KR102685837B1 - Information Security Work Management System - Google Patents

Abstract

According to one embodiment, in an information security work management system, a solution including a server for providing an information security management status evaluation solution service is provided.

Description

Information Security Work Management System

The present invention relates to technology for providing an information security management status assessment solution system.

The number of cases of cyber security damage to domestic public institutions is increasing every year. In recent years, various cyber attacks targeting public institutions have occurred, including the DDOS (distributed denial of service) attack that occurred in 2007.

Reflecting this situation, domestic public institutions are conducting regular information security management status assessments to strengthen their management and response capabilities for information security. Information security management status assessment is the process of evaluating an organization's information security system, policies, procedures, technology, and human resources to identify the current security status and derive ways to improve it.

Information security management status assessments are conducted by external organizations or professional evaluation teams, and the evaluation targets mainly include various areas such as security policies and procedures, network and system protection, access control, data protection, threat detection and response, and security training and awareness. do. Through this, organizations can determine their current security level and vulnerabilities, strengthen their security policies and procedures, and receive guidance to take appropriate security responses.

As the need for information security management status assessment gradually increases, there is an urgent need to secure the efficiency of information security management status assessment. The evaluation results may vary depending on the expertise and ability of the evaluator performing the information security management status assessment, so the evaluation results may vary. Technology with guaranteed reliability is required.

Korean Patent No. 10-1850095 Korean Patent No. 10-1436741 Korean Patent Publication No. 10-2019-0066547 Korean Patent No. 10-0740682

According to one embodiment, the purpose of the information security management status assessment solution system is to provide a system including a server for providing an information security management status assessment solution service.

In addition, the information security management status evaluation solution system links compliance management solution, history management solution, system management solution, and security work management solution, and the server operates the website and records past compliance inspection results and cases of violation of regulations. Evaluation to improve the information security management actual status evaluation by inputting the current compliance status history data into an artificial intelligence model that has been pre-trained with compliance status history data, including the history of actions implemented in the past, as learning data. When improvement measures are obtained and the security officer's terminal is connected through the website, a dashboard is provided according to the account information, and personal UI/UX is provided according to the account information, and the dashboard is used for compliance management linked to the above. Based on data acquired through solutions, history management solutions, system management solutions, and security work management solutions, information asset status, information security management status evaluation status, compliance status, compliance score, compliance management, compliance analysis data, evaluation improvement measures , Provides one or more of change history tracking data, history inquiry, history analysis data, change history data, system performance monitoring, log analysis data, vulnerability management data, system failure data, security event monitoring, and vulnerability management data in a simple widget format. And, the server provides a dashboard customization function to the website, wherein the dashboard customization function includes adjusting the size and position of widgets constituting the dashboard, adding and deleting widgets, and changing the dashboard color. Includes, when dashboard customization is completed through the security officer terminal, the changed dashboard settings are saved in the security officer account information, and a status evaluation management menu selected through the security officer terminal is provided on the website, The status evaluation management menu includes an evaluation creation menu to set the targets and items for information security management status evaluation, an evaluation management menu to designate an evaluation person in charge and manage the evaluation schedule and progress, and an evaluation result to register the evaluation progress results. Registration menu, evaluation result confirmation menu to check evaluation results, final evaluation result registration and confirmation menu to register, add up and search scores for all evaluation items, evaluation result comparison menu to check changes in evaluation results, compliance regulations and a compliance management menu that manages policy data, compliance status history data, and a compliance score calculation method, and when one of the status evaluation management menus is selected through the security officer terminal, a menu is displayed on the security officer terminal according to the selected menu. A system that provides an interface can be provided.

And the server provides the website with a report generation menu selected through the security officer terminal, wherein the report generation menu provides a compliance report including a compliance status score, a history inquiry including system change history and access history. Report, change history tracking report that tracks system change history and includes data related to changes, history analysis report that includes analysis of system history data, system performance evaluation report that includes system performance and resource usage status, analyzes system log data It includes a log analysis report containing the results, a vulnerability management report containing security target vulnerabilities and vulnerability management, resolution status and vulnerability severity, and a security event monitoring report containing security events occurring in the system, and can be sent through the security officer terminal. When one of the report generation menus is selected, a system can be provided that generates the selected report in a spreadsheet file or portable document format and provides it to the security officer terminal.

Additionally, the artificial intelligence model may provide a system based on Long Short-Term Memory (LSTM) or Gated Recurrent Unit (GRU).

Finally, the server calculates the compliance status score included in the compliance report based on [Equation 1],

[Equation 1]

The Score is the compliance status score, N _m is the number of evaluation improvement measures implemented, N _s is the number of security training implementations, T _i is the time taken to implement the ith evaluation improvement measure, and N _c is the compliance violation. A manual system can be provided.

As described above, by providing the information security management status assessment solution system according to the present invention, multiple solutions can be linked, evaluation improvement measures for improving the information security management status assessment can be obtained, and an account on the website can be obtained. It can provide information security-related dashboards and dashboard customization functions according to the information, and can provide an interface according to the status assessment management menu selected through the security manager terminal, and has the effect of generating information security-related reports. there is.

The object of the present invention is not limited to the object mentioned above, and other objects not mentioned can be clearly understood from the description below.

According to one embodiment, in the information security management status assessment solution system, a system including a server for providing an information security management status assessment solution service is provided.

In addition, the information security management status evaluation solution system links compliance management solution, history management solution, system management solution, and security work management solution, and the server operates the website and records past compliance inspection results and cases of violation of regulations. Evaluation to improve the information security management actual status evaluation by inputting the current compliance status history data into an artificial intelligence model that has been pre-trained with compliance status history data, including the history of actions implemented in the past, as learning data. When improvement measures are obtained and the security officer's terminal is connected through the website, a dashboard is provided according to the account information, and personal UI/UX is provided according to the account information, and the dashboard is used for compliance management linked to the above. Based on data acquired through solutions, history management solutions, system management solutions, and security business management solutions, information asset status, information security management status evaluation status, compliance status, compliance score, compliance management, compliance analysis data, and evaluation improvement measures. , Provides one or more of change history tracking data, history inquiry, history analysis data, change history data, system performance monitoring, log analysis data, vulnerability management data, system failure data, security event monitoring, and vulnerability management data in a simple widget format. And, the server provides a dashboard customization function to the website, wherein the dashboard customization function includes adjusting the size and position of widgets constituting the dashboard, adding and deleting widgets, and changing the dashboard color. Includes, when dashboard customization is completed through the security officer terminal, the changed dashboard settings are saved in the security officer account information, and a status evaluation management menu selected through the security officer terminal is provided on the website, The status evaluation management menu includes an evaluation creation menu to set the targets and items for information security management status evaluation, an evaluation management menu to designate an evaluation person in charge and manage the evaluation schedule and progress, and an evaluation result to register the evaluation progress results. Registration menu, evaluation result confirmation menu to check evaluation results, final evaluation result registration and confirmation menu to register, add up and search scores for all evaluation items, evaluation result comparison menu to check changes in evaluation results, compliance regulations and a compliance management menu that manages policy data, compliance status history data, and a compliance score calculation method, and when one of the status evaluation management menus is selected through the security officer terminal, a menu is displayed on the security officer terminal according to the selected menu. An interface can be provided.

And the server provides the website with a report generation menu selected through the security officer terminal, wherein the report generation menu provides a compliance report including a compliance status score, a history inquiry including system change history and access history. Report, change history tracking report that tracks system change history and includes data related to changes, history analysis report that includes analysis of system history data, system performance evaluation report that includes system performance and resource usage status, analyzes system log data It includes a log analysis report containing the results, a vulnerability management report containing security target vulnerabilities and vulnerability management, resolution status and vulnerability severity, and a security event monitoring report containing security events occurring in the system, and can be sent through the security officer terminal. When one of the report creation menus is selected, the selected report can be generated in a spreadsheet file or portable document format and provided to the security officer terminal.

Additionally, the artificial intelligence model may be based on Long Short-Term Memory (LSTM) or Gated Recurrent Unit (GRU).

Finally, the server calculates the compliance status score included in the compliance report based on [Equation 1],

[Equation 1]

The Score is the compliance status score, N _m is the number of evaluation improvement measures implemented, N _s is the number of security training implementations, T _i is the time taken to implement the ith evaluation improvement measure, and N _c is the compliance violation. It can represent numbers.

According to one embodiment, by providing an information security management status evaluation solution system according to the present invention, there is an effect of linking a plurality of solutions.

In addition, artificial intelligence technology can be used to obtain evaluation improvement measures to improve the information security management status evaluation.

Additionally, the website can provide information security-related dashboards and dashboard customization functions according to account information.

In addition, an interface according to the selected status evaluation management menu can be provided through the security manager terminal.

Additionally, it has the effect of generating reports related to information security.

Meanwhile, the effects according to the embodiments are not limited to those mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the description below.

Figure 1 is a conceptual diagram schematically showing the configuration of an information security management status assessment solution system according to an embodiment.
Figure 2 is a flowchart for explaining the operation process of the information security management status assessment solution system according to an embodiment.
Figure 3 is a diagram for explaining the process of generating an information security-related report according to an embodiment.
Figure 4 is a diagram for explaining a process of providing a security task management menu and interface according to an embodiment.

Hereinafter, embodiments will be described in detail with reference to the attached drawings. However, various changes can be made to the embodiments, so the scope of the patent application is not limited or limited by these embodiments. It should be understood that all changes, equivalents, or substitutes for the embodiments are included in the scope of rights.

Specific structural or functional descriptions of the embodiments are disclosed for illustrative purposes only and may be modified and implemented in various forms. Accordingly, the embodiments are not limited to the specific disclosed form, and the scope of the present specification includes changes, equivalents, or substitutes included in the technical spirit.

Terms such as first or second may be used to describe various components, but these terms should be interpreted only for the purpose of distinguishing one component from another component. For example, a first component may be named a second component, and similarly, the second component may also be named a first component.

When a component is referred to as being “connected” to another component, it should be understood that it may be directly connected or connected to the other component, but that other components may exist in between.

The terms used in the examples are for descriptive purposes only and should not be construed as limiting. Singular expressions include plural expressions unless the context clearly dictates otherwise. In this specification, terms such as “comprise” or “have” are intended to designate the presence of features, numbers, steps, operations, components, parts, or combinations thereof described in the specification, but are not intended to indicate the presence of one or more other features. It should be understood that it does not exclude in advance the possibility of the existence or addition of elements, numbers, steps, operations, components, parts, or combinations thereof.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as generally understood by a person of ordinary skill in the technical field to which the embodiments belong. Terms defined in commonly used dictionaries should be interpreted as having a meaning consistent with the meaning in the context of the related technology, and should not be interpreted in an ideal or excessively formal sense unless explicitly defined in the present application. No.

In addition, when describing with reference to the accompanying drawings, identical components will be assigned the same reference numerals regardless of the reference numerals, and overlapping descriptions thereof will be omitted. In describing the embodiments, if it is determined that detailed descriptions of related known technologies may unnecessarily obscure the gist of the embodiments, the detailed descriptions are omitted.

Embodiments may be implemented in various types of products such as personal computers, laptop computers, tablet computers, smart phones, televisions, smart home appliances, intelligent vehicles, kiosks, and wearable devices.

Figure 1 is a conceptual diagram schematically showing the configuration of an information security management status assessment solution system according to an embodiment, and Figure 2 is a flowchart for explaining the operation process of an information security management status assessment solution system according to an embodiment. 3 is a diagram illustrating a process for generating an information security-related report according to an embodiment, and FIG. 4 is a diagram illustrating a process for providing a security work management menu and interface according to an embodiment.

As an example, referring to FIG. 1, the information security management status assessment solution system may include a server 100 for providing an information security management status assessment solution service.

The server 100 can provide various functions of the information security management status assessment solution system required through the security officer terminal, and can store and manage data generated in the information security management status assessment solution system. Additionally, personalized UI/UX can be provided for each security officer.

In addition, the server can support large amounts of data processing and parallel work through a scalable architecture and performance optimization to enable simultaneous work through multiple security officer terminals. To prevent data loss, it can also support backup and recovery of key data.

The server can exchange data with multiple security officer terminals through the network.

Referring to FIG. 2, as an example, in step S201, the information security management status evaluation solution system according to the present invention may link a compliance management solution, a history management solution, a system management solution, and a security work management solution. This makes it possible to provide comprehensive security management services to security personnel.

Additionally, in step S202, the server can operate the website.

In step S203, the server transfers compliance status history data, including past compliance inspection results and rule violation cases, and action history data, including past implemented action details, to an artificial intelligence model that has been previously trained as learning data, and the current compliance status history data. By entering , you can obtain evaluation improvement measures to improve the information security management status evaluation.

The input variable of the artificial intelligence model may be compliance status history data, and the output variable may be action history data. By inputting current compliance status history data into the pre-trained artificial intelligence model, appropriate improvement measures according to the status can be output.

To this end, we collect compliance status history data, including past compliance inspection results and cases of violation of regulations, and action history data, including past measures taken, and clean and format the collected data to fit the input format of the artificial intelligence model. , vectorization, etc. can be preprocessed, and an artificial intelligence model can be trained based on the preprocessed learning data.

Artificial intelligence models learn patterns in training data and can find similar patterns in training data based on input data. Next, the performance of the model can be evaluated by comparing the output data obtained through the pre-trained artificial intelligence model with the correct answer.

As an example, the artificial intelligence model may be based on Long Short-Term Memory (LSTM) or Gated Recurrent Unit (GRU).

Long Short-Term Memory (LSTM) and Gated Recurrent Unit (GRU) are variants of Recurrent Neural Network (RNN) with long-term and short-term memory used to process sequence data in artificial intelligence models, such as time series data. Dependencies of sequential data can be considered.

An artificial intelligence model based on LSTM can receive information security status history data as input and output evaluation improvement measures, considering the long-term dependency of sequence data. LSTM has a structure of input gate, deletion gate, cell state, and output gate, so it can maintain previous information, update necessary information, and determine output.

In addition, the LSTM-based artificial intelligence model can analyze information security management status assessments and predict improvement measures using various information such as past compliance inspection results and rule violation cases.

An artificial intelligence model based on GRU can use update gates and reset gates to update the previous state and calculate a new state by combining it with the current input. The GRU-based artificial intelligence model can receive information security status history data as input and output evaluation improvement measures. The GRU-based artificial intelligence model has the advantage of being faster than the LSTM-based artificial intelligence model because it has higher computational efficiency than the LSTM-based artificial intelligence model.

In step S204, when the security officer terminal is connected through the website, the server may provide a dashboard according to account information and personal UI/UX according to account information. Security personnel can add or delete dashboard components according to personal convenience.

The dashboard displays information asset status, information security management status evaluation status, compliance status, compliance score, Compliance management, compliance analysis data, evaluation improvement measures, change history tracking data, history inquiry, history analysis data, change history data, system performance monitoring, log analysis data, vulnerability management data, system failure data, security event monitoring, vulnerability management data Provide one or more of the following briefly in the form of a widget,

In step S205, the server provides a dashboard customization function to the website, wherein the dashboard customization function includes adjusting the size and position of widgets constituting the dashboard, adding and deleting widgets, and changing the dashboard color. may include.

Additionally, in step S206, when dashboard customization is completed through the security officer terminal, the server may store the changed dashboard settings in the security officer account information.

When providing a dashboard according to account information in step S204, dashboard settings saved in the account information can be loaded.

In one embodiment, in step S207, the server provides the website with a status evaluation management menu selected through a security manager terminal, wherein the status evaluation management menu sets targets and items for which information security management status evaluation is to be performed. evaluation creation menu for evaluation creation menu, evaluation management menu for designating evaluation personnel and managing evaluation schedule and progress, evaluation result registration menu for registering evaluation progress results, evaluation results confirmation menu for viewing evaluation results, and information on all evaluation items. Final evaluation result registration and confirmation menu that registers, adds up, and searches scores, evaluation result comparison menu to check changes in evaluation results, compliance management that manages compliance regulation and policy data, compliance status history data, and compliance score calculation method. Can include a menu.

When the evaluation result comparison menu is selected through the security manager's terminal, information displayed by visualizing past evaluation result data over time can be provided.

Finally, in step S208, when one of the status evaluation management menus is selected through the security officer terminal, the server may provide an interface according to the selected menu to the security officer terminal.

The interface according to the selected menu is an interface for setting the target and items for information security management status evaluation, an interface for designating an evaluation person and managing the evaluation schedule and progress, an interface for registering the evaluation progress results, and an interface for registering the evaluation results. Interface for searching, interface for registering, adding up, and searching scores for all evaluation items, interface for checking changes in evaluation results, managing compliance regulation and policy data, compliance status history data, and compliance score calculation method. May include an interface for

Referring to FIG. 3, in one embodiment, in step S301, the server may provide the website with a report creation menu selected through the security officer terminal.

The report creation menu includes a compliance report including compliance status scores, a history inquiry report including system change history and access history, a change history tracking report including data related to changes by tracking system change history, and system history data analysis. Historical analysis report including, system performance evaluation report including system performance and resource usage status, log analysis report including results of analyzing system log data, security target vulnerabilities and vulnerability management, resolution status and vulnerability severity. It can include a vulnerability management report that includes security events that occur in the system, and a security event monitoring report that includes security events that occurred in the system.

Additionally, in step S302, when one of the report generation menus is selected through the security officer terminal, the server may generate the selected report in a spreadsheet file or portable document format and provide it to the security officer terminal.

As an example, the server may calculate the compliance status score included in the compliance report based on [Equation 1].

[Equation 1]

The Score is the compliance status score, N _m is the number of evaluation improvement measures implemented, N _s is the number of security training implementations, T _i is the time taken to implement the ith evaluation improvement measure, and N _c is the compliance violation. It can represent numbers.

Compliance status scores can also be calculated by designated security officer or on a monthly basis. Compliance status scores can be calculated based on the number of evaluation improvement actions implemented in a given month, the number of security training implementations, the total time taken to implement evaluation improvement actions, and the number of compliance violations.

For example, the number of implementations of the evaluation improvement measures (N _m ) is 50, the number of implementations of the security training (N _s ) is 30, and the total sum of the time taken to implement the ith evaluation improvement measures (T _i ) is If it is 70 hours and the number of compliance violations (N _c ) is 60, the compliance status score (Score) may be 77 points.

As an example, the server may calculate the vulnerability severity included in the vulnerability management report based on [Equation 2].

[Equation 2]

The VS is the vulnerability severity, the D _v is the difference between the occurrence time of the vulnerability and the current time, the N _d is the total number of discovered vulnerabilities, and the N _a may be the number of systems affected by the vulnerability.

For example, the difference between the vulnerability occurrence time and the current time (D _v ) is 48 hours, the total number of discovered vulnerabilities (N _d ) is 10, and the number of systems affected by the vulnerability (N _a ) is 5. If so, the Vulnerability Severity (VS) may be 72.

If appropriate vulnerability remediation measures have been taken and the vulnerability has been improved, the vulnerability severity level may not be calculated.

Referring to FIG. 4, as an example, in step S401, the server provides the website with a security task management menu selected through a security officer terminal, wherein the security task management menu creates a task process and performs tasks. A business process management menu that sets priorities, a business monitoring menu that monitors work progress, tasks to assign to security personnel appropriate for security work, support collaboration, provide work sharing functions, and provide security work-related document sharing functions. It may include an assignment and collaboration support menu, a security task-related report generation menu, and an automation creation menu to automate security tasks with repetitive patterns.

Additionally, in step 402, when one of the security work management menus is selected through the security officer terminal, the server may provide an interface according to the selected menu to the security officer terminal.

By providing an information security management status assessment solution system according to the present invention, multiple solutions can be linked, and evaluation improvement measures for improving the information security management status assessment can be obtained using artificial intelligence technology. It can provide information security-related dashboards and dashboard customization functions according to account information, provide an interface according to the status assessment management menu selected through the security manager terminal, and generate information security-related reports. There is.

The embodiments described above may be implemented with hardware components, software components, and/or a combination of hardware components and software components. For example, the devices, methods, and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, and a field programmable gate (FPGA). It may be implemented using one or more general-purpose or special-purpose computers, such as an array, programmable logic unit (PLU), microprocessor, or any other device capable of executing and responding to instructions. A processing device may execute an operating system (OS) and one or more software applications that run on the operating system. Additionally, a processing device may access, store, manipulate, process, and generate data in response to the execution of software. For ease of understanding, a single processing device may be described as being used; however, those skilled in the art will understand that a processing device includes multiple processing elements and/or multiple types of processing elements. It can be seen that it may include. For example, a processing device may include a plurality of processors or one processor and one controller. Additionally, other processing configurations, such as parallel processors, are possible.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded on a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, etc., singly or in combination. Program instructions recorded on the medium may be specially designed and configured for the embodiment or may be known and available to those skilled in the art of computer software. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs and DVDs, and magnetic media such as floptical disks. -Includes optical media (magneto-optical media) and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, etc. Examples of program instructions include machine language code, such as that produced by a compiler, as well as high-level language code that can be executed by a computer using an interpreter, etc. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Software may include a computer program, code, instructions, or a combination of one or more of these, which may configure a processing unit to operate as desired, or may be processed independently or collectively. You can command the device. Software and/or data may be used on any type of machine, component, physical device, virtual equipment, computer storage medium or device to be interpreted by or to provide instructions or data to a processing device. , or may be permanently or temporarily embodied in a transmitted signal wave. Software may be distributed over networked computer systems and stored or executed in a distributed manner. Software and data may be stored on one or more computer-readable recording media.

Although the embodiments have been described with limited drawings as described above, those skilled in the art can apply various technical modifications and variations based on the above. For example, the described techniques are performed in a different order than the described method, and/or components of the described system, structure, device, circuit, etc. are combined or combined in a different form than the described method, or other components are used. Alternatively, appropriate results may be achieved even if substituted or substituted by an equivalent.

Therefore, other implementations, other embodiments, and equivalents of the claims also fall within the scope of the following claims.

100: Server

Claims (2)

In the information security business management system,
Includes a server to provide information security management status assessment solution services,
The information security business management system is,
Links compliance management solution, history management solution, system management solution, and security work management solution,
The server is,
operate the website,
Compliance status history data, including past compliance inspection results and cases of violation of regulations, and action history data, including past actions taken, are input into an artificial intelligence model that has been pre-trained as learning data to generate information. Obtain evaluation improvement measures to improve security management status evaluation,
When the security officer's terminal is accessed through the above website, a dashboard is provided according to the account information, and personal UI/UX is provided according to the account information.
The dashboard is,
Based on the data acquired through the above-linked compliance management solution, history management solution, system management solution, and security work management solution, information asset status, information security management status evaluation status, compliance status, compliance score, compliance management, and compliance analysis Briefly describe one or more of data, evaluation improvement measures, change history tracking data, history inquiry, history analysis data, change history data, system performance monitoring, log analysis data, vulnerability management data, system failure data, security event monitoring, and vulnerability management data. Provided in the form of a widget,
The server is,
A dashboard customization function is provided to the website, wherein the dashboard customization function includes the ability to adjust the size and position of widgets constituting the dashboard, add and delete widgets, and change the dashboard color,
Once dashboard customization is completed through the security officer terminal, the changed dashboard settings are saved in the security officer account information.
The website provides a status evaluation management menu selected through the security manager terminal, and the status evaluation management menu includes an evaluation creation menu for setting targets and items for information security management status evaluation, designation of an evaluation person, and evaluation. Evaluation management menu to manage schedule and progress, evaluation result registration menu to register evaluation progress results, evaluation result check menu to check evaluation results, final evaluation to register, add up, and view scores for all evaluation items. It includes a result registration and confirmation menu, an evaluation result comparison menu to check changes in evaluation results, a compliance management menu that manages compliance regulations and policy data, compliance status history data, and a compliance score calculation method,
When one of the status evaluation management menus is selected through the security officer terminal, an interface according to the selected menu is provided to the security officer terminal,
The server is,
The website provides a report creation menu selected through the security officer terminal, and the report creation menu includes a compliance report including compliance status scores, a history inquiry report including system change history and access history, and system change history. A change history tracking report that includes change-related data, a history analysis report that includes analysis of system history data, a system performance evaluation report that includes system performance and resource usage status, and a report that includes results of analyzing system log data. Contains a log analysis report, a vulnerability management report including vulnerability management of security targets, vulnerability management, resolution status, and vulnerability severity, and a security event monitoring report including security events occurring in the system;
When one of the report generation menus is selected through the security officer terminal, the selected report is generated in a spreadsheet file or portable document format and provided to the security officer terminal,
The artificial intelligence model is,
Based on LSTM (Long Short-Term Memory) or GRU (Gated Recurrent Unit),
The server is,
The compliance status score included in the compliance report is calculated based on [Equation 1],
[Equation 1]

The Score is the compliance status score, N _m is the number of evaluation improvement measures implemented, N _s is the number of security training implementations, T _i is the time taken to implement the ith evaluation improvement measure, and N _c is the compliance violation. It's a number,
The compliance status score is used to evaluate the improvement of the information security management status evaluation by using the number derived by inserting the number excluding each standard unit of the Nm, the N _s, the T _i and the N _c as the score. ,
The server is,
The vulnerability severity included in the vulnerability management report is calculated based on [Equation 2],
[Equation 2]

The VS is the vulnerability severity, the D _v is the difference between the occurrence time of the vulnerability and the current time, the N _d is the total number of discovered vulnerabilities, and the N _a is the number of systems affected by the vulnerability,
The vulnerability severity is used to evaluate the improvement of the information security management status evaluation by using as a score a value derived by inserting only the numbers excluding the respective standard units of the D _v , the N _d , and the N _a ,
The website provides a security work management menu selected through the security officer terminal, and the security work management menu includes a work process management menu for creating work processes and setting work priorities, and a work process management menu for monitoring work progress. Work monitoring menu, work assignment and collaboration support menu to assign to security personnel suitable for security work, support collaboration, provide work sharing function, and provide security work-related document sharing function, security work-related report generation menu, and repetitive patterns A system comprising an automation creation menu for automating security tasks. delete