CN113673966B - Information security construction scheme generation method and device, electronic equipment and storage medium - Google Patents
Information security construction scheme generation method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN113673966B CN113673966B CN202111033514.3A CN202111033514A CN113673966B CN 113673966 B CN113673966 B CN 113673966B CN 202111033514 A CN202111033514 A CN 202111033514A CN 113673966 B CN113673966 B CN 113673966B
- Authority
- CN
- China
- Prior art keywords
- information
- security
- text content
- information security
- current network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000010276 construction Methods 0.000 title claims abstract description 126
- 238000000034 method Methods 0.000 title claims abstract description 57
- 230000006870 function Effects 0.000 claims description 34
- 230000007547 defect Effects 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 6
- 238000013461 design Methods 0.000 description 24
- 238000012549 training Methods 0.000 description 14
- 238000004458 analytical method Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 11
- 238000012550 audit Methods 0.000 description 7
- 239000003086 colorant Substances 0.000 description 7
- 238000007726 management method Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 3
- 238000011084 recovery Methods 0.000 description 3
- 230000002787 reinforcement Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 238000002360 preparation method Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000009430 construction management Methods 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000004807 localization Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 238000000275 quality assurance Methods 0.000 description 1
- 238000003908 quality control method Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/166—Editing, e.g. inserting or deleting
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Human Resources & Organizations (AREA)
- Strategic Management (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Tourism & Hospitality (AREA)
- Health & Medical Sciences (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Economics (AREA)
- Data Mining & Analysis (AREA)
- Quality & Reliability (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- General Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention provides an information security construction scheme generation method, an information security construction scheme generation device, electronic equipment and a storage medium, wherein a current network topological graph is obtained; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; generating text content of the information security construction scheme according to at least one of the target network topological graph, preset description information of the newly-added information security product and information related to the preset information security construction scheme. By automatically generating text content of the information safety construction scheme, the problems that quality is uneven, product introduction, function description and the like are missing or inaccurate, the scheme is not complete in consideration and the like in manual writing are avoided, uniform format can be ensured, and efficiency and quality of the information safety construction scheme are improved.
Description
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to an information security construction scheme generation method, an information security construction scheme generation device, electronic equipment and a storage medium.
Background
With the rapid development of the internet age, the application of information technology is rapidly penetrated into various fields of social economy, the work and life of people are more and more dependent on computer and network technology, the information security problem is the most basic problem faced by enterprises, and an information security construction scheme is usually required to be written when the information security construction is carried out.
In the prior art, the information security construction scheme is usually written manually, the written information security construction scheme may have uneven quality, product introduction, function description and the like are missing or inaccurate, the scheme is considered to be incomplete, fonts, typesetting, patterns, colors and the like also need manual adjustment, and are not uniform, so that the efficiency and quality of the information security construction scheme are affected.
Disclosure of Invention
The invention provides an information security construction scheme generation method, an information security construction scheme generation device, electronic equipment and a storage medium, so as to automatically generate the information security construction scheme.
A first aspect of the present invention provides an information security construction scheme generating method, the method including:
Acquiring a current network topology map;
receiving an operation instruction for adding an information security product in the current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product;
adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph;
and generating text content of the information security construction scheme according to at least one of the target network topological graph, the preset description information of the newly-added information security product and the preset information security construction scheme related information.
Optionally, the text content of the information security construction scheme includes at least one of the following:
the text content of the security defect description, the text content of the security requirement, the text content of the security protection scheme and the text content of the security compliance description of the current network.
Optionally, the generating text content of the information security construction scheme according to at least one of the target network topology map, the preset description information of the newly added information security product, and the preset information security construction scheme related information includes:
Generating text content of security defect description and/or text content of security requirement of the current network according to the function description information of the newly-added information security product and/or preset security defect information; and/or
Generating text content of a safety protection scheme according to the target network topological graph and preset function description information of the newly-added information safety product; and/or
And generating text content of the safety compliance description according to the function description information of the newly-added information safety product and a preset safety standard.
Optionally, the obtaining the current network topology map includes:
receiving a network topology drawing instruction, and drawing a current network topology according to the network topology drawing instruction in an interface; or alternatively
And importing a preset current network topological graph.
Optionally, the text content of the information security construction scheme further comprises text content of the current network current situation description; the method further comprises the steps of:
and generating text content of the current network current description according to the current network topological graph.
Optionally, the text content of the information security construction scheme further includes text content of the project implementation description, and the method further includes:
Receiving input personnel configuration instructions and/or implementation related information;
and generating text content of the project implementation description according to the personnel configuration instructions and/or implementation related information.
Optionally, the text content of the information security construction scheme further includes text content of a project implementation plan description and/or text content of a project acceptance scheme description, and the method further includes:
and receiving an input project schedule chart, and generating text contents of project implementation plan descriptions and/or text contents of project acceptance scheme descriptions according to the project schedule chart.
A second aspect of the present invention provides an information security construction scheme generation apparatus, comprising:
the acquisition module is used for acquiring the current network topological graph;
the topology map processing module is used for receiving an operation instruction for adding an information security product in the current network topology map, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph;
the generation module is used for generating text content of the information security construction scheme according to at least one of the target network topological graph, the preset description information of the newly-added information security product and the preset information related to the information security construction scheme.
Optionally, the text content of the information security construction scheme includes at least one of the following:
the text content of the security defect description, the text content of the security requirement, the text content of the security protection scheme and the text content of the security compliance description of the current network.
Optionally, the generating module is configured to, when generating the text content of the information security construction scheme according to at least one of the target network topology map, the preset description information of the newly added information security product, and the preset information security construction scheme related information:
generating text content of security defect description and/or text content of security requirement of the current network according to the function description information of the newly-added information security product and/or preset security defect information; and/or
Generating text content of a safety protection scheme according to the target network topological graph and preset function description information of the newly-added information safety product; and/or
And generating text content of the safety compliance description according to the function description information of the newly-added information safety product and a preset safety standard.
Optionally, the acquiring module is configured to, when acquiring the current network topology map:
Receiving a network topology drawing instruction, and drawing a current network topology according to the network topology drawing instruction in an interface; or alternatively
And importing a preset current network topological graph.
Optionally, the text content of the information security construction scheme further comprises text content of the current network current situation description; the generating module is further configured to:
and generating text content of the current network current description according to the current network topological graph.
Optionally, the text content of the information security construction scheme further comprises text content of the project implementation description;
the acquisition module is also used for receiving input personnel configuration instructions and/or implementation related information;
the generation module is also used for generating text contents of project implementation descriptions according to personnel configuration instructions and/or implementation related information.
Optionally, the text content of the information security construction scheme further includes text content of a project implementation plan description and/or text content of a project acceptance scheme description, and the method further includes:
the acquisition module is also used for receiving an input project progress chart;
the generation module is also used for generating text contents of project implementation plan descriptions and/or text contents of project acceptance scheme descriptions according to the project schedule.
A third aspect of the present invention provides an electronic apparatus, comprising:
a memory for storing a computer program;
a processor for running a computer program stored in the memory to implement the method as described in the first aspect.
A fourth aspect of the present invention is to provide a computer-readable storage medium having a computer program stored thereon;
the computer program, when executed by a processor, implements the method as described in the first aspect.
The information security construction scheme generation method, the information security construction scheme generation device, the electronic equipment and the storage medium provided by the invention are characterized in that a current network topological diagram is obtained; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; and generating text content of the information security construction scheme according to at least one of the target network topological graph, preset description information of the newly-added information security product and preset information related to the information security construction scheme. According to the embodiment, the text content of the information safety construction scheme can be automatically generated, the problems that quality is uneven, product introduction, function description and the like are missing or inaccurate, the scheme is not complete in consideration and the like in manual writing are avoided, the unification of formats such as fonts, typesetting, patterns and colors can be ensured, and the efficiency and quality of the information safety construction scheme are improved.
Drawings
In order to more clearly illustrate the embodiments of the invention or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, it being obvious that the drawings in the description below are only some embodiments of the invention, and that other drawings can be obtained according to these drawings without inventive faculty for a person skilled in the art.
FIG. 1a is an interface diagram of a method for generating an information security construction scheme according to an embodiment of the present invention;
FIG. 1b is an interface schematic diagram of a method for generating an information security construction scheme according to another embodiment of the present invention;
FIG. 2 is a flowchart of a method for generating an information security construction scheme according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for generating an information security construction scheme according to another embodiment of the present invention;
FIG. 4 is a flowchart of a method for generating an information security construction scheme according to another embodiment of the present invention;
FIG. 5 is a block diagram of an information security construction scheme generating device according to an embodiment of the present invention;
fig. 6 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
With the rapid development of the internet age, the information security problem is the most basic problem faced by enterprises, and when the information security construction is carried out, an information security construction scheme is generally required to be written. In the prior art, the information security construction scheme is usually written manually, the written information security construction scheme may have uneven quality, product introduction, function description and the like are missing or inaccurate, the scheme is considered to be incomplete, fonts, typesetting, patterns, colors and the like also need manual adjustment, and are not uniform, so that the efficiency and quality of the information security construction scheme are affected.
In order to solve the technical problems, the invention aims to solve the problems existing in manual writing by automatically generating text contents of the information safety construction scheme, avoid uneven quality, missing or inaccurate product introduction, function description and the like, lead the scheme to be considered unprecedented, lead fonts, typesetting, patterns, colors and the like to be manually adjusted, lead the text contents to be non-uniform and influence the efficiency and quality of the information safety construction scheme. Specifically, a current network topology map may be obtained; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; and generating text content of the information security construction scheme according to at least one of the target network topological graph, preset description information of the newly-added information security product and preset information related to the information security construction scheme.
The information security construction scheme generation method provided by the invention can be applied to electronic equipment, and the electronic equipment can acquire the current network topological graph; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; referring specifically to fig. 1a, the electronic device may provide an interface 110 for drawing and displaying a network topology map, and icons and names of elements such as network products, security products, server products, network connection lines, and other basic network elements in the network may be preconfigured in a first area 111 in the interface 110, where the icons correspond to information security products prestored in the system; the second area 112 may be a network topology drawing and displaying area, and the user may add the icon of the network element in the first area to the second area, for example, by dragging, and connect the elements together using the corresponding network connection lines (network lines, optical fibers, hundred megas, gigas, etc.), drawing the network topology, as in fig. 1a, importing or drawing the current network topology 121 in the second area 112, and adding the firewall in the first area 111 to the current network topology 121 according to the operation instruction of adding the information security product in the current network topology 121, so as to obtain the target network topology 122 shown in the second area 112 of fig. 1 b.
Further, according to at least one of the target network topology, preset description information of the newly-added information security product and preset information related to the information security construction scheme, text content of the information security construction scheme is generated, and the text content of the information security construction scheme is output for guiding information security construction.
The information security construction scheme generation process is explained and illustrated in detail below with reference to specific embodiments.
Fig. 2 is a flowchart of a method for generating an information security construction scheme according to an embodiment of the present invention. The embodiment provides a method for generating an information security construction scheme, wherein an execution main body is electronic equipment, and the method comprises the following specific steps:
s201, acquiring a current network topological graph.
In this embodiment, the current network topology may be acquired first, and the network topology refers to a network structure diagram formed by the network node device and the communication medium. The current network topology diagram can comprise network products, security products, server products, network connecting lines and other elements in the current network, which are used as the basis of information security construction, namely new security products are added according to requirements or security defects on the basis of the current network, including but not limited to firewalls, antivirus software and the like.
Optionally, when the current network topology map is acquired, the method can be realized by importing a preset current network topology map; the current network topology map can also be drawn in a drawing mode, specifically, the electronic equipment can receive a network topology map drawing instruction, and the current network topology map is drawn in an interface according to the network topology map drawing instruction.
In this embodiment, an interface for drawing and displaying a network topology map may be provided, in which icons and names of elements such as network products, security products, server products, network connection lines, etc. in the network may be preconfigured in a first area in the interface, where the icons correspond to information security products prestored in the system and other basic network elements (such as network products, server products, network connection lines, etc.); the second area may be a network topology drawing and display area, and the user may add an icon of a network element in the first area to the second area, for example by dragging, and connect the elements using corresponding network connection lines (network lines, optical fibers, hundred megas, gigas, etc.), drawing the network topology.
Of course, the current network topology map may also be obtained by other manners, for example, the current network topology map is automatically generated according to the input description information of the current network, and the description is not repeated here.
S202, receiving an operation instruction for adding the information security product in the current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product.
In this embodiment, after the current network topology map is obtained, an information security product may be added to the current network topology map, specifically, an information security product may be added according to requirements or security defects, for example, a user needs to improve the information security level of a certain device, or avoid that a certain device receives a virus attack, or a certain device has a certain vulnerability currently, and an appropriate information security product needs to be added according to the requirements or security defects. Specifically, the current network topology graph can be displayed, and on the basis of the current network topology graph, an operation instruction for adding the information security product can be input, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product, for example, a user can drag an icon of the newly added information security product of the target type in a first area of an interface for drawing and displaying the network topology graph to a target adding position of the current network topology graph displayed in a second area to realize the input of the operation instruction for adding the information security product.
S203, adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph.
In this embodiment, by inputting an operation instruction for adding an information security product, a new information security product of a target type is added at a target addition position of the current network topology, thereby generating a target network topology of the information security construction scheme.
Alternatively, the newly added information security product may be identified in the target network topology, for example, by a specific color, etc., which may not be limiting herein.
S204, generating text content of the information security construction scheme according to at least one of the target network topological graph, the preset description information of the newly-added information security product and the preset information related to the information security construction scheme.
In this embodiment, preset description information of various information security products may be preset in the electronic device, including, but not limited to, description information such as functions, product models, manufacturers, features, principles, manuals, security engineers' use experience or evaluation, etc.; in addition, information related to the information security construction scheme may be input or configured in advance, including but not limited to user demand information, personnel information, project schedules, and other information required to generate the information security construction scheme, etc. Further, after the target network topology is obtained, text content of the information security construction scheme may be generated based on at least one of the target network topology, preset description information of the newly added information security product, and preset information related to the information security construction scheme.
The information security construction scheme comprises, but is not limited to, design scheme overview, core network system current situation analysis, security requirement analysis, overall scheme design, security technical scheme design, project implementation method and principle, project implementation content, project acceptance scheme, training scheme, related product description and the like. By the embodiment, one or more items of information safety construction schemes can be automatically generated, and the information contained in at least one item of target network topological graph, preset description information of newly-added information safety products and preset information related to the information safety construction schemes can be edited and arranged according to a specific template or a conversation, so that text content of the required information safety construction schemes is obtained and used for guiding information safety construction.
The information security construction scheme generation method provided by the embodiment is implemented by acquiring a current network topological graph; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; and generating text content of the information security construction scheme according to at least one of the target network topological graph, preset description information of the newly-added information security product and preset information related to the information security construction scheme. According to the embodiment, the text content of the information safety construction scheme can be automatically generated, the problems that quality is uneven, product introduction, function description and the like are missing or inaccurate, the scheme is not complete in consideration and the like in manual writing are avoided, the unification of formats such as fonts, typesetting, patterns and colors can be ensured, and the efficiency and quality of the information safety construction scheme are improved.
As a further improvement of the above embodiment, the text content of the information security construction scheme includes at least one of:
the text content of the security defect description, the text content of the security requirement, the text content of the security protection scheme and the text content of the security compliance description of the current network. Of course, the information security construction scheme is not limited to the above-listed ones.
On the basis of the foregoing embodiment, S204 may specifically include generating the text content of the information security construction scheme according to at least one of the target network topology map, the preset description information of the newly added information security product, and the preset information related to the information security construction scheme:
generating text content of security defect description and/or text content of security requirement of the current network according to the function description information of the newly-added information security product and/or preset security defect information; and/or
Generating text content of a safety protection scheme according to the target network topological graph and preset function description information of the newly-added information safety product; and/or
And generating text content of the safety compliance description according to the function description information of the newly-added information safety product and a preset safety standard.
In this embodiment, for the text content of the security defect description and/or the text content of the security requirement of the current network, since the newly added information security product is added in the current network topology, that is, it is described that some security defects or risks exist in the current network topology, and the newly added information security product can solve these security defects or risks, that is, the security defect or risks are solved in the current network topology, and the security defect and the security requirement of the current network can be deduced through the function description information of the newly added information security product, or the text content of the security defect description and/or the text content of the security requirement of the current network can be generated by combining the previously input security defect information, or the text content of the security defect description and/or the text content of the security requirement of the current network can be generated only according to the security defect information. For example, the newly added information security device is a firewall, and the generated text content of the security defect description of the current network, for example, cannot access the traffic of the access server in the current network in the modes of IP address, port number, and the like, which can cause an attacker to randomly access the port on the server and invade the server in the modes of weak password, system loopholes, and the like. Alternatively, the security defect information may be entered in advance and associated with the target network topology, for example, by marking the security defect information at an icon of the device in which the security defect exists.
In this embodiment, for the text content of the security protection scheme, the preset function description information of the newly-added information security product may be obtained, the new target location may be determined according to the target network topology, and then the text content of the security protection scheme may be generated based on the target network topology and the preset function description information of the newly-added information security product.
In this embodiment, for the text content of the security compliance description, preset security standards, such as security compliance standards and level protection standards, may be configured in advance, and further, function description information of a newly added information security product and preset security standards may be combined with information such as an existing network environment to generate the text content of the security compliance description, for example, the generated text content of the security compliance description needs to conform to the level protection three-level standard, and further, security requirements and protection measures related to a firewall in the level protection three-level standard may be further added to the text content of the security compliance description.
Optionally, the text content of the information security construction scheme may further include text content of a current network current situation description; the method further comprises the steps of:
and generating text content of the current network current description according to the current network topological graph.
In this embodiment, text content of the current network current description may also be generated according to icon elements and connections in the current network topology map, for example, an internet router is connected to an internet outlet in the current network, the outlet bandwidth is nGB, the internet router is internally connected to a network core switch, and the core switch provides a network data forwarding function and is connected to an intranet server.
Optionally, the text content of the information security construction scheme may further include text content of a project implementation description, as shown in fig. 3, and the method further includes:
s301, receiving input personnel configuration instructions and/or implementation related information;
s302, generating text content of project implementation description according to personnel configuration instructions and/or implementation related information.
In this example, it is also necessary to determine the implementation of the project, and thus, it is necessary to perform personnel configuration and coordination or other determination of related information on the implementation, so that personnel configuration instructions and/or implementation related information may be input into the electronic device, and text content of descriptions of the implementation of the project may be generated according to the input personnel configuration instructions and/or implementation related information. Optionally, the personnel information may be pre-stored in the electronic device and may be displayed in the interface, and the user selects personnel from the interface to perform task allocation and coordination, so as to implement input of personnel configuration instructions.
Optionally, the text content of the information security construction scheme may further include text content of a project implementation plan description and/or text content of a project acceptance scheme description, as shown in fig. 4, and the method further includes:
s401, receiving an input project schedule diagram;
s402, generating text contents of project implementation plan descriptions and/or text contents of project acceptance scheme descriptions according to a project schedule diagram.
In this embodiment, the project schedule chart may be a Gantt chart (Gantt chart) of the project, also called a cross-walk chart, a Bar chart (Bar chart), through which the condition that the internal relationship of the project, the schedule and other time related system progress progresses over time, or other forms of project schedule charts or plan information, and further text contents of project implementation plan descriptions and/or text contents of project acceptance plan descriptions may be generated based on the project schedule chart.
As an embodiment, the information security construction scheme may specifically include, but is not limited to, design scheme overview, core network system current situation analysis, security requirement analysis, overall scheme design, security technical scheme design, project implementation method and principle, project implementation content, project acceptance scheme, training scheme, related product description, and the like.
Optionally, the design scheme overview may include programming context, programming purpose, construction content, etc.; the core network system current situation analysis comprises a core machine room information system current situation, a comprehensive network information system current situation, a system current situation analysis, a physical environment analysis, a network situation analysis, an application system analysis, a network equipment situation, a server equipment situation, a security equipment situation, a management system description and the like;
the security requirement analysis may include system grading suggestions, determining grading objects, determining system levels, security risk analysis, physical security risks, network security risks, security risks of network communication links, security risks of network boundaries, security risks of network access, host security risks, server security risks, client terminal security risks, application security risks, business application security risks, data security risks, management risks, security organization construction risks, security system risks, personnel risks, system construction management risks, security requirement analysis, requirements meeting level protection technical requirements, requirements meeting level protection management requirements, requirements meeting self security protection, physical layer security requirements, network layer security requirements, host layer security requirements, application layer security requirements, and the like;
The overall scheme design may include design objectives, design rules, design reference standards, information system security level protection standards and specifications, other information security standards and specifications, overall security scheme design summaries, construction of a control system for a domain division, construction of a defense system in depth, ensuring consistent security strength, overall security policy design, physical security policies, environmental protection policies, boundary protection policies, regulatory policies, network security policies, secured network topology policies, access control policies, network intrusion detection policies, network security audit policies, operational security policies, system security policies, virus protection policies, terminal security management, software security inspection, operational security policies, application security policies, backup and recovery policies, application system enhancements, security management policies, and the like;
the security technical scheme design may include a system overall security scheme design schematic, a physical security design, a network security design, network access control, a requirement for network access control in level protection, a firewall system deployment, a network intrusion protection, a requirement for network intrusion protection in level protection, a network intrusion protection system deployment, a network anti-virus wall design, a log audit system design, a technical requirement for network audit in level protection, a log audit system deployment, other network security designs, a technical requirement for level protection in other aspects of network security, a technical implementation for other network security protection, network equipment security reinforcement, a host security design, a system host and terminal malicious code prevention, a technical requirement and implementation for host malicious code prevention in level protection, an anti-virus system deployment, an operation and maintenance audit system (barrier machine) design, a technical requirement and implementation for operation and maintenance audit in level protection, an operation and maintenance audit system (barrier machine) deployment, other host security designs, a technical requirement for other aspects of level protection host security, a server operation system security reinforcement, a database security reinforcement measure, an application security design, and other technical requirements for application security protection, an implementation of application security protection, a technical requirement for application security protection, a technical implementation of security protection, a data security protection, a technical requirement for implementing security protection, a data security protection and a data backup and a data security protection, a data security protection and a data security recovery, and a technical requirement and a security recovery;
Project implementation includes project implementation methods and principles, project management methods, project implementation principles, project implementation and technical service localization, division of labor, effective coordination, implementation reference standards, project implementation content, project preparation, project implementation overall process, project implementation task decomposition, project quality control and assurance, project implementation documents, project implementation planning schedules, project implementation specifications, equipment installation and loading specifications, equipment cable connection specifications, civilization construction specifications, implementation tool preparation, and the like;
project acceptance schemes may include acceptance purposes, acceptance phase divisions, engineering test and acceptance schemes, project document and document handing over at the time of inspection, and the like;
the training scheme comprises a training target, a training mode, a training means, a professional detailed training teaching material, a multimedia teaching, a machine-on operation, a training mechanism, a training arrangement, on-site training, a training purpose, a training object, a training plan, training contents, course arrangement, a student assessment and the like;
the related product description may include product summaries, product features, product functions, product performance, operating environments and standards, product color pages, and the like.
The content can be automatically generated based on at least one of the current network topological graph, the target network topological graph, the preset description information of the newly-added information security product, the preset information security construction scheme related information and the input various information, the obtained text content of the information security construction scheme is high in quality, complete in content, uniform in formats such as fonts, typesetting, styles and colors, and the efficiency and quality of the information security construction scheme are improved without manual writing.
Fig. 5 is a block diagram of an information security construction scheme generating device according to an embodiment of the present invention. The information security construction scheme generating device provided in this embodiment may execute a process flow provided by an embodiment of an information security construction scheme generating method, as shown in fig. 5, where the information security construction scheme generating device 500 includes an obtaining module 501, a topology map processing module 502, and a generating module 503.
An obtaining module 501, configured to obtain a current network topology map;
a topology map processing module 502, configured to receive an operation instruction for adding an information security product to the current network topology map, where the operation instruction includes a target type and a target addition location of the newly added information security product; adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph;
a generating module 503, configured to generate text content of the information security construction scheme according to at least one of the target network topology map, the preset description information of the newly added information security product, and the preset information related to the information security construction scheme.
On the basis of any embodiment, the text content of the information security construction scheme includes at least one of the following:
The text content of the security defect description, the text content of the security requirement, the text content of the security protection scheme and the text content of the security compliance description of the current network.
On the basis of any one of the foregoing embodiments, the generating module 503 is configured to, when generating the text content of the information security construction scheme according to at least one of the target network topology map, the preset description information of the new information security product, and the preset information security construction scheme related information:
based on any embodiment, generating text content of security defect description and/or text content of security requirement of the current network according to the function description information of the newly-added information security product and/or preset security defect information; and/or
Generating text content of a safety protection scheme according to the target network topological graph and preset function description information of the newly-added information safety product; and/or
And generating text content of the safety compliance description according to the function description information of the newly-added information safety product and a preset safety standard.
On the basis of any embodiment, the text content of the information security construction scheme further comprises text content of a current network current situation description; the generating module 503 is further configured to:
And generating text content of the current network current description according to the current network topological graph.
On the basis of any embodiment, the text content of the information security construction scheme further comprises text content of the project implementation description;
the obtaining module 501 is further configured to receive an input personnel configuration instruction and/or implementation related information;
the generating module 503 is further configured to generate text content of the project implementation description according to the personnel configuration instruction and/or implementation related information.
On the basis of any embodiment, the text content of the information security construction scheme further includes text content of a project implementation plan description and/or text content of a project acceptance scheme description, and the method further includes:
the obtaining module 501 is further configured to receive an input project schedule map;
the generating module 503 is further configured to generate text content of the project implementation plan description and/or text content of the project acceptance plan description according to the project schedule.
The information security construction scheme generating device provided by the embodiment of the present invention may be specifically used to execute the method embodiments provided in fig. 2 to 4, and specific functions are not described herein.
The information security construction scheme generating device provided by the embodiment of the invention obtains the current network topological graph; receiving an operation instruction for adding an information security product in a current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding a new information security product of a target type at a target adding position of the current network topology graph to generate a target network topology graph; and generating text content of the information security construction scheme according to at least one of the target network topological graph, preset description information of the newly-added information security product and preset information related to the information security construction scheme. According to the embodiment, the text content of the information safety construction scheme can be automatically generated, the problems that quality is uneven, product introduction, function description and the like are missing or inaccurate, the scheme is not complete in consideration and the like in manual writing are avoided, the unification of formats such as fonts, typesetting, patterns and colors can be ensured, and the efficiency and quality of the information safety construction scheme are improved.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device provided by the embodiment of the present invention may execute the processing flow provided by the embodiment of the information security construction scheme generating method, as shown in fig. 6, the electronic device 60 includes a memory 61, a processor 62, and a computer program; wherein the computer program is stored in the memory 61 and configured to be executed by the processor 62 for the information security construction scheme generation method described in the above embodiment. The electronic device 60 may also have a communication interface 63 for transmitting control instructions and data.
The electronic device of the embodiment shown in fig. 6 may be used to implement the technical solution of the above-mentioned method embodiment, and its implementation principle and technical effects are similar, and are not repeated here.
In addition, the present embodiment also provides a computer-readable storage medium having stored thereon a computer program that is executed by a processor to implement the information security construction scheme generation method described in the above embodiment.
In addition, the present embodiment also provides a computer program product, including a computer program that is executed by a processor to implement the information security construction scheme generation method described in the above embodiment.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in hardware plus software functional units.
The integrated units implemented in the form of software functional units described above may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium, and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor (processor) to perform part of the steps of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working process of the above-described device may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (8)
1. The information security construction scheme generation method is characterized by comprising the following steps of:
acquiring a current network topology map;
Receiving an operation instruction for adding an information security product in the current network topological graph, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product;
adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph;
editing and arranging function description information and preset safety defect information of the newly-added information safety product according to a preset template to generate text content of safety defect description of a current network and text content of safety requirements; the preset safety defect information is input in advance and is associated with the target network topological graph;
editing and arranging the target network topological graph and the preset function description information of the newly-added information security product according to a preset template to generate text content of a security protection scheme;
and editing and arranging the function description information of the newly-added information security product and the preset security standard according to a preset template to generate text content of the security compliance description.
2. The method of claim 1, wherein the obtaining the current network topology comprises:
Receiving a network topology drawing instruction, and drawing a current network topology according to the network topology drawing instruction in an interface; or alternatively
And importing a preset current network topological graph.
3. The method of claim 1, wherein the text content of the information security construction scheme further comprises text content of a current network presence description; the method further comprises the steps of:
and generating text content of the current network current description according to the current network topological graph.
4. The method of claim 1, wherein the text content of the information security construction scheme further comprises text content of an item implementation description, the method further comprising:
receiving input personnel configuration instructions and/or implementation related information;
and generating text content of the project implementation description according to the personnel configuration instructions and/or implementation related information.
5. The method of claim 1, wherein the text content of the information security construction scheme further comprises text content of an item implementation plan description and/or text content of an item acceptance scheme description, the method further comprising:
and receiving an input project schedule chart, and generating text contents of project implementation plan descriptions and/or text contents of project acceptance scheme descriptions according to the project schedule chart.
6. An information security construction scheme generation device, characterized by comprising:
the acquisition module is used for acquiring the current network topological graph;
the topology map processing module is used for receiving an operation instruction for adding an information security product in the current network topology map, wherein the operation instruction comprises a target type and a target adding position of the newly added information security product; adding the newly added information security product of the target type at the target adding position of the current network topology graph to generate a target network topology graph;
the generation module is used for generating text content of security defect description of the current network according to the function description information of the newly-added information security product and preset security defect information;
generating text content of a safety protection scheme according to the target network topological graph and preset function description information of the newly-added information safety product;
and generating text content of the safety compliance description according to the function description information of the newly-added information safety product and a preset safety standard.
7. An electronic device, comprising:
a memory for storing a computer program;
a processor for running a computer program stored in the memory to implement the method of any one of claims 1-5.
8. A computer-readable storage medium, characterized in that a computer program is stored thereon;
the computer program implementing the method according to any of claims 1-5 when executed by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111033514.3A CN113673966B (en) | 2021-09-03 | 2021-09-03 | Information security construction scheme generation method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111033514.3A CN113673966B (en) | 2021-09-03 | 2021-09-03 | Information security construction scheme generation method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113673966A CN113673966A (en) | 2021-11-19 |
| CN113673966B true CN113673966B (en) | 2024-03-08 |
Family
ID=78548412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111033514.3A Active CN113673966B (en) | 2021-09-03 | 2021-09-03 | Information security construction scheme generation method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113673966B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1420317A2 (en) * | 2002-10-21 | 2004-05-19 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
| CN107682211A (en) * | 2017-11-14 | 2018-02-09 | 华信咨询设计研究院有限公司 | A kind of network topology structure determination method, device and computer-readable recording medium |
| CN107888419A (en) * | 2017-11-14 | 2018-04-06 | 广东电网有限责任公司电力科学研究院 | A kind of switch network Topology g eneration method and device |
| CN108737137A (en) * | 2017-04-18 | 2018-11-02 | 国家计算机网络与信息安全管理中心 | The method, apparatus of network topology, system and computer-readable medium for identification |
| CN109861846A (en) * | 2018-12-25 | 2019-06-07 | 顺丰科技有限公司 | Using call relation acquisition methods, system and storage medium |
| CN109936474A (en) * | 2018-12-28 | 2019-06-25 | 上海云轴信息科技有限公司 | A kind of method and apparatus generating network topological diagram |
| CN110750975A (en) * | 2019-10-21 | 2020-02-04 | 北京明略软件***有限公司 | Introduction text generation method and device |
| CN111966890A (en) * | 2020-06-30 | 2020-11-20 | 北京百度网讯科技有限公司 | Text-based event pushing method and device, electronic equipment and storage medium |
| CN112733515A (en) * | 2020-12-31 | 2021-04-30 | 贝壳技术有限公司 | Text generation method and device, electronic equipment and readable storage medium |
| CN112835998A (en) * | 2020-12-31 | 2021-05-25 | 国家电网公司华中分部 | Generation method of power grid dynamic topological graph |
| CN112948110A (en) * | 2021-02-23 | 2021-06-11 | 上海宽带技术及应用工程研究中心 | Topology and arrangement system and method of cloud application, storage medium and electronic device |
| CN113158189A (en) * | 2021-04-28 | 2021-07-23 | 绿盟科技集团股份有限公司 | Method, device, equipment and medium for generating malicious software analysis report |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070206512A1 (en) * | 2006-03-03 | 2007-09-06 | Nortel Networks Limited | Network data model and topology discovery method |
| DE102010007967A1 (en) * | 2010-02-15 | 2011-08-18 | DB Systel GmbH, 60326 | Method, computer program product and computer-readable storage medium for the generic creation of a structure tree for describing an IT process |
| KR101354627B1 (en) * | 2012-09-26 | 2014-01-23 | 한국전력공사 | Engineering topology generating method of the digital substation and the apparatus thereof |
-
2021
- 2021-09-03 CN CN202111033514.3A patent/CN113673966B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1420317A2 (en) * | 2002-10-21 | 2004-05-19 | Rockwell Automation Technologies, Inc. | System and methodology providing automation security analysis, validation, and learning in an industrial controller environment |
| CN108737137A (en) * | 2017-04-18 | 2018-11-02 | 国家计算机网络与信息安全管理中心 | The method, apparatus of network topology, system and computer-readable medium for identification |
| CN107682211A (en) * | 2017-11-14 | 2018-02-09 | 华信咨询设计研究院有限公司 | A kind of network topology structure determination method, device and computer-readable recording medium |
| CN107888419A (en) * | 2017-11-14 | 2018-04-06 | 广东电网有限责任公司电力科学研究院 | A kind of switch network Topology g eneration method and device |
| CN109861846A (en) * | 2018-12-25 | 2019-06-07 | 顺丰科技有限公司 | Using call relation acquisition methods, system and storage medium |
| CN109936474A (en) * | 2018-12-28 | 2019-06-25 | 上海云轴信息科技有限公司 | A kind of method and apparatus generating network topological diagram |
| CN110750975A (en) * | 2019-10-21 | 2020-02-04 | 北京明略软件***有限公司 | Introduction text generation method and device |
| CN111966890A (en) * | 2020-06-30 | 2020-11-20 | 北京百度网讯科技有限公司 | Text-based event pushing method and device, electronic equipment and storage medium |
| CN112733515A (en) * | 2020-12-31 | 2021-04-30 | 贝壳技术有限公司 | Text generation method and device, electronic equipment and readable storage medium |
| CN112835998A (en) * | 2020-12-31 | 2021-05-25 | 国家电网公司华中分部 | Generation method of power grid dynamic topological graph |
| CN112948110A (en) * | 2021-02-23 | 2021-06-11 | 上海宽带技术及应用工程研究中心 | Topology and arrangement system and method of cloud application, storage medium and electronic device |
| CN113158189A (en) * | 2021-04-28 | 2021-07-23 | 绿盟科技集团股份有限公司 | Method, device, equipment and medium for generating malicious software analysis report |
Non-Patent Citations (2)
| Title |
|---|
| 基于PMSI网络拓扑编辑工具的设计与实现;苏瑞;王勇;杨指挥;;计算机技术与发展(第05期);全文 * |
| 苏瑞 ; 王勇 ; 杨指挥 ; .基于PMSI网络拓扑编辑工具的设计与实现.计算机技术与发展.2009,(第05期),全文. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113673966A (en) | 2021-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8117104B2 (en) | Virtual asset groups in a compliance management system | |
| US7752125B1 (en) | Automated enterprise risk assessment | |
| US7747494B1 (en) | Non-determinative risk simulation | |
| US11930032B2 (en) | System and method for enumerating and remediating gaps in cybersecurity defenses | |
| Kotenko et al. | Security analysis of information systems taking into account social engineering attacks | |
| CN112351014B (en) | Firewall security policy compliance baseline management method and device between security domains | |
| US20130212689A1 (en) | Managing network data | |
| US7734754B2 (en) | Reviewing effectiveness of communication rules system | |
| US20070250932A1 (en) | Integrated enterprise-level compliance and risk management system | |
| US20080183603A1 (en) | Policy enforcement over heterogeneous assets | |
| Harrison et al. | Nv: Nessus vulnerability visualization for the web | |
| US20190342324A1 (en) | Computer vulnerability assessment and remediation | |
| Gustafsson et al. | Cyber range automation overview with a case study of CRATE | |
| Plósz et al. | Combining safety and security analysis for industrial collaborative automation systems | |
| Knowles et al. | Assurance techniques for industrial control systems (ics) | |
| CN110955897A (en) | Software research and development safety control visualization method and system based on big data | |
| CN113673966B (en) | Information security construction scheme generation method and device, electronic equipment and storage medium | |
| Islam et al. | Human factors in software security risk management | |
| Alsaleh et al. | Roi-driven cyber risk mitigation using host compliance and network configuration | |
| CN112163198A (en) | Host login security detection method, system, device and storage medium | |
| Iturbe et al. | Information Security Risk Assessment Methodology for Industrial Systems Supporting ISA/IEC 62443 Compliance | |
| CN110941412B (en) | Method, system and terminal for realizing multi-terminal animation collaborative browsing based on pictures | |
| Savola | Towards measurement of security effectiveness enabling factors in software intensive systems | |
| CN113301040A (en) | Firewall strategy optimization method, device, equipment and storage medium | |
| Viduka et al. | Security challenges behind the development and increased use of open source web content management systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 3003, Tower D1, Qingdao International Innovation Park, No. 1, Keyuan Weiyi Road, Laoshan District, Qingdao, Shandong 266101 Applicant after: Kaos Digital Technology (Qingdao) Co.,Ltd. Applicant after: CAOS industrial Intelligence Research Institute (Qingdao) Co.,Ltd. Applicant after: Karos IoT Technology Co.,Ltd. Address before: Room 402, block B, Qingdao International Innovation Park, No.1 Keyuan Weiyi Road, Zhonghan street, Laoshan District, Qingdao City, Shandong Province, 266101 Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier Kaos IOT Technology Co.,Ltd. Address after: Room 402, block B, Qingdao International Innovation Park, No.1 Keyuan Weiyi Road, Zhonghan street, Laoshan District, Qingdao City, Shandong Province, 266101 Applicant after: Haier digital technology (Qingdao) Co.,Ltd. Applicant after: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant after: Haier Kaos IOT Technology Co.,Ltd. Address before: Room 402, block B, Qingdao International Innovation Park, No.1 Keyuan Weiyi Road, Zhonghan street, Laoshan District, Qingdao City, Shandong Province, 266101 Applicant before: Haier digital technology (Qingdao) Co.,Ltd. Applicant before: QINGDAO HAIER INDUSTRIAL INTELLIGENCE RESEARCH INSTITUTE Co.,Ltd. Applicant before: Haier CAOS IOT Ecological Technology Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |