CN103581155A - Information security situation analysis method and system - Google Patents
Information security situation analysis method and system Download PDFInfo
- Publication number
- CN103581155A CN103581155A CN201210282254.8A CN201210282254A CN103581155A CN 103581155 A CN103581155 A CN 103581155A CN 201210282254 A CN201210282254 A CN 201210282254A CN 103581155 A CN103581155 A CN 103581155A
- Authority
- CN
- China
- Prior art keywords
- index
- rate
- crucial
- weight
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an information security situation analysis method and system, and relates to the technical field of network and information security. The information security situation analysis method and system achieve the aim of effective information security management. The information security situation analysis method comprises the steps that first-level, second-level and third-level key evaluation indexes are determined according to the KPI method; the weight of each key evaluation index in the first-level, second-level and third-level key evaluation indexes is determined according to the AHP method; a key evaluation index system is constructed according to the first-level, second-level and third-level key evaluation indexes and the weight of each key evaluation index; data is collected, and information security situation is analyzed according to the key evaluation index system. According to the technical scheme, the information security situation analysis method and system are applied to network information security, and achieve analysis and management of information security.
Description
Technical field
The present invention relates to network and information safe practice field, be specifically related to a kind of information security Situation analysis method and system in TCP/IP network.
Background technology
At present, along with the fast development of Internet and network application, network becomes people's indispensable part in work, living and studying gradually, simultaneously, because network security problem becomes, be on the rise, people are more and more urgent and strong to the security requirement of information in network.Current, on Market of Information Safety Product, although the safety information products such as fire compartment wall, intrusion detection and anti-virus can provide certain security assurance information, don't you but to people, bring the confidence to information security usefulness, in order to solve two problems of the information security that people are concerned about: information system is safety whether? does is the safe coefficient of information system how many?
In order effectively to carry out information security management, people have proposed information security tolerance, security measure is by continuing to collect the security effectiveness of measurand within a period of time, according to assessment indicator system, carry out A+E, the security strategy of having implemented with checking and the consistent degree of Security Target, the security effectiveness rank that can reach, and take measures on customs clearance information security is carried out to Continual Improvement.
Summary of the invention
The invention provides a kind of information security Situation analysis method and system, solved and effectively carried out the problem of information security management.
A Situation analysis method, comprising:
According to KPI Key Performance Indicator method (KPI method), determine one-level, secondary and three grades of crucial evaluation indexes;
According to Hierarchy Analysis Method (AHP method), determine the weight of each crucial evaluation index in described one-level, secondary and three grades of crucial evaluation indexes;
Weight according to described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, builds crucial assessment indicator system;
Image data, according to described crucial assessment indicator system, analytical information security postures.
Preferably, describedly according to KPI method, determine that one-level, secondary and three grades of crucial evaluation indexes comprise:
According to KPI method, choose total security postures index as the crucial evaluation index of one-level;
Decompose described total security postures index, choose network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index as the crucial evaluation index of secondary;
Decompose the crucial evaluation index of described secondary, obtain three grades of crucial evaluation indexes;
According to KPI method, examine respectively described one-level, secondary and three grades of crucial evaluation indexes;
When needs are revised described one-level, secondary and three grades of crucial evaluation indexes, revise, do not needing to export described one-level, secondary and three grades of crucial evaluation indexes when revising.
Preferably, the crucial evaluation index of secondary described in described decomposition, obtain three grades of crucial evaluation indexes and comprise:
The crucial evaluation index of following son of choosing described network safety situation index is as three grades of crucial evaluation indexes:
Network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation are attacked blocking-up rate; With,
The crucial evaluation index of following son of choosing described Host Security situation index is as three grades of crucial evaluation indexes:
Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rates, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rate; With,
The crucial evaluation index of following son of choosing described terminal security situation index is as three grades of crucial evaluation indexes:
Terminal management software installation rate, terminal illegally access index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus cannot clearance rate, terminal patches upgrades compliance rate, terminal Trojan back door activity recall rate; With,
The crucial evaluation index of following son of choosing described application safety situation index is as three grades of crucial evaluation indexes:
PKIX (PKI) system registry rate, electronic document encryption software installation rate; With
Choose this sub crucial evaluation index of violation content recall rate of described data security situation index as three grades of crucial evaluation indexes.
Preferably, the information of the crucial evaluation index of described one-level and the crucial evaluation index of secondary comprises: index name, index description, unit of measurement, tolerance frequency, index weights, index value and computing time.
Preferably, describedly according to AHP method, determine that the weight of each crucial evaluation index in described one-level, secondary and three grades of crucial evaluation indexes comprises:
The weight of determining the total security postures of the crucial evaluation index of one-level is 100 minutes;
According to AHP method, compare the relative importance between the crucial evaluation index of secondary, and determine the weight of the crucial evaluation index of each secondary, the weight of the crucial evaluation index of described secondary is as follows:
The weight of described network safety situation index is 20%, the weight of described Host Security situation index is 30%, the weight of described terminal security situation index is 30%, and the weight of described application safety situation index is 10%, and the weight of described data security situation index is 10%;
According to AHP method, compare the relative importance between three grades of crucial evaluation indexes, and determine the weight of each three grades of crucial evaluation indexes, the weight of described three grades of crucial evaluation indexes is as follows:
The weight of described network equipment security monitoring coverage rate is 25 minutes, the weight of described network equipment security baseline coincidence rate is 25 minutes, the weight of described network equipment excessive risk leak recall rate is 25 minutes, the weight that described Internet exportation is attacked blocking-up rate is 25 minutes, the weight of described Host Security monitoring coverage percentage is 20 minutes, described host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate weight be 10 minutes, the weight of described main frame excessive risk leak recall rate is 15 minutes, the weight of described main frame open service port leak recall rate is 10 minutes, the weight of described main frame wooden horse back door activity recall rate is 15 minutes, the weight of described terminal management software installation rate is 20 minutes, the initial weight that described terminal illegally accesses index is 10 minutes, the weight of described terminal anti-virus software installation rate is 20 minutes, the weight of described terminal virus base turnover rate is 15 minutes, described terminal virus cannot clearance rate weight be 10 minutes, the weight that described terminal patches upgrades compliance rate is 10 minutes, the weight of described terminal Trojan back door activity recall rate is 15 minutes, the weight of described PKI system registry rate is 50 minutes, the weight of described electronic document encryption software installation rate is 50 minutes, the weight of described violation content recall rate is 100 minutes, wherein, the weight that described terminal illegally accesses desired value can reduce 2 until be kept to 0 when occurring that a terminal illegally accesses,
According to AHP, examine the weight of each one-level, secondary and three grades of crucial evaluation indexes in accordance with the law, when needs are revised, revise, do not needing to export described one-level, secondary and three grades of crucial evaluation index weights when revising.
Preferably, described according to the weight of described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, build crucial assessment indicator system and comprise:
The computational methods of determining each three grades of crucial evaluation index values, described computational methods are as follows:
The Data Source of described network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described network equipment excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source that described Internet exportation is attacked blocking-up rate index is the network log that is deployed in the safety protection equipment of Internet exportation, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, and the attack that is public network IP according to source address invasion class and information are spied with the cumulative number of malicious code class security incident and calculated according to following formula
The Data Source of described Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Described Windows main frame virus cannot clearance rate index Data Source be Network anti-virus system, tolerance frequency be month season or year, linear module is percentage, its computational methods are according to following formula, to calculate adding up within the scope of the fixed time
The Data Source of described main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency be month or season, year, and linear module is percentage, and its computational methods are to add up within the scope of the fixed time
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season or year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described main frame wooden horse back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section destination address is that outer net address style is that information is spied the worm/malicious code class/spyware event number with malicious code class, according to following formula, calculate
The Data Source of described terminal management software installation rate index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source that described terminal illegally accesses index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is number of times, and its computational methods are within the statistics fixed time, illegally access the cumulative number of Intranet event.
The Data Source of described terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described terminal virus base turnover rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Described terminal virus cannot clearance rate index Data Source be Network anti-virus system and terminal management system, tolerance frequency be month season or year, linear module is percentage, its computational methods are according to following formula, to calculate adding up within the scope of the fixed time
The Data Source that described terminal patches upgrades compliance rate index is Terminal Security Management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described terminal Trojan back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section destination address is that outer net address style is that information is spied the terminal quantity with worm/malicious code class/spyware event of malicious code class, according to following formula, calculate
The Data Source of described PKI system registry rate index is PKI management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described electronic document encryption software installation rate index is electronic document encryption system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described violation content recall rate index is internet behavior auditing system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Determine the relation of the crucial evaluation index of each three grades of crucial evaluation indexes and each secondary, the relation of the crucial evaluation index value of described each three grades of crucial evaluation index values and each secondary is as follows:
The relation of described network safety situation index and three grades of crucial evaluation indexes is as following formula
Network safety situation index (100 minutes)=network equipment security monitoring coverage rate * 25 minute+network equipment security baseline coincidence rate * 25 minute+(1-network equipment excessive risk leak recall rate) * 25 minutes+Internet exportation is attacked blocking-up rate * 25 minute,
The relation of described Host Security situation index and three grades of crucial evaluation indexes is as following formula
Host Security situation index (100 minutes)=Host Security monitoring coverage percentage * 20 minute+host antivirus software software installation rate * 20 minute+main frame virus base turnover rate * 15 minute+(1-main frame virus cannot clearance rate) * 10 minutes+(1-main frame excessive risk leak recall rate) * 15 minutes+(1-main frame open service port leak recall rate) * 10 minutes+(1-main frame wooden horse back door activity recall rate) * 15 minutes
The relation of described terminal security situation index and three grades of crucial evaluation indexes is as following formula
Terminal security situation index (100 minutes)=terminal management software installation rate * 20 minute+(terminal illegally accesses index and occurs buckleing for 1 time 2 minutes, total points 10 minutes, till having detained)+terminal anti-virus software installation rate * 20 minute+terminal virus base turnover rate * 15 minute+terminal virus cannot clearance rate * 10 minute+and terminal patches upgrades compliance rate * 10 minute+(1-terminal Trojan back door activity recall rate) * 15 minutes
The relation of described application safety situation index and three grades of crucial evaluation indexes is as following formula
Application safety situation index (100 minutes)=PKI system registry rate * 50 minute+electronic document encryption software installation rate * 50 minute,
The relation of described data security situation index and three grades of crucial evaluation indexes is as following formula
Data security situation index (100 minutes)=violation content recall rate * 100 minute;
Determine the relation of the crucial evaluation index value of each secondary and one-level key evaluation index value, this relation is as following formula:
Overall safety situation index (100 minutes)=network safety situation index * 20%+ Host Security situation index * 30%+ terminal security situation index * 30%+ application safety situation index * 10%+ data security situation index * 10%.
Preferably, described image data, according to described crucial assessment indicator system, after the step of analytical information security postures, also comprises:
By external display device, export the result of analytical information security postures.
The present invention also provides a kind of information security Study on Trend system, comprising:
Index is chosen module, for determine one-level, secondary and three grades of crucial evaluation indexes according to KPI method;
Weight computation module, for determining the weight of described one-level, secondary and three grades of crucial each crucial evaluation indexes of evaluation index according to AHP method;
System management module, for according to the weight of described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, builds crucial assessment indicator system;
Analysis evaluation module, for image data, according to the crucial assessment indicator system of described system management module structure, analytical information security postures.
Preferably, above-mentioned information security Study on Trend system also comprises:
Security postures display module, for exporting the result of analytical information security postures.
The invention provides a kind of information security Situation analysis method and system, according to KPI method, determine one-level, secondary and three grades of crucial evaluation indexes, according to AHP method, determine described one-level again, the weight of each crucial evaluation index in secondary and three grades of crucial evaluation indexes, then according to described one-level, the weight of secondary and three grades of crucial evaluation indexes and each crucial evaluation index, build crucial assessment indicator system, like this, just can be when this work of system image data, according to described crucial assessment indicator system, analytical information security postures, in the parameter while of considering to relate to information security comprehensively, with reference to the influence degree difference of each parameter, obtain the weight of each parameter, comprehensively comprehensively consider information security situation, solved and effectively carried out the problem of information security management.
Accompanying drawing explanation
Fig. 1 be in embodiments of the invention in TCP/IP network the networking schematic diagram of information security situation evaluation system;
Fig. 2 is the flow process of a kind of information security Situation analysis method of providing of embodiments of the invention one;
Fig. 3 is that in embodiments of the invention one, step 201 is carried out the flow chart that the crucial evaluation index of information security situation is chosen;
Fig. 4 is that in embodiments of the invention one, step 202 is carried out the definite flow chart of the crucial evaluation index weight of information security situation;
Fig. 5 is that in embodiments of the invention one, step 203 is carried out the schematic diagram that the crucial assessment indicator system of information security situation builds;
Fig. 6 is a kind of information security situation evaluation system structural representation that embodiments of the invention two provide;
Fig. 7 is the workflow diagram of embodiments of the invention two information security situation evaluation systems;
Fig. 8 is the structural representation of a kind of information security Study on Trend system of providing of embodiments of the invention three.
Embodiment
In order effectively to carry out information security management, embodiments of the invention provide a kind of information security Situation analysis method and system.Hereinafter in connection with accompanying drawing, embodiments of the invention are elaborated.It should be noted that, in the situation that not conflicting, the embodiment in the application and the feature in embodiment be combination in any mutually.
For the technical scheme better embodiments of the invention being provided describes, first KPI Key Performance Indicator method (Key Performance Indicator, KPI) and AHP method are introduced.
KPI is the basis of corporate strategy realization and performance management, the strategic objective of Shi Ba enterprise is decomposed into instrument that can operational objective, be to arrange, sample, calculate, analyze by the input of a certain flow process of enterprises, the key parameter of output, weigh a kind of target formula weight management method of flow process performance.KPI emphasizes " key ", and the Shi Dui enterprise that it is emphasized successfully has the aspect of material impact, and reflection can effectively affect the crucial driving factors of Value Creation.KPI index is set and must follows two principles, be i.e. SMART principle and " sixteen " principle.SMART principle is that requirement performance indicators must be (Relevant) of clear and definite (Specific), measurable (Measurable), attainable (Attainable), correlation and (Time-bound) that has the time limit.In the process of producing value of " sixteen " principle Ji Yige enterprise, exist the rule of " 20/80 ", 20% backbone cabal is created the value of enterprise 80%; And each employee with it " sixteen principles " applicable equally, 80% task is to be completed by 20% critical behavior.Therefore, must catch 20% critical behavior, it is analyzed and is weighed, so just can catch the emphasis of performance appraisal.
After KPI index is set up, the significance level of each index can be not identical, and the impact difference that real work is produced is larger, and this just need to utilize rational method to give each index corresponding weight, with more scientific the performance appraisal result that reflects.Analytic hierarchy process (AHP) (Analytic Hierarchy Process, AHP) be a kind of common method of setting target weight, it is qualitative question to be carried out to a kind of easy, the flexible and practical criteria decision-making method of quantitative analysis, its basic thought is that the integral body judgement that forms a plurality of element weights of challenge is changed into these elements are carried out to " comparing between two ", to determine the relative importance of factors in level, and then transfer to the judgement of sorting of the whole weight of these elements, the weight of finally establishing each element.
Utilization KPI information security situation crucial evaluation index and the weight thereof definite with AHP method can be consistent with Security Target, objective, accurate, can use percentage value or score value linear module to measure.The evaluation system of realizing in corresponding crucial assessment indicator system can truly reflect information security situation, and can effectively promote the improvement of safety guarantee work.
Below in conjunction with accompanying drawing, embodiments of the invention one are described.
Embodiments of the invention provide a kind of information security Situation analysis method, according to KPI method, choose the crucial evaluation index of information security situation, according to AHP method, determine crucial evaluation index weight, synthetic crucial assessment indicator system, manage crucial assessment indicator system, image data, analyzes, evaluates and show security postures, and in audit of information security platform, realized the evaluation system of information security situation, make it possible to objective, accurate, evaluation information security postures automatically and continuously.
In TCP/IP, the networking structure of information security situation evaluation system as shown in Figure 1.Wherein,
Local area network (LAN), comprises all collected object-based devices, wherein has the network equipment, Network Security Device, main frame and terminal.The network equipment comprises router and switch; Network Security Device comprises fire compartment wall, VPN, Network anti-virus system and intruding detection system etc.; Main frame comprises Web server, mail server and file server etc.; Terminal comprises personal computer and self-aided terminal.
Information security situation evaluation system, for the information security situation of assay local area network (LAN), for local area network (LAN) provides the information security situation of quantisation metric.Wherein crucial assessment indicator system management equipment completes the setting of crucial evaluation index and weight and the structure of crucial assessment indicator system, data acquisition equipment completes the collection of data, the A+E that assay equipment hits the target, situation presentation device completes information security situation to be shown, information bank equipment completes the storage of crucial assessment indicator system information and image data;
Internet, comprises router, can transmit and routing network traffic.
The embodiment of the present invention provides a kind of information security Situation analysis method, uses flow process that the method completes information security Study on Trend as shown in Figure 2, comprising:
With reference to the flow chart shown in Fig. 3, the flow process of choosing of the crucial evaluation index of information security situation is described in further detail, comprises the following steps:
Choose network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation and attack the crucial evaluation index of son that blocking-up rate is network safety situation index;
Choosing Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rate are the crucial evaluation index of son of Host Security situation index;
Choose terminal management software installation rate, terminal illegally access index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus cannot clearance rate, terminal patches upgrades compliance rate, activity recall rate in terminal Trojan back door is the crucial evaluation index of son of terminal security situation index;
Choosing PKI system registry rate, electronic document encryption software installation rate is the crucial evaluation index of son of application safety situation index;
Choosing content recall rate is in violation of rules and regulations the crucial evaluation index of son of data security situation index;
With reference to the flow chart shown in Fig. 4, to determining the flow process of crucial evaluation index weight, be described in further detail.Comprise the following steps:
The crucial evaluation index weight of table 1 secondary
| Index name | Index value | Index name | Index value |
| Network safety situation | 20% | Application safety situation | 10% |
| Host Security situation | 30% | Data security situation | 10% |
| Terminal security situation | 30% |
Three grades of crucial evaluation index weights of table 2
With reference to Fig. 5, the crucial assessment indicator system of information security situation in the embodiment of the present invention is elaborated:
Fig. 5 has carried out determining and having synthesized crucial assessment indicator system according to incidence relation to the crucial evaluation index of the information security situation in the embodiment of the present invention and weight thereof.The relation of relation, secondary and three grades of crucial evaluation indexes and the acquisition methods of three grades of crucial evaluation indexes of the crucial evaluation index of one-level and secondary have wherein been stipulated.Specific as follows:
1, the relation of the crucial evaluation index of one-level and secondary:
Overall safety situation index (100 minutes)=network safety situation index * 20%+ Host Security situation index * 30%+ terminal security situation index * 30%+ application safety situation index * 10%+ data security situation index * 10%.
2, the relation of the crucial evaluation index of secondary and three grades of crucial evaluation indexes:
Network safety situation index (100 minutes)=network equipment security monitoring coverage rate * 25 minute+network equipment security baseline coincidence rate * 25 minute+(1-network equipment excessive risk leak recall rate) * 25 minutes+Internet exportation is attacked blocking-up rate * 25 minute;
Host Security situation index (100 minutes)=Host Security monitoring coverage percentage * 20 minute+host antivirus software software installation rate * 20 minute+main frame virus base turnover rate * 15 minute+(1-main frame virus cannot clearance rate) * 10 minutes+(1-main frame excessive risk leak recall rate) * 15 minutes+(1-main frame open service port leak recall rate) * 10 minutes+(1-main frame wooden horse back door activity recall rate) * 15 minutes
Terminal security situation index (100 minutes)=terminal management software installation rate * 20 minute+(terminal illegally accesses index and occurs buckleing for 1 time 2 minutes, total points 10 minutes, till having detained)+terminal anti-virus software installation rate * 20 minute+terminal virus base turnover rate * 15 minute+terminal virus cannot clearance rate * 10 minute+and terminal patches upgrades compliance rate * 10 minute+(1-terminal Trojan back door activity recall rate) * 15 minutes;
Application safety situation index (100 minutes)=PKI system registry rate * 50 minute+electronic document encryption software installation rate * 50 minute;
Data security situation index (100 minutes)=violation content recall rate * 100 minute.
3, the computational methods of three grades of crucial evaluation indexes:
The Data Source of network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of network equipment excessive risk leak recall rate index is vulnerability scanning system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source that Internet exportation is attacked blocking-up rate index is the network log (fire compartment wall, IPS etc.) that is deployed in the safety protection equipment of Internet exportation, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are within the statistics fixed time, source address is that attack invasion class and the information of public network IP is spied and malicious code class security incident cumulative number, according to following formula, calculates:
The Data Source of Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time:
Main frame virus cannot clearance rate index Data Source be Network anti-virus system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate adding up within the scope of the fixed time:
The Data Source of main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of main frame wooden horse back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section, destination address are that outer net address, type are that information is spied the host number with worm/malicious code class/spyware event of malicious code class, according to following formula, calculate:
The Data Source of terminal management software installation rate index is terminal management system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source that terminal illegally accesses index is terminal management system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is number of times, its computational methods are within the statistics fixed time, illegally access the cumulative number of Intranet event;
The Data Source of terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of terminal virus base turnover rate index is Network anti-virus system and terminal management system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
Terminal virus cannot clearance rate index Data Source be Network anti-virus system and terminal management system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source that terminal patches upgrades compliance rate index is Terminal Security Management system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of terminal Trojan back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section, destination address are that outer net address, type are that information is spied the terminal quantity with worm/malicious code class/spyware event of malicious code class, according to following formula, calculate:
The Data Source of PKI system registry rate index is PKI management system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of electronic document encryption software installation rate index is electronic document encryption system, tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
The Data Source of content recall rate index is internet behavior auditing system in violation of rules and regulations, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season, year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time:
In this step, can, by the result of the equipment output analytical information security postures such as display or printer, this result be offered to user.
In the embodiment of the present invention, related main frame can be but be not limited to Windows main frame.
Below in conjunction with accompanying drawing, embodiments of the invention two are described.
The embodiment of the present invention provides a kind of information security situation evaluation system, and Fig. 6 is explained in detail information security situation evaluation system structure in the embodiment of the present invention:
Information security situation evaluation system comprises crucial assessment indicator system administration module, data acquisition module, analysis evaluation module, security postures display module and information bank.
Information bank comprises crucial assessment indicator system information bank, image data information bank;
Crucial assessment indicator system administration module comprises that crucial evaluation index arranges module, crucial evaluation index weight setting module and crucial assessment indicator system synthesis module.
In order to make those skilled in the art person understand better the present invention, below in conjunction with the flow chart shown in Fig. 7, the present invention is described in further detail.Comprise the following steps:
Step 701, the crucial assessment indicator system of configuration information security postures, be specially: information the synthetic crucial assessment indicator system of crucial evaluation index are set in crucial assessment indicator system administration module, and the information of crucial evaluation index comprises index name, index description, unit of measurement, tolerance frequency, index weights, index value and computing time;
Step 702, in data acquisition module according to the data collection cycle of setting, periodically gather daily record and the scanning information that comprises network security, Host Security, terminal security, application safety and data security, image data comprises image data title, image data description, image data numerical value, image data source and acquisition time;
Step 703, in A+E module, information security situation is carried out to A+E;
Step 704, in display module with figure and numerical value form real-time exhibition, or after generating report forms, show user.
Below by an application example, the above-mentioned flow process of Fig. 7 is described further.
For example:
Each achievement data in crucial assessment indicator system is as the explanation of Fig. 4, and the data that collected in 1 month are as listed in table 4.
The data list that table 4 collected in 1 month
According to computational methods, show that the value of three grades of crucial evaluation indexes is as listed in table 5.
Three grades of crucial evaluation index values of table 5
According to crucial assessment indicator system, can show that the value of the crucial evaluation index of secondary and one-level is as shown in table 6.
Table 6 secondary and one-level evaluation index value
| Index name | Desired value | Index name | Desired value |
| Network safety situation | 89.5 minutes | Terminal security situation | 61 minutes |
| Host Security situation | 93.75 minutes | Application safety situation | 40 minutes |
| Data security situation | 75 minutes | Total security postures | 75.8 minutes |
If total security postures is divided into 4 grades, be respectively normal (85-100), mile abnormality (70-85), moderate abnormal (55-70), Height Anomalies (< 55), the evaluation system assay through information security situation shows that the total information security postures within this month is mile abnormality, can and at length show user by the form summary of panel board, block diagram, list or form.
Below in conjunction with accompanying drawing, embodiments of the invention three are described.
The embodiment of the present invention provides a kind of information security Study on Trend system, and a kind of information security Situation analysis method that can provide with embodiments of the invention one combines, and jointly completes effective information security management, and this system configuration as shown in Figure 8, comprising:
Index is chosen module 801, for determine one-level, secondary and three grades of crucial evaluation indexes according to KPI method;
Preferably, this system also comprises security postures display module 805, for exporting the result of analytical information security postures.
Embodiments of the invention provide a kind of information situation safety method and system, according to KPI method, determine one-level, secondary and three grades of crucial evaluation indexes, according to AHP method, determine described one-level again, the weight of each crucial evaluation index in secondary and three grades of crucial evaluation indexes, then according to described one-level, the weight of secondary and three grades of crucial evaluation indexes and each crucial evaluation index, build crucial assessment indicator system, like this, just can be when this work of system image data, according to described crucial assessment indicator system, analytical information security postures, in the parameter while of considering to relate to information security comprehensively, with reference to the influence degree difference of each parameter, obtain the weight of each parameter, comprehensively comprehensively consider information security situation, solved and effectively carried out the problem of information security management.
The all or part of step that one of ordinary skill in the art will appreciate that above-described embodiment can realize by computer program flow process, described computer program can be stored in a computer-readable recording medium, described computer program (as system, unit, device etc.) on corresponding hardware platform is carried out, when carrying out, comprise step of embodiment of the method one or a combination set of.
Alternatively, all or part of step of above-described embodiment also can realize with integrated circuit, and these steps can be made into respectively integrated circuit modules one by one, or a plurality of modules in them or step are made into single integrated circuit module realize.Like this, the present invention is not restricted to any specific hardware and software combination.
Each device/functional module/functional unit in above-described embodiment can adopt general calculation element to realize, and they can concentrate on single calculation element, also can be distributed on the network that a plurality of calculation elements form.
The form of software function module of usining each device/functional module/functional unit in above-described embodiment realizes and during as production marketing independently or use, can be stored in a computer read/write memory medium.The above-mentioned computer read/write memory medium of mentioning can be read-only memory, disk or CD etc.
Anyly be familiar with those skilled in the art in the technical scope that the present invention discloses, can expect easily changing or replacing, within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range described in claim.
Claims (9)
1. an information security Situation analysis method, is characterized in that, comprising:
According to KPI Key Performance Indicator method (KPI method), determine one-level, secondary and three grades of crucial evaluation indexes;
According to Hierarchy Analysis Method (AHP method), determine the weight of each crucial evaluation index in described one-level, secondary and three grades of crucial evaluation indexes;
Weight according to described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, builds crucial assessment indicator system;
Image data, according to described crucial assessment indicator system, analytical information security postures.
2. information security Situation analysis method according to claim 1, is characterized in that, describedly according to KPI method, determines that one-level, secondary and three grades of crucial evaluation indexes comprise:
According to KPI method, choose total security postures index as the crucial evaluation index of one-level;
Decompose described total security postures index, choose network safety situation index, Host Security situation index, terminal security situation index, application safety situation index and data security situation index as the crucial evaluation index of secondary;
Decompose the crucial evaluation index of described secondary, obtain three grades of crucial evaluation indexes;
According to KPI method, examine respectively described one-level, secondary and three grades of crucial evaluation indexes;
When needs are revised described one-level, secondary and three grades of crucial evaluation indexes, revise, do not needing to export described one-level, secondary and three grades of crucial evaluation indexes when revising.
3. information security Situation analysis method according to claim 2, is characterized in that, the crucial evaluation index of secondary described in described decomposition is obtained three grades of crucial evaluation indexes and comprised:
The crucial evaluation index of following son of choosing described network safety situation index is as three grades of crucial evaluation indexes:
Network equipment security monitoring coverage rate, network equipment security baseline coincidence rate, network equipment excessive risk leak recall rate, Internet exportation are attacked blocking-up rate; With,
The crucial evaluation index of following son of choosing described Host Security situation index is as three grades of crucial evaluation indexes:
Host Security monitoring coverage percentage, host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rates, main frame excessive risk leak recall rate, main frame open service port leak recall rate, main frame wooden horse back door activity recall rate; With,
The crucial evaluation index of following son of choosing described terminal security situation index is as three grades of crucial evaluation indexes:
Terminal management software installation rate, terminal illegally access index, terminal anti-virus software installation rate, terminal virus base turnover rate, terminal virus cannot clearance rate, terminal patches upgrades compliance rate, terminal Trojan back door activity recall rate; With,
The crucial evaluation index of following son of choosing described application safety situation index is as three grades of crucial evaluation indexes:
PKIX (PKI) system registry rate, electronic document encryption software installation rate; With
Choose this sub crucial evaluation index of violation content recall rate of described data security situation index as three grades of crucial evaluation indexes.
4. information security Situation analysis method according to claim 3, it is characterized in that, the information of the crucial evaluation index of described one-level and the crucial evaluation index of secondary comprises: index name, index description, unit of measurement, tolerance frequency, index weights, index value and computing time.
5. information security Situation analysis method according to claim 2, is characterized in that, describedly according to AHP method, determines that the weight of each crucial evaluation index in described one-level, secondary and three grades of crucial evaluation indexes comprises:
The weight of determining the total security postures of the crucial evaluation index of one-level is 100 minutes;
According to AHP method, compare the relative importance between the crucial evaluation index of secondary, and determine the weight of the crucial evaluation index of each secondary, the weight of the crucial evaluation index of described secondary is as follows:
The weight of described network safety situation index is 20%, the weight of described Host Security situation index is 30%, the weight of described terminal security situation index is 30%, and the weight of described application safety situation index is 10%, and the weight of described data security situation index is 10%;
According to AHP method, compare the relative importance between three grades of crucial evaluation indexes, and determine the weight of each three grades of crucial evaluation indexes, the weight of described three grades of crucial evaluation indexes is as follows:
The weight of described network equipment security monitoring coverage rate is 25 minutes, the weight of described network equipment security baseline coincidence rate is 25 minutes, the weight of described network equipment excessive risk leak recall rate is 25 minutes, the weight that described Internet exportation is attacked blocking-up rate is 25 minutes, the weight of described Host Security monitoring coverage percentage is 20 minutes, described host antivirus software software installation rate, main frame virus base turnover rate, main frame virus cannot clearance rate weight be 10 minutes, the weight of described main frame excessive risk leak recall rate is 15 minutes, the weight of described main frame open service port leak recall rate is 10 minutes, the weight of described main frame wooden horse back door activity recall rate is 15 minutes, the weight of described terminal management software installation rate is 20 minutes, the initial weight that described terminal illegally accesses index is 10 minutes, the weight of described terminal anti-virus software installation rate is 20 minutes, the weight of described terminal virus base turnover rate is 15 minutes, described terminal virus cannot clearance rate weight be 10 minutes, the weight that described terminal patches upgrades compliance rate is 10 minutes, the weight of described terminal Trojan back door activity recall rate is 15 minutes, the weight of described PKI system registry rate is 50 minutes, the weight of described electronic document encryption software installation rate is 50 minutes, the weight of described violation content recall rate is 100 minutes, wherein, the weight that described terminal illegally accesses desired value can reduce 2 until be kept to 0 when occurring that a terminal illegally accesses,
According to AHP, examine the weight of each one-level, secondary and three grades of crucial evaluation indexes in accordance with the law, when needs are revised, revise, do not needing to export described one-level, secondary and three grades of crucial evaluation index weights when revising.
6. breath security postures analytical method according to claim 5, is characterized in that, described according to the weight of described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, builds crucial assessment indicator system and comprises:
The computational methods of determining each three grades of crucial evaluation index values, described computational methods are as follows:
The Data Source of described network equipment security monitoring coverage rate index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described network equipment security baseline coincidence rate index is security configuration check system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described network equipment excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source that described Internet exportation is attacked blocking-up rate index is the network log that is deployed in the safety protection equipment of Internet exportation, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, and the attack that is public network IP according to source address invasion class and information are spied with the cumulative number of malicious code class security incident and calculated according to following formula
The Data Source of described Host Security monitoring coverage percentage index is safety auditing system facility information and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described host antivirus software software installation rate index is Network anti-virus system and unified information storehouse assets information, tolerance frequency is the moon or season or year, linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Described Windows main frame virus cannot clearance rate index Data Source be Network anti-virus system, tolerance frequency be month season or year, linear module is percentage, its computational methods are according to following formula, to calculate adding up within the scope of the fixed time
The Data Source of described main frame virus base turnover rate index is Network anti-virus system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described main frame excessive risk leak recall rate index is vulnerability scanning system, and tolerance frequency be month or season, year, and linear module is percentage, and its computational methods are to add up within the scope of the fixed time
The Data Source of main frame open service port leak recall rate is vulnerability scanning system, and tolerance frequency is to be defaulted as the moon, can be according to being adjusted into season or year, and linear module is percentage, its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described main frame wooden horse back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section destination address is that outer net address style is that information is spied the worm/malicious code class/spyware event number with malicious code class, according to following formula, calculate
The Data Source of described terminal management software installation rate index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source that described terminal illegally accesses index is terminal management system, and tolerance frequency is the moon or season or year, and linear module is number of times, and its computational methods are within the statistics fixed time, illegally access the cumulative number of Intranet event.
The Data Source of described terminal anti-virus software installation rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described terminal virus base turnover rate index is Network anti-virus system and terminal management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Described terminal virus cannot clearance rate index Data Source be Network anti-virus system and terminal management system, tolerance frequency be month season or year, linear module is percentage, its computational methods are according to following formula, to calculate adding up within the scope of the fixed time
The Data Source that described terminal patches upgrades compliance rate index is Terminal Security Management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described terminal Trojan back door activity recall rate index is to be deployed in the key IDS of core switch of Intranet or the daily record of IPS, tolerance frequency is the moon or season or year, linear module is percentage, its computational methods are within the statistics fixed time, according to source address, be that Intranet terminal address section destination address is that outer net address style is that information is spied the terminal quantity with worm/malicious code class/spyware event of malicious code class, according to following formula, calculate
The Data Source of described PKI system registry rate index is PKI management system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described electronic document encryption software installation rate index is electronic document encryption system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
The Data Source of described violation content recall rate index is internet behavior auditing system, and tolerance frequency is the moon or season or year, and linear module is percentage, and its computational methods are according to following formula, to calculate within the statistics fixed time
Determine the relation of the crucial evaluation index of each three grades of crucial evaluation indexes and each secondary, the relation of the crucial evaluation index value of described each three grades of crucial evaluation index values and each secondary is as follows:
The relation of described network safety situation index and three grades of crucial evaluation indexes is as following formula
Network safety situation index (100 minutes)=network equipment security monitoring coverage rate * 25 minute+network equipment security baseline coincidence rate * 25 minute+(1-network equipment excessive risk leak recall rate) * 25 minutes+Internet exportation is attacked blocking-up rate * 25 minute,
The relation of described Host Security situation index and three grades of crucial evaluation indexes is as following formula
Host Security situation index (100 minutes)=Host Security monitoring coverage percentage * 20 minute+host antivirus software software installation rate * 20 minute+main frame virus base turnover rate * 15 minute+(1-main frame virus cannot clearance rate) * 10 minutes+(1-main frame excessive risk leak recall rate) * 15 minutes+(1-main frame open service port leak recall rate) * 10 minutes+(1-main frame wooden horse back door activity recall rate) * 15 minutes
The relation of described terminal security situation index and three grades of crucial evaluation indexes is as following formula
Terminal security situation index (100 minutes)=terminal management software installation rate * 20 minute+(terminal illegally accesses index and occurs buckleing for 1 time 2 minutes, total points 10 minutes, till having detained)+terminal anti-virus software installation rate * 20 minute+terminal virus base turnover rate * 15 minute+terminal virus cannot clearance rate * 10 minute+and terminal patches upgrades compliance rate * 10 minute+(1-terminal Trojan back door activity recall rate) * 15 minutes
The relation of described application safety situation index and three grades of crucial evaluation indexes is as following formula
Application safety situation index (100 minutes)=PKI system registry rate * 50 minute+electronic document encryption software installation rate * 50 minute,
The relation of described data security situation index and three grades of crucial evaluation indexes is as following formula
Data security situation index (100 minutes)=violation content recall rate * 100 minute;
Determine the relation of the crucial evaluation index value of each secondary and one-level key evaluation index value, this relation is as following formula:
Overall safety situation index (100 minutes)=network safety situation index * 20%+ Host Security situation index * 30%+ terminal security situation index * 30%+ application safety situation index * 10%+ data security situation index * 10%.
7. information security Situation analysis method according to claim 1, is characterized in that, described image data, according to described crucial assessment indicator system, after the step of analytical information security postures, also comprises:
By external display device, export the result of analytical information security postures.
8. an information security Study on Trend system, is characterized in that, comprising:
Index is chosen module, for determine one-level, secondary and three grades of crucial evaluation indexes according to KPI method;
Weight computation module, for determining the weight of described one-level, secondary and three grades of crucial each crucial evaluation indexes of evaluation index according to AHP method;
System management module, for according to the weight of described one-level, secondary and three grades of crucial evaluation indexes and each crucial evaluation index, builds crucial assessment indicator system;
Analysis evaluation module, for image data, according to the crucial assessment indicator system of described system management module structure, analytical information security postures.
9. information security Study on Trend system according to claim 8, is characterized in that, this system also comprises:
Security postures display module, for exporting the result of analytical information security postures.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210282254.8A CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210282254.8A CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103581155A true CN103581155A (en) | 2014-02-12 |
| CN103581155B CN103581155B (en) | 2016-04-27 |
Family
ID=50052090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210282254.8A Active CN103581155B (en) | 2012-08-08 | 2012-08-08 | Information security Situation analysis method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103581155B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104243478A (en) * | 2014-09-19 | 2014-12-24 | 中国联合网络通信集团有限公司 | Safety protection capability assessment method and equipment of network equipment |
| CN104270372A (en) * | 2014-10-11 | 2015-01-07 | 国家电网公司 | Parameter self-adaption network security posture quantitative evaluation method |
| CN105260963A (en) * | 2015-11-13 | 2016-01-20 | 苏州中科知图信息科技有限公司 | Subject accomplishment evaluation system |
| CN105917348A (en) * | 2014-01-14 | 2016-08-31 | 株式会社Pfu | Information processing device, illicit activity determination method, illicit activity determination program, information processing device, activity determination method, and activity determination program |
| CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
| CN106295356A (en) * | 2016-08-24 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Host Security rank statistical method based on SSR product |
| CN106713233A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Method for judging and protecting network security state |
| CN107454105A (en) * | 2017-09-15 | 2017-12-08 | 北京理工大学 | A kind of multidimensional network safety evaluation method based on AHP and grey correlation |
| CN107508789A (en) * | 2017-06-29 | 2017-12-22 | 北京北信源软件股份有限公司 | A kind of recognition methods of abnormal data and device |
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| CN108802331A (en) * | 2018-05-29 | 2018-11-13 | 深圳源广安智能科技有限公司 | Soil quality safety monitoring system |
| CN108881179A (en) * | 2018-05-29 | 2018-11-23 | 深圳大图科创技术开发有限公司 | Transmission line of electricity applied to smart grid reliably monitors system |
| CN109117449A (en) * | 2018-07-27 | 2019-01-01 | 武汉文网亿联科技有限公司 | Method based on non-linear least square calculation using models Internet bar installation rate |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109547242A (en) * | 2018-11-15 | 2019-03-29 | 北京计算机技术及应用研究所 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
| CN110365706A (en) * | 2019-08-01 | 2019-10-22 | 杭州安恒信息技术股份有限公司 | Multi-judgement identity network safety method, apparatus and system |
| CN110796382A (en) * | 2019-11-01 | 2020-02-14 | 浙江省人民医院 | Assessment analysis method and system applied to nursing subject |
| CN111262734A (en) * | 2020-01-13 | 2020-06-09 | 北京工业大学 | Network security event emergency processing method |
| CN113127882A (en) * | 2021-04-23 | 2021-07-16 | 杭州安恒信息安全技术有限公司 | Terminal safety protection method, device, equipment and readable storage medium |
| CN113518059A (en) * | 2020-04-10 | 2021-10-19 | 广州亚信技术有限公司 | Network License start-stop control method and device |
| CN113992337A (en) * | 2020-07-09 | 2022-01-28 | 台众计算机股份有限公司 | Information security management system of multi-information security software |
| CN115664695A (en) * | 2022-08-26 | 2023-01-31 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method of network space security situation based on two-dimensional code reflection |
| CN116962093A (en) * | 2023-09-21 | 2023-10-27 | 江苏天创科技有限公司 | Information transmission security monitoring method and system based on cloud computing |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620701A (en) * | 2009-05-14 | 2010-01-06 | 北京东方文骏软件科技有限责任公司 | Application of KPI analysis in income guarantee system of telecommunication industry based on stratification method |
-
2012
- 2012-08-08 CN CN201210282254.8A patent/CN103581155B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101620701A (en) * | 2009-05-14 | 2010-01-06 | 北京东方文骏软件科技有限责任公司 | Application of KPI analysis in income guarantee system of telecommunication industry based on stratification method |
Non-Patent Citations (3)
| Title |
|---|
| 刘楠: "信息***规划阶段风险评估模型", 《中国优秀硕士学位论文全文数据库 经济与管理科学辑》 * |
| 梁丁相等: "基于模糊综合评判理论的电力信息***安全风险评估模型及应用", 《电力***保护与控制》 * |
| 郭锡泉等: "开放可伸缩的信息安全管理测量评价体系", 《计算机工程与设计》 * |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105917348B (en) * | 2014-01-14 | 2019-04-05 | 株式会社Pfu | Information processing unit and movable determination method |
| CN105917348A (en) * | 2014-01-14 | 2016-08-31 | 株式会社Pfu | Information processing device, illicit activity determination method, illicit activity determination program, information processing device, activity determination method, and activity determination program |
| CN104243478A (en) * | 2014-09-19 | 2014-12-24 | 中国联合网络通信集团有限公司 | Safety protection capability assessment method and equipment of network equipment |
| CN104270372A (en) * | 2014-10-11 | 2015-01-07 | 国家电网公司 | Parameter self-adaption network security posture quantitative evaluation method |
| CN104270372B (en) * | 2014-10-11 | 2017-07-14 | 国家电网公司 | A kind of network safety situation quantitative estimation method of parameter adaptive |
| CN106156629A (en) * | 2015-04-17 | 2016-11-23 | 国家电网公司 | A kind of security measure method of android terminal |
| CN105260963A (en) * | 2015-11-13 | 2016-01-20 | 苏州中科知图信息科技有限公司 | Subject accomplishment evaluation system |
| CN106713233A (en) * | 2015-11-13 | 2017-05-24 | 国网智能电网研究院 | Method for judging and protecting network security state |
| CN106713233B (en) * | 2015-11-13 | 2020-04-14 | 国网智能电网研究院 | Network security state judging and protecting method |
| CN106295356A (en) * | 2016-08-24 | 2017-01-04 | 浪潮电子信息产业股份有限公司 | A kind of Host Security rank statistical method based on SSR product |
| CN107508789A (en) * | 2017-06-29 | 2017-12-22 | 北京北信源软件股份有限公司 | A kind of recognition methods of abnormal data and device |
| CN107508789B (en) * | 2017-06-29 | 2020-04-07 | 北京北信源软件股份有限公司 | Abnormal data identification method and device |
| CN107454105A (en) * | 2017-09-15 | 2017-12-08 | 北京理工大学 | A kind of multidimensional network safety evaluation method based on AHP and grey correlation |
| CN108449345A (en) * | 2018-03-22 | 2018-08-24 | 深信服科技股份有限公司 | A kind of networked asset continues method for safety monitoring, system, equipment and storage medium |
| CN108881179A (en) * | 2018-05-29 | 2018-11-23 | 深圳大图科创技术开发有限公司 | Transmission line of electricity applied to smart grid reliably monitors system |
| CN108802331A (en) * | 2018-05-29 | 2018-11-13 | 深圳源广安智能科技有限公司 | Soil quality safety monitoring system |
| CN109117449A (en) * | 2018-07-27 | 2019-01-01 | 武汉文网亿联科技有限公司 | Method based on non-linear least square calculation using models Internet bar installation rate |
| CN109117449B (en) * | 2018-07-27 | 2022-04-15 | 武汉文网亿联科技有限公司 | Method for measuring and calculating Internet bar installation rate based on nonlinear least square model |
| CN109246153A (en) * | 2018-11-09 | 2019-01-18 | 中国银行股份有限公司 | Network safety situation analysis model and network safety evaluation method |
| CN109547242A (en) * | 2018-11-15 | 2019-03-29 | 北京计算机技术及应用研究所 | Network security efficiency evaluation method based on attacking and defending incidence matrix |
| CN110365706A (en) * | 2019-08-01 | 2019-10-22 | 杭州安恒信息技术股份有限公司 | Multi-judgement identity network safety method, apparatus and system |
| CN110796382A (en) * | 2019-11-01 | 2020-02-14 | 浙江省人民医院 | Assessment analysis method and system applied to nursing subject |
| CN111262734A (en) * | 2020-01-13 | 2020-06-09 | 北京工业大学 | Network security event emergency processing method |
| CN113518059A (en) * | 2020-04-10 | 2021-10-19 | 广州亚信技术有限公司 | Network License start-stop control method and device |
| CN113518059B (en) * | 2020-04-10 | 2023-04-28 | 广州亚信技术有限公司 | Network License start-stop control method and device |
| CN113992337A (en) * | 2020-07-09 | 2022-01-28 | 台众计算机股份有限公司 | Information security management system of multi-information security software |
| CN113992337B (en) * | 2020-07-09 | 2024-01-26 | 台众计算机股份有限公司 | Information security management system of multi-information security software |
| CN113127882A (en) * | 2021-04-23 | 2021-07-16 | 杭州安恒信息安全技术有限公司 | Terminal safety protection method, device, equipment and readable storage medium |
| CN115664695A (en) * | 2022-08-26 | 2023-01-31 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method of network space security situation based on two-dimensional code reflection |
| CN115664695B (en) * | 2022-08-26 | 2023-11-17 | 南方电网数字电网研究院有限公司 | Comprehensive evaluation method for network space security situation based on two-dimensional code reflection |
| CN116962093A (en) * | 2023-09-21 | 2023-10-27 | 江苏天创科技有限公司 | Information transmission security monitoring method and system based on cloud computing |
| CN116962093B (en) * | 2023-09-21 | 2023-12-15 | 江苏天创科技有限公司 | Information transmission security monitoring method and system based on cloud computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103581155B (en) | 2016-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103581155B (en) | Information security Situation analysis method and system | |
| US9923917B2 (en) | System and method for automatic calculation of cyber-risk in business-critical applications | |
| Elyas et al. | Towards a systemic framework for digital forensic readiness | |
| CN113486351A (en) | Civil aviation air traffic control network safety detection early warning platform | |
| US20180020018A1 (en) | Method and tool to quantify the enterprise consequences of cyber risk | |
| US20070180522A1 (en) | Security system and method including individual applications | |
| Floyd et al. | Mining hospital data breach records: Cyber threats to us hospitals | |
| Zeller et al. | A comprehensive model for cyber risk based on marked point processes and its application to insurance | |
| Kott et al. | The promises and challenges of continuous monitoring and risk scoring | |
| CN106415576A (en) | System for the measurement and automated accumulation of diverging cyber risks, and corresponding method thereof | |
| WO2009051915A1 (en) | Active learning using a discriminative classifier and a generative model to detect and/or prevent malicious behavior | |
| Singh et al. | An approach to understand the end user behavior through log analysis | |
| János et al. | Security concerns towards security operations centers | |
| Corney et al. | Detection of anomalies from user profiles generated from system logs | |
| Han et al. | Semi-quantitative cybersecurity risk assessment by blockade and defense level analysis | |
| Makarova | Determining the choice of attack methods approach | |
| CN116074843A (en) | Zero trust security trusted audit method for 5G dual-domain private network | |
| Breier | Security evaluation model based on the score of security mechanisms | |
| Lyvas et al. | A hybrid dynamic risk analysis methodology for cyber-physical systems | |
| Brancik | Insider computer fraud: an in-depth framework for detecting and defending against insider IT attacks | |
| Heidenreich | How to design a method for measuring IT security in micro enterprises for IT security level measuring? A literature analysis | |
| CN106326769B (en) | A kind of field monitoring information processing unit | |
| WO2009114191A1 (en) | Citizenship fraud targeting system | |
| Abercrombie et al. | Managing complex IT security processes with value based measures | |
| AlSadhan et al. | Leveraging information security continuous monitoring for cyber defense |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |