisfied when the remaining period until the certification review (the date of the certification review) is lower than the third period threshold. Here, the third period threshold may be set lower than the second period threshold.

The emergency business trip service includes, for example, a business trip service of an expert who can manage or consult a vulnerability related to the information security authentication service at the work place (or company) of the first user, wherein the business trip service is provided within a predetermined period. It may be a provided service. This may be a service for a customer (first user) who wants a quick response when the remaining period until the audit date of the certification audit remains relatively short.

As described above, an embodiment of the present invention provides a management server 110 for automatically diagnosing and analyzing a vulnerability of a target entity, comprising: a communication module 112 for transmitting and receiving signals to and from the target entity; And controlling the communication module 112, receiving first information of a first user, performing an authentication procedure based on the first information, receiving second information of the first user, and receiving the first information A management server 110 including a control module 111 that generates and outputs information on a vulnerability based on at least one of the information and the second information is proposed. The second information includes evaluation information including qualitative evaluation, and the information on the vulnerability includes an evaluation value (or field evaluation value) corresponding to evaluation information including qualitative evaluation of the second information. I can.

The control module 111 compares the evaluation value (or field evaluation value) of the information on the vulnerability with a threshold value, and generates third information when the evaluation value (or field evaluation value) is lower than the threshold value. And outputting, and generating and outputting fourth information when the evaluation value (or field evaluation value) is greater than or equal to the threshold value.

The first information includes personal information of the first user, the personal information includes information indicating a name, an identifier, a password, an email address, and a reward generated by the management server, and the evaluation information is a policy It may be about management, asset management, diagnostic management, risk management, evidence management, and security audit. In addition, the evaluation information may include at least one of the above-described fifth answer information to tenth answer information.

The control module 111 determines the maximum vulnerable sector based on the information on the vulnerability, and generates analysis information on the target entity based on the evaluation value (or field evaluation value) and the maximum vulnerable sector Output, and based on the analysis information and the most vulnerable sector, the diagnostic analysis information for the target entity may be generated and output.

The control module 111 determines whether the first information, the second information, and the remaining period until the authentication examination satisfy a first service criterion, and based on whether the first service criterion is satisfied, the remote control module 111 Information indicating that a support service is provided can be generated and output.

The control module 111 determines whether the first information, the second information, and the remaining period until the authentication examination satisfy a second service criterion, and based on whether the second service criterion is satisfied. You can create and output information indicating that you are providing professional travel services.

The control module 111 determines whether the first information, the second information, and the remaining period until the authentication examination satisfy a third service standard, and based on whether the third service standard is satisfied. Information indicating that emergency business trip service is provided can be generated and output.

In this regard, an embodiment of the present invention may include a method including an operation corresponding to steps X-1 to X-6 to be described later.

In the method according to an embodiment of the present invention, the'first information of the first user (and/or the second information)' and the'period remaining until the authentication examination (and/or the examination date of the authentication examination)' are the first service criteria. It may include a step of determining whether or not to satisfy (step X-1).

For example, based on the personal information of the first user included in the first information, steps X-2 to X-6 to be described later are executed only after the authentication procedure is completed, or the first step is only when the authentication procedure is completed. It may be set to determine that the service criterion, the second service criterion, and/or the third service criterion are satisfied.

In addition, the method generates information indicating that a remote support service is provided based on whether the first service criterion is satisfied, and controls the information to be output through a first user terminal and/or the remote support through the first user terminal. It may include controlling to provide a service (step X-2).

The first service criterion is that the period remaining from the time when the user applies for the information protection certification service of the present invention (or the current time) to the certification review (and/or the review date of the certification review) is the first period threshold (e.g. ; If it is lower than 10 days, 1 week, etc.), it can be satisfied. The'time at which the user applies for the information protection authentication service of the present invention (or the present time point)' means that the request message (and/or information) for the user to apply for the information protection authentication service of the present invention is input to the management server 110 It may represent a time point at which it is performed, and/or a time point at which it is confirmed by the management server 110.

In addition, the first service criterion is that the evaluation value (or field evaluation value) corresponding to the information on the vulnerability corresponding to the software aspect is lower than the first numerical threshold and/or information on risk management corresponding to the software aspect. (Or the first risk management information to the tenth risk management information or information on the risk management level) may be satisfied only when it is lower than the second numerical threshold. In addition, the first service criterion is that the evaluation value (or field evaluation value) corresponding to the information on the vulnerability corresponding to the other aspect is lower than the first numerical threshold and/or information on risk management corresponding to the other aspect ( Alternatively, it may be satisfied only when the first risk management information to the tenth risk management information or information on the level of risk management) is lower than the second numerical threshold.

In the remote support service, for example, a person (e.g., a professional counselor, a consultant, etc.) engaged in a company providing the information protection authentication service of the present invention can access the computer (PC) and/or terminal of the first user (customer). Remotely operated (and/or controlled) and evaluated lower than the first numerical threshold (or field evaluation value) (and/or information on risk management (or first risk management information to tenth risk management information or It may be a service that allows you to resolve vulnerabilities in the software side corresponding to the information on the level of risk management)).

In addition, the method determines whether the remaining period until the'first user's first information (and/or second information)' and'the certification review (and/or the verification date of the certification review)' satisfies the second service criterion. It may include a step of determining (step X-3).

And, the method is based on whether or not the second service criterion is satisfied, the management server 110 generates information indicating that the expert dispatch service is provided, and controls the information to be output through the first user terminal and/or to the first user. It may include transmitting information on the first user and a message requesting the emergency business trip service to a terminal of a specific expert so as to provide the expert dispatch service (step X-4).

The second service criterion is that the period remaining from the time when the user applies for the information protection certification service of the present invention (or the current time) to the certification review (and/or the review date of the certification review) is the second period threshold (e.g. ; If it is lower than 7 days, 72 hours, etc.), it can be satisfied. Here, the second period threshold may be set lower than the first period threshold (eg, 10 days, 1 week, etc.) (set by the control module 210). The'time at which the user applies for the information protection authentication service of the present invention (or the present time point)' means that the request message (and/or information) for the user to apply for the information protection authentication service of the present invention is input to the management server 110 It may indicate a point in time, and/or may indicate a point in time that is confirmed by the management server 110.

In addition, the second service criterion corresponds to at least one of the hardware field (side), software field (side), network field (side), employee field (side), location field (side), and management organization field (side). The evaluation value (or field evaluation value) corresponding to the information on the vulnerability is lower than the third numerical threshold and/or information on risk management corresponding to the software aspect (or first risk management information to the tenth risk management information) Alternatively, it may be satisfied only when the information on the level of risk management) is lower than the fourth numerical threshold. In addition, the second service criterion is that the evaluation value (or field evaluation value) corresponding to the information on the vulnerability corresponding to the other aspect is lower than the third numerical threshold and/or information on risk management corresponding to the other aspect ( Alternatively, it may be satisfied only when the first risk management information to the tenth risk management information or information on the risk management level) is lower than the fourth numerical threshold. For example, the third numerical threshold may be set lower than the first numerical threshold, and the fourth numerical threshold may be set lower than the second numerical threshold.

The expert dispatch service may include an expert's travel service capable of managing or consulting a vulnerability related to the information security authentication service at the work place (or company) of the first user (customer). The expert dispatch service may include, for example, an expert's business trip service capable of managing or consulting a vulnerability related to the information security authentication service at the work place (or company) of the first user (customer).

On the other hand, the expert who goes on a business trip to the first user's work place through the expert dispatch service is a person (e.g., professional counselor, consultant, etc.) who is engaged in a company that provides the information protection authentication service of the present invention, and is a hardware field (side), software Field (side), network field (side), employee field (side), location field (side), and management organization field (side) may be specialized and matched. The management server 110 may store such matching table information, and when the second service criterion is satisfied, the matching table information is provided through a website and/or a mobile app that provides or supports the information protection authentication service of the present invention. 1 Can be provided to users (customers).

For example, the matching table information may be as shown in Table 4 below.

bailiwick ranking Emergency business trip service availability First expert Hardware field Level 3 possible 2nd expert Software field Level 3 Impossible 3rd expert Hardware field, network field Level 2 possible 4th expert Employee field, location field, management agency field Level 1 Impossible 5th expert Software field Level 3 Impossible 6th expert Software field, network field Level 2 Impossible

The first user (customer) who checks the matching table information shown in Table 4 can select a specific expert from among experts (eg, first to sixth experts) displayed through Table 4, and in this case, the specific expert Professional travel service by may be provided to the user. In addition, a message (and/or information) guiding this may be output through the terminal of the first user. And, the method includes'first information (and/or second information) of the first user' and'authentication. It may include the step of determining whether the'period remaining until the audit (and/or the audit date of the certification audit) satisfies the third service criterion (step X-5).

In addition, the method is based on whether or not the third service criterion is satisfied, the management server 110 generates information indicating that the emergency business trip service is provided, and controls the information to be output through the first user terminal and/or to the first user. It may include transmitting information on the first user and a message requesting the emergency travel service to a terminal of a specific expert so as to provide the emergency travel service (step X-6).

The third service criterion is that the period remaining from the time when the user applies for the information protection certification service of the present invention (or the current time) to the certification review (and/or the review date of the certification review) is the third period threshold (e.g. ; If it is lower than 3 days, 36 hours, etc.), it can be satisfied. Here, the third period threshold may be set lower than the second period threshold (eg, 7 days, 72 hours, etc.) (set by the control module 210). 'When the user applies for the information security authentication service of the present invention (or the current point in time)' means that the request message (and/or information) for the user to apply for the information security authentication service of the present invention is sent to the management server 110. It may indicate an input time point and/or a time point confirmed by the management server 110.

In addition, the third service criterion corresponds to at least one of the hardware field (side), software field (side), network field (side), employee field (side), location field (side), and management organization field (side). The evaluation value (or field evaluation value) corresponding to the information on the vulnerability is lower than the fifth numerical threshold and/or information on risk management corresponding to the software aspect (or first risk management information to the tenth risk management information) Alternatively, it may be satisfied only when the information on the level of risk management) is lower than the sixth numerical threshold. In addition, the third service criterion is that the evaluation value (or field evaluation value) corresponding to the information on the vulnerability corresponding to the other aspect is lower than the fifth numerical threshold and/or information on risk management corresponding to the other aspect ( Alternatively, it may be satisfied only when the first risk management information to the tenth risk management information or information on the level of risk management) is lower than the sixth numerical threshold. For example, the fifth numerical threshold may be set lower than the third numerical threshold, and the sixth numerical threshold may be set lower than the fourth numerical threshold.

The emergency business trip service includes, for example, a business trip service of an expert who can manage or consult a vulnerability related to the information protection authentication service at the work place (or company) of the first user, wherein the business trip service is provided within a predetermined period. It may be a provided service. The period of the collection may indicate a specific period from the time when the emergency business trip service is requested. Through these features, the present invention can provide a service for a customer (first user) who wants a quick response when the remaining period until the audit date of the certification review is insufficient (and/or the spare period remains relatively short). .

In addition, when the third service criterion is satisfied, the management server 110 provides the matching table information to the first user (customer) through a website and/or mobile app that provides or supports the information protection authentication service of the present invention. Or, and/or it may be controlled to be output through the terminal of the first user. For example, the matching table information may be the same as in Table 4 described above. The first user (customer) who checks the matching table information as shown in Table 4 above checks the'Emergency Travel Service Availability' as'Enable' to experts displayed through Table 4 (e.g., first expert, third expert, etc.) Experts) may be selected from among the specialized experts, and in this case, expert travel services by the specific expert may be provided to the user. In addition, a message (and/or information) guiding this may be output through the terminal of the first user.

On the other hand, the steps X-1 to X-6 may be implemented sequentially, but the order may be changed, and only some of the steps X-1 to X-6 are other substrates (methods) of the present invention. ) And can be implemented.

And the management server 110, for example,'information on the vulnerability' transmitted to the management server 110 by the first user input to the website and/or mobile app of the present invention through the first user terminal. Based on this, it is possible to calculate an evaluation value (or field evaluation value) corresponding to each of the hardware side, the software side, the network side, the employee side, the location side, and the management agency side. For example, the management server 110 is based on the evaluation values corresponding to each of i) sensitivity to humidity, sensitivity to dust, sensitivity to contamination, and sensitivity to unprotected storage. Calculate the field evaluation value, ii) calculate the second field evaluation value for the software aspect based on the evaluation value corresponding to each of the insufficient testing (small number of tests) and the lack of audit trail, and iii) the unprotected Based on the evaluation value corresponding to each communication line and insecure network structure, the third field evaluation value is calculated for the network aspect, and iv) the employee aspect based on the evaluation value corresponding to each of inappropriate recruiting process and inappropriate security perception. Calculate the 4th sector assessment value for the area, v) calculate the 5th sector assessment value for the location aspect based on the assessment value corresponding to each of the areas at risk of flooding and unreliable electricity supply, and vi) regular audits Based on the evaluation values corresponding to the lack of management, lack of continuous planning, and lack of security, the 6th field evaluation value for the management agency side can be calculated. In this case, the management server 110 may calculate the first field evaluation value to the sixth field evaluation value by further considering the personal information of the first user. In addition, the evaluation value may be expressed as, for example, a score (number) of 1 to 10 integer values corresponding to each item.

The embodiments of the present invention disclosed in the present specification and drawings are only provided for specific examples to easily explain the technical content of the present invention and to aid understanding of the present invention, and are not intended to limit the scope of the present invention. That is, it is apparent to those of ordinary skill in the art that other modifications based on the technical idea of the present invention can be implemented. In addition, each of the above embodiments can be operated in combination with each other as necessary. For example, all embodiments of the present invention may be implemented by the system 200, the management server 110, and/or the user terminal 120 by combining parts with each other.

In addition, the method of controlling the system 200, the management server 110, and/or the user terminal 120 according to the present invention is implemented in the form of a program command that can be executed through various computer means and is stored in a computer-readable medium. Can be recorded.

As described above, various embodiments of the present invention may be implemented as computer readable code in a computer readable recording medium from a specific viewpoint. A computer-readable recording medium is any data storage device capable of storing data that can be read by a computer system. Examples of computer-readable recording media include read only memory (ROM), random access memory (RAM), and compact disk-read only memory (CD-ROM). ), magnetic tapes, floppy disks, optical data storage devices, and carrier waves (such as data transmission over the Internet). The computer readable recording medium can also be distributed through networked computer systems, so that the computer readable code is stored and executed in a distributed manner. In addition, functional programs, codes, and code segments for achieving various embodiments of the present invention can be easily interpreted by skilled programmers in the field to which the present invention is applied.

In addition, it will be appreciated that the apparatus and method according to various embodiments of the present invention can be realized in the form of hardware, software, or a combination of hardware and software. Such software, for example, whether erasable or rewritable, may be a volatile or nonvolatile storage device such as a storage device such as ROM, or a memory such as, for example, a RAM, memory chip, device or integrated circuit, or For example, it may be optically or magnetically recordable, such as a compact disk (CD), DVD, magnetic disk, or magnetic tape, and stored in a storage medium that can be read by a machine (for example, a computer). The method according to various embodiments of the present invention may be implemented by a computer or a portable terminal including a control unit (control modules 111 and 121) and a memory, and such a memory is used to provide instructions for implementing the embodiments of the present invention. It will be appreciated that this is an example of a machine-readable storage medium suitable for storing a program or programs to be included.

Accordingly, the present invention includes a program including a code for implementing the apparatus or method described in the claims of the present specification, and a storage medium readable by a machine (such as a computer) storing such a program. Further, such a program may be transferred electronically through any medium, such as a communication signal transmitted through a wired or wireless connection, and the present invention suitably includes equivalents thereto.

The embodiments of the present invention disclosed in the present specification and drawings are merely provided for specific examples to easily explain the technical content of the present invention and to aid understanding of the present invention, and are not intended to limit the scope of the present invention. In addition, the embodiments according to the present invention described above are merely exemplary, and those of ordinary skill in the art will understand that various modifications and equivalent ranges of embodiments are possible therefrom. Therefore, the true technical protection scope of the present invention should be determined by the following claims.

Claims (1)

In the artificial intelligence system for authentication of information protection management system,
A terminal operated by a user, comprising: a user terminal running at least one of a website and a mobile app for authentication of the information protection management system; And
A central server for operating the website and mobile app; Including,
The central server,
Generates first question information about hardware, second question information about software, third question information about network, fourth question information about employee, fifth question information about location, and 6th question information about management agency. Control to output through at least one of the website and mobile app executed on the user terminal,
First response information of the user to the first question information, second response information of the user to the second question information, third response information of the user to the third question information, and the fourth question information Control to receive from the user terminal the user's fourth response information to, the user's fifth response information to the fifth question information, and the user's sixth response information to the sixth question information,
Learning the artificial intelligence network of the central server based on the first response information to the sixth response information,
Using the learned artificial intelligence network, based on the first response information to the sixth response information, by generating information on the risk management level, at least one of the website and the mobile app running on the user terminal It characterized in that it is controlled to output through,
The information on the risk management level includes information on the risk management level, information on a first risk level corresponding to management security, and information on a second risk level corresponding to technology security,
The central server,
Generates first vulnerability information based on the first response information, generates second vulnerability information based on the second response information, generates third vulnerability information based on the third response information, and generates the third vulnerability information. 4 Generates fourth vulnerability information based on response information, generates fifth vulnerability information based on the fifth response information, and generates sixth vulnerability information based on the sixth response information, The information includes the first vulnerability information to the sixth vulnerability information,
Evaluating an evaluation value for each of the first vulnerability information to the sixth vulnerability information, the evaluation value is expressed as any one of 1 to 10,
Identify the lowest evaluation value among the evaluation values for each of the first vulnerability information to the sixth vulnerability information,
Set any one of the hardware, software, network, staff, location, or management organization corresponding to the lowest evaluation value above as the most vulnerable sector,
Diagnostic analysis information is generated based on the lowest evaluation value and the largest vulnerable sector, wherein the diagnostic analysis information includes information indicating a measure for the largest vulnerable sector and a minimum time required for the measure,
Generate and output at least one of information on confidentiality, information on integrity, and information on availability based on the first response information to the sixth response information,
The first service includes a service for remotely controlling the user terminal by a professional consultant for authentication of the information protection management system, and is a service related to the software,
The second service includes the process of requesting a business trip to the user's workplace to a professional consultant for certification of the information protection management system, and the service provided to the user within a predetermined period and the service provided beyond the predetermined period. Including,
The third service includes a process of requesting a business trip to the user's workplace to a professional consultant for authentication of the information protection management system, and is a service provided to the user only within the predetermined period,
The central server,
Identify the first point in time indicating the audit date of the first certification examination requested by the user,
When the remaining period from the current point in time to the first point in time is longer than the minimum time required for the action, the diagnostic analysis information is controlled to be output through the user terminal,
If the remaining period from the current point in time to the first point in time is less than the minimum time required for the action, the information on the first service to the third service and a second certification examination having a spare period longer than the minimum time required for the action Generates information proposing to be controlled to be output through the user terminal,
Control to provide the first service when a period remaining from the current point in time to the first point in time is lower than a first period threshold and an evaluation value corresponding to the second vulnerability information on the software is lower than a first numerical threshold, and ,
When the remaining period from the current point in time to the first point in time is lower than a second period threshold, and any one of evaluation values corresponding to each of the first vulnerability information to the sixth vulnerability information is lower than a second numerical threshold value, the second 2 control to provide services,
When the remaining period from the current point in time to the first point in time is lower than a third period threshold, and any one of the evaluation values corresponding to each of the first vulnerability information to the sixth vulnerability information is lower than a third numerical threshold value, the first 3 characterized in that it controls to provide a service,
The third period threshold indicates a period lower than the second period threshold, the second period threshold indicates a period lower than the first period threshold,
The third numerical threshold value represents a value lower than the second numerical threshold value, and the second numerical threshold value represents a value lower than the first numerical threshold value,
Artificial intelligence system for authentication of information security management system.

Images