CN105721407A - Method and device for business system security evaluation - Google Patents
Method and device for business system security evaluation Download PDFInfo
- Publication number
- CN105721407A CN105721407A CN201410740488.1A CN201410740488A CN105721407A CN 105721407 A CN105721407 A CN 105721407A CN 201410740488 A CN201410740488 A CN 201410740488A CN 105721407 A CN105721407 A CN 105721407A
- Authority
- CN
- China
- Prior art keywords
- security performance
- data
- equipment
- operation system
- score
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a device for business system security evaluation. The method comprises steps of collecting safety performance data of each item of each device, wherein the safety performance data comprises virus infection data, device system bug data, weak password data, device rule accordance data and firewall strategy normal rate data, and calculating the safety performance score of the device according to the safety performance data and a preset first rule. The method and the device of the inventioncan automatically collect safety performance data from various devices and can perform evaluation in a score counting mode on the safety performance of each device and the comprehensive safety performance of the device according to the safety performance data and the preset rule. The method and the device of the invention can directly obtain the safety performance of each device, collectively display the safety performance conditions of each device, the combination device and the business system, and can improve the directness and efficiency of the device safety management.
Description
Technical field
The present invention relates to computer security technique field, particularly relate to a kind of operation system method for evaluating safety and device.
Background technology
The software and hardware that operation system is business event platform props up support system, for instance the SMS platform operation system of enterprise, network complain operation system, telephone traffic network operation system etc..Operation system generally includes the equipment such as fire wall, middleware, data base, route switching, operating system, soft switch, load balancing, and it is normal and effective run that the safety of operation system concerns system, and the assets of user and enterprise and reputation.
Effective safety evaluatio analysis can adequately be evaluated and weigh the safe condition of operation system and provide favourable foundation.The safety evaluatio of current operation system is primarily directed to individual equipment and is evaluated, the safety information of self is provided by individual equipment, such as inquire about its safety indexes such as viral infection number and leak number at fire wall, therefore safety evaluatio result needs to check respectively in each scattered equipment, cause safety evaluatio decentralized and fragmentation, also cannot obtaining unit equipment and the safety indexes of operation system entirety, efficiency and the effectiveness of operation system safety management are low.
Summary of the invention
For overcoming the problem that in correlation technique, operation system safety evaluatio is decentralized, the application provides a kind of operation system method for evaluating safety and device.
First aspect according to the embodiment of the present application, it is provided that a kind of operation system method for evaluating safety, including:
Every security performance data of collecting device, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
The security performance score of each equipment is calculated according to described security performance data and the default first rule.
Preferably, described operation system method for evaluating safety, also include:
Security performance score according to each equipment described and the Second Rule preset calculate the security performance score of unit equipment.
Preferably, described operation system method for evaluating safety, also include:
Security performance score according to each equipment described and the three sigma rule preset calculate the security performance score of operation system.
Preferably, in described operation system method for evaluating safety, different security performance data are used different acquisition time length.
Corresponding to the first aspect of the embodiment of the present application, the second aspect according to the embodiment of the present application, it is provided that a kind of operation system safety evaluatio device, including:
Security performance data acquisition unit, for every security performance data of collecting device, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
Security performance score calculation unit, for calculating the security performance score of each equipment according to described security performance data and the default first rule.
Wherein, described security performance data acquisition unit, closes rule rate data acquisition module and firewall policy natural rate of interest data acquisition module including virus infected data acquisition module, device systems leak data acquisition module, weak passwurd data acquisition module, equipment.
Preferably, described operation system safety evaluatio device, also include:
Unit equipment security performance score calculation unit, calculates the security performance score of unit equipment for the security performance score according to each equipment described and default Second Rule.
Preferably, described operation system safety evaluatio device, also include:
Operation system security performance score calculation unit, calculates the security performance score of operation system for the security performance score according to each equipment described and default three sigma rule.
Preferably, in described operation system safety evaluatio device, different security performance data acquisition modules uses different acquisition time length.
The technical scheme that the embodiment of the present application provides can include following beneficial effect: automatically gathers every security performance data from each equipment, then according to every security performance data and the rule preset, the security performance that every security performance of each equipment and equipment are total is evaluated in score mode, and the security performance score of unit equipment and operation system can be obtained, without going the security performance of query facility dispersedly to each equipment, the security performance of each equipment can either be obtained intuitively, each equipment of displaying can be collected again, the security performance situation of unit equipment and operation system, be conducive to improving intuitive and the efficiency of equipment safety management.
It should be appreciated that it is only exemplary and explanatory that above general description and details hereinafter describe, the application can not be limited.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, for those of ordinary skills, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of operation system method for evaluating safety shown in the application one exemplary embodiment.
Fig. 2 is the schematic flow sheet of a kind of operation system method for evaluating safety shown in the application another exemplary embodiment.
Fig. 3 is the block diagram of a kind of operation system safety evaluatio device shown in the application one exemplary embodiment.
Fig. 4 is the block diagram of a kind of operation system safety evaluatio device shown in the application another exemplary embodiment.
Detailed description of the invention
Here in detail exemplary embodiment being illustrated, its example representation is in the accompanying drawings.When as explained below relates to accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Embodiment described in following exemplary embodiment does not represent all embodiments consistent with the application.On the contrary, they only with in appended claims describe in detail, the application some in the example of consistent apparatus and method.
The application in order to understand the application comprehensively, refer to numerous concrete details in the following detailed description, it will be appreciated by those skilled in the art that can realize without these details.In other embodiments, being not described in detail known method, process, assembly and circuit, obscuring in order to avoid undesirably resulting in embodiment.
First aspect according to the embodiment of the present application, it is provided that a kind of operation system method for evaluating safety.Fig. 1 is the schematic flow sheet of a kind of operation system method for evaluating safety shown in the application one exemplary embodiment, as it is shown in figure 1, described method includes:
Step S101, gathers every security performance data of each equipment, and described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data.
Wherein, to each equipment, such as fire wall (i.e. SOCKS server), middleware, soft switch, route switching, load balancing and security service equipment etc. gather its every security performance data, security performance data include virus infected data, device systems leak data, weak passwurd data, equipment closes rule rate data and firewall policy natural rate of interest data, wherein, the frequency occurred due to the equipment Risk that every security performance data are corresponding is different, such as, equipment is likely to all can be infected every day, but being likely to one month just can because there is device systems leak in device systems upgrading, if each security performance data is used identical acquisition time length, then some equipment Risks may be missed, therefore it is preferred to each security performance data is used different acquisition time length, such as with current acquisition time for datum mark, gather the virus infected data of a day in the past, the device systems leak data in past one month, the weak passwurd data in past one week, by that analogy.The acquisition time length of each security performance data can according to the operation conditions of equipment and being set, more or the equipment of access the network of the network that such as equipment accesses is more, equipment is vulnerable to attack, the acquisition time length then gathering virus infected data, firewall policy natural rate of interest and weak passwurd data etc. can be set to shorter, if device upgrade is relatively frequent, then the acquisition time length of collecting device system vulnerability data, equipment conjunction rule rate data etc. can be set to shorter.
Wherein, virus infected data can include the time etc. of viral infection number, the type of viral infection and infection that equipment infects in the time span set;Device systems leak data can include the time etc. of device systems leak number, device systems leak type, the description of device systems leak and the appearance of device systems leak that equipment occurs in the time span set;Weak passwurd data can include equipment the weak passwurd account number of logging device, weak passwurd account type and weak passwurd account login time etc. in the time span set;Equipment closes rule rate data can include equipment equipment conjunction rule rate and device configuration information etc. in the time span set;Firewall policy natural rate of interest data can include equipment firewall policy natural rate of interest in the time span set and firewall policy information etc..If wherein equipment its own system provides equipment to close rule rate, the equipment that then can directly collect from equipment closes rule rate, if equipment its own system does not provide direct equipment to close rule rate, then can the configuration information of collecting device, and the conjunction rule rate of the configuration information computing equipment according to equipment;If the fire wall of equipment its own system provides firewall policy natural rate of interest, then can directly collect firewall policy natural rate of interest from the fire wall of equipment its own system, if the fire wall of equipment its own system does not directly provide firewall policy natural rate of interest, the firewall policy number that then firewall policy of collecting device its own system is total and correct, calculates the firewall policy number/firewall policy sum obtaining firewall policy natural rate of interest=correct.
Wherein, viral infection number, device systems leak number, weak passwurd account number, equipment conjunction rule rate and firewall policy natural rate of interest that equipment infects are the security performance data that must gather, for the security performance score of computing equipment, other related data can according to record and display need gather.
Wherein, described security performance data can also include safety warning data, such as to the warning that equipment is under attack, equipment is subject to the warning etc. of sensitive operation, and described safety warning data can include total safety warning number, safety warning type and the safety warning generation time etc. that equipment produces in the time span set.Described security performance data can also include warning data, described warning data is the alarm data that equipment exceedes some default performance indications, such as device temperature exceedes alarm data during default boundary, and described warning data can include equipment early warning number, early warning type and early warning generation time etc. in the time span set.When gathering safety warning and during warning data, safety warning number and early warning number are the security performance data that must gather, for the safety score of computing equipment.
Wherein, the virus infected data of equipment can read from the virus infected data of the firewall software of equipment its own system or antivirus software record, if equipment is fire wall (i.e. SOCKS server), then can directly slave firewall itself record virus infected data read;Device systems leak data can be obtained by scanning equipment its own system;Weak passwurd data by the account data of reading equipment, can obtain the related datas such as the account of weak passwurd from account data;Equipment is closed rule rate and can be obtained by the configuration information of reading equipment;Firewall policy natural rate of interest can by obtaining from the firewall software of equipment its own system reading firewall policy data, if fire wall (SOCKS server) during equipment, then can obtain either directly through the firewall policy data reading fire wall itself;Safety warning data can be obtained by the safety warning record of reading equipment;Warning data can be obtained by the early warning record of reading equipment.
Before the security performance data of collecting device, presetting the security performance data class needing to gather, the kind further according to security performance data set in advance gathers corresponding security performance data.It should be noted that, for each equipment, can unify during collection to be acquired by all security performance data class set in advance, but not each equipment can collect the security performance data of all kinds set in advance, such as, Softswitch is likely not to have virus infected data and firewall policy natural rate of interest data, naturally also do not collect relevant data, the virus infected data of the Softswitch namely collected and firewall policy natural rate of interest data are sky, then when calculating the security performance score of soft switch, ignore for empty data acquiescence.Can also be acquired according to the security performance data class that equipment itself can collect during collection, for instance Softswitch is not gathered virus infected data and firewall policy natural rate of interest data.Technical scheme provided herein, the security performance data gathered are not limited in above-mentioned virus infected data, device systems leak data, weak passwurd data, equipment close rule rate data, firewall policy natural rate of interest data, safety warning data and warning data, it is also possible to gather other security performance data as required.The collection of security performance data can periodically be carried out as required, it is also possible to daily carry out.
Step S102, calculates the security performance score of each equipment according to described security performance data and the default first rule.
Wherein, collecting security performance data set from each equipment and collect, the security performance data of each equipment are corresponding with the device name of this equipment or device id (Identity, identity number).Described security performance score includes the score of each security performance obtained according to each security performance data and the security performance PTS according to each calculated equipment of security performance score.Described first rule correspondingly includes the rule of the security performance PTS of rule and the equipment calculating the score of each security performance.Described first rule can according to investigate safety it needs to be determined that, in a kind of possible embodiment, in order to conveniently compare the score between equipment, investigate the difference of the safety of distinct device, each security performance is set identical total score, the total score of different security performances can be different, and scoring criteria or standard of deducting point is set for each security performance, then the score of each security performance is obtained according to the security performance data collected, after obtaining the score of each security performance, security performance PTS further according to the score computing equipment of each security performance.
The step of the embodiment of the present application is described with an example below.The virus infected data of collecting device, device systems leak data, weak passwurd data, equipment close rule rate data, firewall policy natural rate of interest data, safety warning data and warning data, and the score calculation of each security performance corresponding in the acquisition time length of each security performance data and the first rule is as follows:
Viral infection: acquisition time length is 1 day, total score is 30, and standard of deducting point is: often infect one point of a virus button;
Security alarm: acquisition time length is 1 day, total score is 10, and standard of deducting point is: one point of a safety warning button often occur;
Early warning: acquisition time length is 7 days, total score is 10, and standard of deducting point is: one point of an early warning button often occur;
Device systems leak: acquisition time length is 30 days, total score is 10, and standard of deducting point is: one point of a leak button often occur;
Close rule rate: acquisition time length is 7 days, it is possible to use Linear Score mode by the percentage ratio closing rule rate, for instance, close rule rate and be always divided into 10, close when rule rate is 40% and must be divided into 4, close when rule rate is 80% and must be divided into 8, by that analogy;
Weak passwurd: acquisition time length is 7 days, total score is 20, often there is one point of a weak passwurd account button;
Firewall policy natural rate of interest: acquisition time length is 7 days, it is possible to use Linear Score mode by the percentage ratio of firewall policy natural rate of interest, for instance, firewall policy natural rate of interest is always divided into 10,6 must be divided into when firewall policy natural rate of interest is 60%, close when rule rate is 90% and must be divided into 9, by that analogy.
Device security energy PTS directly can be added for above-mentioned 7 security performance scores, i.e. device security energy PTS=viral infection score+security alarm score+early warning score+leak score+conjunction rule rate score+weak passwurd score+firewall policy natural rate of interest score.Weights can also be set according to the score that the importance of each security performance is each security performance, device security above-mentioned 7 security performance scores can must be divided into be multiplied with its weights respectively after and, namely device security energy PTS=viral infection score × viral infection weights+security alarm score × security alarm weights+early warning score × early warning infects weights+device systems leak score × device systems leak weights+conjunction rule rate score × conjunction rule rate weights+weak passwurd score × weak passwurd weights+firewall policy natural rate of interest score × firewall policy natural rate of interest and contaminates weights.Wherein, 7 security performance weights and be 100%.Simultaneously, when setting the total score of every security performance, can limit every security performance total score and be 100, i.e. viral infection total score+security alarm total score+early warning total score+leak total score+conjunction rule rate total score+weak passwurd total score+firewall policy natural rate of interest total score=100, so that every security performance total score sum of each equipment is equal, the security performance PTS of each equipment can be compared more easily, evaluate the security performance difference between distinct device.
After obtaining every security performance score of each equipment and the security performance PTS of each equipment, it is possible to carry out collecting display, it is possible to being accompanied by the every security performance data collected, the convenient security performance to each equipment checks.
The technical scheme that the embodiment of the present application provides, automatically every security performance data are gathered from each equipment, then according to every security performance data and the rule preset, the security performance that every security performance of each equipment and equipment are total is evaluated in score mode, without going the security performance of query facility dispersedly to each equipment, the security performance of each equipment can either be obtained intuitively, the security performance situation showing each equipment can be collected again, be conducive to improving intuitive and the efficiency of equipment safety management.
Fig. 2 is the schematic flow sheet of a kind of operation system method for evaluating safety shown in the application another exemplary embodiment, as in figure 2 it is shown, described method includes:
Step S201, gathers every security performance data of each equipment, and described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
Step S202, calculates the security performance score of each equipment according to described security performance data and the default first rule;
Step S203, calculates the security performance score of unit equipment according to the security performance score of each equipment described and default Second Rule;
Step S204, calculates the security performance score of operation system according to the security performance score of each equipment described and default three sigma rule.
Wherein, step S201 and step S202 is identical with step S101 and step S102 respectively.In step S203, for unit equipment, the i.e. subsystem of the operation system that two or more equipment combine, the security performance score of unit equipment and subsystem can be obtained according to the security performance score of each equipment obtained, the security performance score of unit equipment can include every security performance score of unit equipment, the viral infection score of such as unit equipment, unit equipment conjunction rule rate must grade, and the security performance PTS of unit equipment.Described Second Rule is that the security performance score according to equipment calculates every security performance score of unit equipment and the rule of unit equipment security performance PTS.The security performance PTS of unit equipment can for the meansigma methods of the security performance PTS of its equipment comprised, it may be assumed that
Wherein n is the number of the equipment that unit equipment comprises,
In like manner, every security performance score of unit equipment can for the meansigma methods of security performance score corresponding in its each equipment comprised, for instance,
The security performance PTS of unit equipment can also for the weighted mean of the security performance PTS of its equipment comprised, be in unit equipment each equipment distribution weights after:
The weights sum of each equipment that wherein unit equipment comprises is 1,
In like manner, every security performance score of unit equipment can for the weighted mean of security performance score corresponding in its each equipment comprised.
In step S204, for operation system, the security performance score of overall operation system can be obtained according to the security performance score of each equipment obtained, the security performance score of operation system can include every security performance score of operation system, the safety warning score of such as operation system, operation system early warning must grade, and the security performance PTS of operation system.Described three sigma rule is that the security performance score according to equipment calculates every security performance score of operation system and the rule of operation system security performance PTS.The security performance PTS of operation system can for the meansigma methods of the security performance PTS of its equipment comprised, it may be assumed that
Wherein m is the number of the equipment that operation system comprises,
In like manner, every security performance score of operation system can for the meansigma methods of security performance score corresponding in its each equipment comprised, for instance,
The security performance PTS of operation system can also for the weighted mean of the security performance PTS of its equipment comprised, be in operation system each equipment distribution weights after:
The weights sum of each equipment that wherein operation system comprises is 1,
In like manner, perhaps every security performance score of system can for the weighted mean of security performance score corresponding in its each equipment comprised.
The technical scheme that the present embodiment provides, it is possible to the security performance score according to each equipment obtained, obtains the security performance score of unit equipment and operation system, is more beneficial for the systematization of safety evaluation and safety management.
After obtaining the security performance score of each equipment, the security performance score of unit equipment and the security performance score of operation system, above-mentioned various scores and related data be can be carried out display, and safe class can be set for every score, it such as, it is lower security grade when the security performance of equipment must be divided into below 70 points, 70~80 timesharing are middle safe class, 80~100 are divided into high safety grade, and it is that the score of different safety class shows different colors, allows users to check more intuitively the safety evaluation situation of equipment, unit equipment and operation system.
Description by above embodiment of the method, those skilled in the art is it can be understood that can add the mode of required general hardware platform by software to the application and realize, hardware can certainly be passed through, but in a lot of situation, the former is embodiment more preferably.Based on such understanding, the part that prior art is contributed by the technical scheme of the application substantially in other words can embody with the form of software product, and it is stored in a storage medium, including some instructions with so that a smart machine performs all or part of step of method described in each embodiment of the application.And aforesaid storage medium includes: the various media that can store data and program code such as read only memory (ROM), random access memory (RAM), disk or CDs.
Corresponding to the first aspect of the embodiment of the present application, the second aspect according to the embodiment of the present application, it is provided that a kind of operation system safety evaluatio device.Fig. 3 is the block diagram of a kind of operation system safety evaluatio device shown in the application one exemplary embodiment.As it is shown on figure 3, described device includes:
Security performance data acquisition unit U301, for gathering every security performance data of each equipment, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
Security performance score calculation unit U302, is connected with U301, for calculating the security performance score of each equipment according to described security performance data and the default first rule.
Wherein, security performance data acquisition unit is arranged in each equipment, and be connected with security performance score calculation unit communication, the security performance data collected are transmitted to security performance score calculation unit by security performance data acquisition unit, security performance score calculation unit calculate the security performance score of each equipment.Described security performance data acquisition unit, include but are not limited to virus infected data acquisition module, device systems leak data acquisition module, weak passwurd data acquisition module, equipment closes rule rate data acquisition module and firewall policy natural rate of interest data acquisition module, safety warning data acquisition module and warning data acquisition module etc. can also be included, virus infected data is included but are not limited to for gathering, device systems leak data, weak passwurd data, equipment closes the security performance data such as rule rate data and firewall policy natural rate of interest data, and safety warning data and warning data.Preferably, different security performance data acquisition modules uses different acquisition time length to gather the security performance data of correspondence, to avoid the frequency occurred due to equipment Risk corresponding to every security performance data different, and omit relevant security performance data.
Wherein, after security performance score calculation unit receives the security performance data that storage security energy data acquisition unit gathers, by corresponding to the device name of the security performance data of each equipment and this equipment or device id (Identity, identity number).Described first rule correspondingly includes the rule of the security performance PTS of rule and the equipment calculating the score of each security performance.Described first rule can according to investigate safety it needs to be determined that.
Fig. 4 is the block diagram of a kind of operation system safety evaluatio device shown in the application another exemplary embodiment.As shown in Figure 4, described device includes:
Security performance data acquisition unit U401, for gathering every security performance data of each equipment, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
Security performance score calculation unit U402, is connected with U401, for calculating the security performance score of each equipment according to described security performance data and the default first rule.
Unit equipment security performance score calculation unit U403, is connected with U402, calculates the security performance score of unit equipment for the security performance score according to each equipment described and default Second Rule.
Operation system security performance score calculation unit U404, is connected with U402, calculates the security performance score of operation system for the security performance score according to each equipment described and default three sigma rule.
Wherein, unit equipment security performance score calculation unit U403 obtains the security performance score of unit equipment and subsystem according to the security performance score of the equipment obtained, and the security performance score of unit equipment can include every security performance score of unit equipment and the security performance PTS of unit equipment.Described Second Rule is that the security performance score according to each equipment calculates every security performance score of unit equipment and the rule of unit equipment security performance PTS.The security performance PTS of unit equipment can for the meansigma methods of the security performance PTS of its equipment comprised or weighted mean, in like manner, every security performance score of unit equipment can for the meansigma methods of security performance score corresponding in its each equipment comprised or weighted mean.
Wherein, the security performance score of overall operation system is obtained according to the security performance score of each equipment obtained at operation system security performance score calculation unit U404, the security performance score of operation system can include every security performance score of operation system, the safety warning score of such as operation system, operation system early warning must grade, and the security performance PTS of operation system.Described three sigma rule is that the security performance score according to equipment calculates every security performance score of operation system and the rule of operation system security performance PTS.The security performance PTS of operation system can for the meansigma methods of the security performance PTS of its equipment comprised or weighted mean, in like manner, every security performance score of operation system can for the meansigma methods of security performance score corresponding in its each equipment comprised or weighted mean.
Simultaneously, security performance score calculation unit U402, unit equipment security performance score calculation unit U403 and operation system security performance score calculation unit U404 can collect each result of calculation of display, and safe class can be set for every score, the score of different safety class shows different colors, allows the user to check more intuitively the safety evaluation situation of equipment, unit equipment and operation system.
For convenience of description, it is divided into various unit to be respectively described with function when describing apparatus above.Certainly, the function of each unit can be realized in same or multiple softwares and/or hardware when implementing the application.
Each embodiment in this specification all adopts the mode gone forward one by one to describe, between each embodiment identical similar part mutually referring to, what each embodiment stressed is the difference with other embodiments.Especially for device or system embodiment, owing to it is substantially similar to embodiment of the method, so describing fairly simple, relevant part illustrates referring to the part of embodiment of the method.Apparatus and system embodiment described above is merely schematic, the wherein said unit illustrated as separating component can be or may not be physically separate, the parts shown as unit can be or may not be physical location, namely may be located at a place, or can also be distributed on multiple NE.Some or all of module therein can be selected according to the actual needs to realize the purpose of the present embodiment scheme.Those of ordinary skill in the art, when not paying creative work, are namely appreciated that and implement.
It should be noted that, in this article, the such as relational terms of " first " and " second " or the like is used merely to separate an entity or operation with another entity or operating space, and there is relation or the backward of any this reality between not necessarily requiring or imply these entities or operating.And, term " includes ", " comprising " or its other variant any are intended to comprising of nonexcludability, so that include the process of a series of key element, method, article or equipment not only include those key elements, but also include other key element being not expressly set out, or also include the key element intrinsic for this process, method, article or equipment.When there is no more restriction, statement " including ... " key element limited, it is not excluded that there is also other identical element in including the process of described key element, method, article or equipment.
The above is only the detailed description of the invention of the application, makes to skilled artisans appreciate that or realize the application.The multiple amendment of these embodiments be will be apparent to one skilled in the art, and generic principles defined herein when without departing from spirit herein or scope, can realize in other embodiments.Therefore, the application is not intended to be limited to the embodiments shown herein, and is to fit to the widest scope consistent with principles disclosed herein and features of novelty.
Claims (9)
1. an operation system method for evaluating safety, it is characterised in that including:
Gathering every security performance data of each equipment, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
The security performance score of each equipment is calculated according to described security performance data and the default first rule.
2. operation system method for evaluating safety as claimed in claim 1, it is characterised in that also include:
Security performance score according to each equipment described and the Second Rule preset calculate the security performance score of unit equipment.
3. operation system method for evaluating safety as claimed in claim 1 or 2, it is characterised in that also include:
Security performance score according to each equipment described and the three sigma rule preset calculate the security performance score of operation system.
4. operation system method for evaluating safety as claimed in claim 1, it is characterised in that different security performance data are used different acquisition time length.
5. an operation system safety evaluatio device, it is characterised in that including:
Security performance data acquisition unit, for gathering every security performance data of each equipment, described security performance data include virus infected data, device systems leak data, weak passwurd data, equipment conjunction rule rate data and firewall policy natural rate of interest data;
Security performance score calculation unit, for calculating the security performance score of each equipment according to described security performance data and the default first rule.
6. operation system safety evaluatio device as claimed in claim 5, it is characterized in that, described security performance data acquisition unit, closes rule rate data acquisition module and firewall policy natural rate of interest data acquisition module including virus infected data acquisition module, device systems leak data acquisition module, weak passwurd data acquisition module, equipment.
7. operation system safety evaluatio device as claimed in claim 5, it is characterised in that also include:
Unit equipment security performance score calculation unit, calculates the security performance score of unit equipment for the security performance score according to each equipment described and default Second Rule.
8. the operation system safety evaluatio device as described in any one of claim 5 to 7, it is characterised in that also include:
Operation system security performance score calculation unit, calculates the security performance score of operation system for the security performance score according to each equipment described and default three sigma rule.
9. operation system safety evaluatio device as claimed in claim 6, it is characterised in that different security performance data acquisition modules uses different acquisition time length.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410740488.1A CN105721407A (en) | 2014-12-05 | 2014-12-05 | Method and device for business system security evaluation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410740488.1A CN105721407A (en) | 2014-12-05 | 2014-12-05 | Method and device for business system security evaluation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105721407A true CN105721407A (en) | 2016-06-29 |
Family
ID=56144325
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410740488.1A Pending CN105721407A (en) | 2014-12-05 | 2014-12-05 | Method and device for business system security evaluation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105721407A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220083694A1 (en) * | 2020-09-11 | 2022-03-17 | Fujifilm Business Innovation Corp. | Auditing system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674302A (en) * | 2009-09-25 | 2010-03-17 | 联想网御科技(北京)有限公司 | Method and device for conducting security identification on information system |
| CN102413011A (en) * | 2011-11-18 | 2012-04-11 | 奇智软件(北京)有限公司 | Local area network (LAN) security evaluation method and system |
| CN103049643A (en) * | 2012-11-22 | 2013-04-17 | 无锡南理工科技发展有限公司 | Mobile ad hoc network security risk assessment method based on risk entropy method and markoff chain method |
| US20130247203A1 (en) * | 2011-04-01 | 2013-09-19 | Mcafee, Inc. | Identifying Relationships Between Security Metrics |
| US20140350970A1 (en) * | 2009-12-31 | 2014-11-27 | Douglas D. Schumann, JR. | Computer system for determining geographic-location associated conditions |
-
2014
- 2014-12-05 CN CN201410740488.1A patent/CN105721407A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674302A (en) * | 2009-09-25 | 2010-03-17 | 联想网御科技(北京)有限公司 | Method and device for conducting security identification on information system |
| US20140350970A1 (en) * | 2009-12-31 | 2014-11-27 | Douglas D. Schumann, JR. | Computer system for determining geographic-location associated conditions |
| US20130247203A1 (en) * | 2011-04-01 | 2013-09-19 | Mcafee, Inc. | Identifying Relationships Between Security Metrics |
| CN102413011A (en) * | 2011-11-18 | 2012-04-11 | 奇智软件(北京)有限公司 | Local area network (LAN) security evaluation method and system |
| CN103049643A (en) * | 2012-11-22 | 2013-04-17 | 无锡南理工科技发展有限公司 | Mobile ad hoc network security risk assessment method based on risk entropy method and markoff chain method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220083694A1 (en) * | 2020-09-11 | 2022-03-17 | Fujifilm Business Innovation Corp. | Auditing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220210200A1 (en) | Ai-driven defensive cybersecurity strategy analysis and recommendation system | |
| US10936717B1 (en) | Monitoring containers running on container host devices for detection of anomalies in current container behavior | |
| US10938850B2 (en) | Method and apparatus for reducing security risk in a networked computer system architecture | |
| US11570209B2 (en) | Detecting and mitigating attacks using forged authentication objects within a domain | |
| US11799900B2 (en) | Detecting and mitigating golden ticket attacks within a domain | |
| US10412111B2 (en) | System and method for determining network security threats | |
| CN105453102B (en) | The system and method for the private cipher key leaked for identification | |
| CN109446817A (en) | A kind of detection of big data and auditing system | |
| CN110383278A (en) | The system and method for calculating event for detecting malice | |
| CN105553940A (en) | Safety protection method based on big data processing platform | |
| CN105556526A (en) | Hierarchical threat intelligence | |
| CN104246785A (en) | System and method for crowdsourcing of mobile application reputations | |
| US20230362200A1 (en) | Dynamic cybersecurity scoring and operational risk reduction assessment | |
| CN104509034A (en) | Pattern consolidation to identify malicious activity | |
| CN103999091A (en) | Geo-mapping system security events | |
| CN109564609A (en) | It mitigates and corrects using the detection of the computer attack of advanced computers decision-making platform | |
| Rassam et al. | Big Data Analytics Adoption for Cybersecurity: A Review of Current Solutions, Requirements, Challenges and Trends. | |
| Amarullah et al. | Analyzing cyber crimes during Covid-19 time in Indonesia | |
| CN106302404A (en) | A kind of collection network is traced to the source the method and system of information | |
| CN113901450A (en) | Industrial host terminal safety protection system | |
| GB2575755A (en) | Assessment program, assessment method, and information processing device | |
| CN104978257B (en) | Computing device elasticity methods of marking and device | |
| CN105721407A (en) | Method and device for business system security evaluation | |
| CN110266719A (en) | Security strategy delivery method, device, equipment and medium | |
| Bîrleanu et al. | Cyber security objectives and requirements for smart grid |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160629 |