CN114448709B - Information security policy generation method, system, device and medium - Google Patents
Information security policy generation method, system, device and medium Download PDFInfo
- Publication number
- CN114448709B CN114448709B CN202210141582.XA CN202210141582A CN114448709B CN 114448709 B CN114448709 B CN 114448709B CN 202210141582 A CN202210141582 A CN 202210141582A CN 114448709 B CN114448709 B CN 114448709B
- Authority
- CN
- China
- Prior art keywords
- security policy
- security
- determining
- policy
- current
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 230000035945 sensitivity Effects 0.000 claims abstract description 33
- 230000001502 supplementing effect Effects 0.000 claims abstract description 15
- 238000004458 analytical method Methods 0.000 claims description 13
- 239000011159 matrix material Substances 0.000 claims description 6
- 238000007619 statistical method Methods 0.000 claims description 3
- 239000000047 product Substances 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000006467 substitution reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 239000013589 supplement Substances 0.000 description 2
- TVZRAEYQIKYCPH-UHFFFAOYSA-N 3-(trimethylsilyl)propane-1-sulfonic acid Chemical compound C[Si](C)(C)CCCS(O)(=O)=O TVZRAEYQIKYCPH-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003339 best practice Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012502 risk assessment Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a system, a device and a medium for generating an information security policy, wherein the method comprises the following steps: determining a target security environment and determining a current security policy in the target security environment; determining the security risk sensitivity of a user in the target security environment to obtain a first value; determining the priority of the security policy according to the first value; acquiring a baseline security policy, and supplementing the current security policy according to the baseline security policy; forming a security policy sequence according to the priority and the supplemented current security policy; the scheme can play a role similar to that of safety specialists by automatically forming a safety strategy mode, helps users obtain the safety strategy which is suitable for organizing own risk preference and is ordered according to priority, ensures that safety work is more reasonable to develop, and can be widely applied to the technical field of information safety.
Description
Technical Field
The present invention relates to the field of information security technologies, and in particular, to a method, a system, an apparatus, and a medium for generating an information security policy.
Background
In related industries or industries with rich IT resources, such as the internet and financial industry, information security is generally ensured by building a security team.
For the target objects with limited IT resources, such as traditional enterprises which initially introduce IT technology, IT enterprises in the initial period, and the like, two modes are generally adopted for the deployment of information security work, wherein one mode is to rely on personal understanding of security. Such as requiring longer passwords, etc., but this approach has the problem of low reliability of decisions. Although IT technicians in the production sector have the advantage over security professionals that there is a clearer understanding of the actual risk of the business, such as how much actual loss occurs due to data leakage. However, it is difficult to consider the special technology and management measures for avoiding the risk and taking care. Secondly, executing the security policy according to compliance clauses commonly followed by the same industry; however, in practice, compliance terms do not have a notion of priority-all security policies appear to be equally important. On the premise of limited resources, the fact that the user cannot fully achieve compliance is also determined, and further the user can choose and reject the resources due to personal understanding of operators, so that subjective judgment errors occur.
Disclosure of Invention
In view of this, in order to at least partially solve one of the above technical problems, an embodiment of the present invention is to provide an information security policy generating method with stronger pertinence and higher accuracy, which helps a user to obtain an actual security policy attached to the user, and meanwhile, the technical scheme of the present application also provides a system, a device and a computer readable and writable storage medium capable of correspondingly implementing the method.
In one aspect, the technical scheme of the present application provides an information security policy generating method, which includes the following steps:
determining a target security environment and determining a current security policy in the target security environment;
determining the security risk sensitivity of a user in the target security environment to obtain a first value;
determining the priority of the security policy according to the first value;
acquiring a baseline security policy, and supplementing the current security policy according to the baseline security policy;
and forming a security policy sequence according to the priority and the supplemented current security policy.
In a possible embodiment of the present application, the step of determining the target security environment and determining the current security policy in the target security environment includes at least one of the following:
acquiring a user instruction, and forming the current security policy through the content of the user instruction;
and acquiring a text file of the security policy, and obtaining the current security policy by analyzing the text file.
In a possible embodiment of the present application, the step of determining the priority of the security policy according to the first value includes:
determining the priority according to the product of the security risk sensitivity and the association coefficient;
the correlation coefficient is a coefficient matrix for representing a correlation between the security policy and security risk.
In a possible embodiment of the present application, the step of obtaining a baseline security policy and supplementing the current security policy according to the baseline security policy includes:
performing similarity analysis on the baseline security policy and the current security policy;
and supplementing the current security policy according to a preset similarity threshold and a similarity analysis result.
In a possible embodiment of the present application, the step of performing similarity analysis on the baseline security policy and the current security policy includes:
encoding the baseline security policy to obtain a first character string, and encoding the current security policy to obtain a second character string;
vectorizing the first character string to obtain a first text vector, and vectorizing the second character string to obtain a second text vector;
and calculating an inner product of the first text vector and the second text vector, and determining the similarity according to the inner product.
In a possible embodiment of the present application, before the step of determining the security risk sensitivity of the user in the target security environment, obtaining the first value, the method further includes the steps of:
and acquiring historical data of the security event, and carrying out statistical analysis according to the historical data to determine the first numerical value.
In a possible embodiment of the present application, after the step of determining the target security environment and determining the current security policy in the target security environment, the method further includes the steps of:
determining that the current security policy does not exist;
determining a first security problem in the target security environment, matching the first security problem with the baseline security policy, and determining the target security policy according to a matching result.
On the other hand, the technical scheme of the application also provides an information security policy generation system, which comprises:
the security policy acquisition unit is used for determining a target security environment and determining a current security policy in the target security environment;
the risk sensitivity determining unit is used for determining the safety risk sensitivity of the user in the target safety environment to obtain a first value;
a priority calculating unit, configured to determine a priority of the security policy according to the first value;
the security policy supplementing unit is used for acquiring a baseline security policy and supplementing the current security policy according to the baseline security policy; and forming a security policy sequence according to the priority and the supplemented current security policy.
On the other hand, the technical scheme of the invention also provides an information security policy generating device, which comprises:
at least one processor;
at least one memory for storing at least one program;
the at least one program, when executed by the at least one processor, causes the at least one processor to perform an information security policy generation method as previously described.
In another aspect, the present invention provides a storage medium having stored therein a processor-executable program, which when executed by a processor is configured to run an information security policy generation method as described above.
Advantages and benefits of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention:
according to the technical scheme, firstly, the priority of the safety problem is determined according to the safety risk sensitivity of the user to the safety problem, meanwhile, the scheme correspondingly supplements the current safety strategy according to the formed current safety strategy and the base line safety strategy, a corresponding safety strategy sequence is formed according to the supplemented safety strategy, the scheme can play a role similar to that of safety specialists through an automatic safety strategy forming mode, the user is helped to obtain the safety strategy which is suitable for organizing own risk preference and ordered according to the priority, and safety work is more reasonable to develop.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of steps of an information security policy generating method provided in the technical solution of the present application.
Fig. 2 is a flowchart of steps of another information security policy generation method provided in the technical solution of the present application.
Fig. 3 is a schematic diagram of steps for calculating a current security policy and a baseline security policy in the technical solution of the present application.
Detailed Description
Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the invention. The step numbers in the following embodiments are set for convenience of illustration only, and the order between the steps is not limited in any way, and the execution order of the steps in the embodiments may be adaptively adjusted according to the understanding of those skilled in the art.
Aiming at the defects and drawbacks in the related art pointed out in the background art, namely, the existing method is that a non-security professional formulates a security policy according to personal understanding or with reference to universal security practice, and under the condition of limited resources, the information security guarantee policy which is most suitable for the most pertinence is difficult to obtain; therefore, the technical scheme provided by the application can play a role similar to that of a security expert, and help a user to obtain the security policy which is suitable for organizing own risk preference and is ordered according to the priority, so that security work is developed more reasonably.
In one aspect, as shown in fig. 1, an embodiment of the present application provides an information security policy generating method, including steps S100 to S500:
s100, determining a target security environment and determining a current security policy in the target security environment.
In particular, in an embodiment, in a case where a corresponding security policy has been deployed in a target security environment, the embodiment will collect and sort the current security policy that has been deployed. In an embodiment, the manner of acquiring the existing security policy of the user may be a manner of uploading a text file containing the security policy, besides a manner of inputting the security policy one by one. Illustratively, the current security policy that can be determined includes, but is not limited to, real-time monitoring by a camera, with the home security environment as the target security environment.
In some alternative embodiments, the process of determining the target security environment and determining the current security policy in the target security environment in the method step S100 may include steps S110-S120:
s110, acquiring a user instruction, and forming a current security policy through the content of the user instruction.
Illustratively, in an embodiment, the user may input the current security policy content through a human-computer interaction interface by way of instruction input, for example: the password length must be greater than 8 bits, and the administrator password consisting of numbers, letters and special characters cannot be stored in a computer file in the clear, and access cards need to be swiped in and out; non-administrators need to apply for "in advance" to get in and out of the machine room, etc.
S120, acquiring a text file of the security policy, and obtaining the current security policy by analyzing the text file.
In an embodiment, the corresponding security policy file may also be uploaded through a user interaction interface of different text inputs.
S200, determining safety risk sensitivity of the user in the target safety environment to obtain a first value.
The first value may be specifically a security risk sensitivity value determined according to a user input instruction; if necessary, the embodiment may determine, through the necessary security risk analysis, a first security problem in the target security environment, where the first security problem may include a security condition, a security problem, and the like corresponding to the security risk sensitivity. In an embodiment, a security risk sensitivity value is first obtained: user input of the degree of sensitivity to different security risks; for example, in the e-commerce industry, the responsible person of the e-commerce company may be more concerned about not leaking user data, but not about the problem that the industrial control network is invaded, so that a higher value is input in the term of leaking user data, and a value of 0 is input in the term of invading the industrial control network. Whereas for the company of the grid billing system, it is likely that the opposite is true: the highest score (e.g., 100) is entered when the industrial control network is intruded into an item, and a lower value is entered when the user data is compromised. In the embodiment, the security risk sensitivity value of the user can be obtained by a security risk list mode; the security risk list is obtained from a security expert knowledge base, for example, data loss, data leakage, service interruption, the intrusion of the internet of things equipment, the damage of an industrial control network and the like, and is a security risk list seen by a user when the system is used.
It should be noted that, in the embodiment, the input instruction of the user may be obtained through various user interaction modes, for example, in the embodiment, the security risk sensitivity value may be input through a mode of dragging the slider.
S300, determining the priority of the security policy according to the first numerical value.
In particular, in the embodiment, according to the security risk sensitivity value obtained in step S100, that is, the first value, the security problem or the security situation corresponding to the security risk sensitivity is ranked in priority, and the higher the security risk sensitivity value is, the higher the corresponding priority is, and the more forward the position in the sequence is.
S400, acquiring a baseline security policy, and supplementing the current security policy according to the baseline security policy.
Wherein the baseline security policy is composed of security regulations or best practices, such as ISO27001, PCI DSS (payment card industry compliance), level protection regulations, etc.; in the embodiment, the method can be obtained by integrating and extracting various compliance files. As shown in fig. 2, according to the current security policy obtained in step S300, in a manner of matching and comparing the current security policy with the baseline security policy, aiming at the lack of corresponding policy deployment to the specific security problem in the current security policy, the solution to the corresponding security problem in the baseline security policy is adopted to supplement the current security policy.
S500, forming a security policy sequence according to the priority and the supplemented current security policy.
In particular, in the embodiment, according to the priority ranking of the security issues already determined in step S300, the security policies after being supplemented are ranked according to the basis of solving the security issues, so as to obtain a security policy sequence, and the security policy pushing can be performed through the priority of the security policy sequence.
In some alternative embodiments, the process of determining the priority of the security policy according to the first value in the method step S300 may include step S310:
s310, determining the priority according to the product of the security risk sensitivity and the association coefficient.
Wherein the correlation coefficient is a coefficient matrix for representing a correlation between the security policy and the security risk. In particular, in an embodiment, the first value, i.e. the priority value = the risk sensitivity value of the user x the security policy and security risk correlation; in the calculation process, the strategy-risk correlation uses an N p Row N e The matrix of columns, P, represents (one policy vs N per row e Correlation of individual risk events, total N p Bar policy); the risk sensitivity value of the user is represented by N e Matrix R of row 1 column represents (each row represents the sensitivity of the user to a risk event, N in total e Event), the priority of each policy is obtained by p×r, resulting in N p Matrix of row 1 column, i.e. N p A priority value.
Illustratively, as shown in Table 1, an extremely simplified numerical example:
TABLE 1
| Security policy | User data leakage | Data loss | Priority value |
| The key equipment is provided with electromagnetic shielding | 0 | 1 | 10*0+50*1=50 |
| Dividing network areas by importance or division | 1 | 0 | 10*1+50*0=50 |
| The data transmission process has verification measures to ensure the integrity | 0 | 0 | 10*0+50*0=0 |
For example, in table 1, the risk sensitivity value of the user is "user data leakage: data loss: 50".
In some alternative embodiments, the process of obtaining the baseline security policy according to the method step S400 and supplementing the current security policy according to the baseline security policy may include steps S410-S420:
s410, performing similarity analysis on the baseline security policy and the current security policy.
In particular in an embodiment, when supplementing the current security policy, the rules followed are: security policy to be supplemented = baseline security policy-user existing security policy. After the existing security policies of the user are obtained, the embodiment performs similarity analysis with the baseline security policies respectively. In order to make the strategies of different words and similar meaning, such as "do not need to preserve the password in the clear" and "password should be stored after encryption", obtain higher similarity after similarity analysis, can not use the simple scheme of the word overlap ratio, but should consider the word embedding or sentence embedding technology, encode each sentence into a vector, and then use the thinking of the vector similarity to judge the similarity of two sentences.
S420, supplementing the current security policy according to a preset similarity threshold value and a similarity analysis result.
Specifically, in an embodiment, after calculating the similarity between the security policies in step S410, the embodiment may convert each security policy into a number by using a transform-based deep learning encoder, traverse the security policies of the user for a baseline security policy item, and if there is a similarity with the baseline security policy exceeding a certain threshold, for example >0.5; then a match is found and the traversal is stopped. If the user policy item exceeding the threshold is not found after traversing, the baseline security policy is added to the security policy set to be supplemented.
And automatically traversing all the baseline security policies, and carrying out matching processing on each baseline security policy, so as to obtain a complete security policy set to be supplemented. The embodiment can finally combine the priority value of each policy obtained by the policy priority calculator and the security policy to be supplemented obtained by the policy comparator, so that the security policy to be supplemented can be sequenced according to the priority and displayed to the user.
In some alternative embodiments, the process of similarity analysis of the baseline security policy and the current security policy in method step S410 may include steps S411-S413:
s411, coding the baseline security policy to obtain a first character string, and coding the current security policy to obtain a second character string;
s412, carrying out vectorization processing on the first character string to obtain a first text vector, and carrying out vectorization processing on the second character string to obtain a second text vector;
s413, calculating an inner product of the first text vector and the second text vector, and determining the similarity according to the inner product.
In particular embodiments, as shown in FIG. 3, a pre-trained text encoder, such as a multi-lingual version Universal Sentence Encoder, is first loaded; then, the current security policy and the baseline security policy are coded simultaneously; in an embodiment, the policy text list may be used as a parameter to be transmitted into the encoder function, so as to obtain the encoded policy, i.e. each text corresponds to a vector. Finally, the similarity calculation is performed, and the embodiment compares the current security policy with the baseline policy two by two, that is, calculates a vector representing one user policy and an "inner product" of the vector representing one baseline policy (expressed by using a numpy inner product function, that is, numpy. Inner (vec_a, vec_b)), and the result is the similarity.
In some alternative embodiments, before the step S200 of determining the security risk sensitivity of the user in the target security environment and obtaining the first value, the method may further include step S130:
s130, acquiring historical data of the security event, and carrying out statistical analysis according to the historical data to determine a first numerical value.
In particular, in the embodiment, in the process of determining the security risk sensitivity of the user, a direct input manner of the user can be adopted, so that policy priorities obtained by different users are also different; in addition, the embodiment can also count all security events in the industry history to reflect the real risk preference of the user, for example, the power industry, the most data leakage occurs, but the industry user compares the most worry to the security problem that the smart meter (the internet of things device) is attacked.
In some alternative embodiments, the method may further include steps S140-S150 after the step S100 of determining the target security environment and determining the current security policy in the target security environment;
s140, determining that the current security policy does not exist;
s150, determining a first security problem in the target security environment, matching the first security problem with the baseline security policy, and determining the target security policy according to a matching result.
For example, in an embodiment, if the user does not provide a security policy, the embodiment may only perform policy priority calculations. Specifically, when there are only two baseline strategies; the user policy has only one and is the same as one of the baseline policies. Under the condition that the user does not provide own strategies, the embodiment recommends two strategies and sorts the strategies according to the priority; embodiments may recommend a piece when the user provides his own policy.
On the other hand, the technical scheme of the application also provides an information security policy generation system, which comprises:
the security policy acquisition unit is used for determining a target security environment and determining a current security policy in the target security environment;
the risk sensitivity determining unit is used for determining the safety risk sensitivity of the user in the target safety environment to obtain a first value;
a priority calculating unit, configured to determine a priority of the security policy according to the first value;
the security policy supplementing unit is used for acquiring a baseline security policy and supplementing the current security policy according to the baseline security policy; and forming a security policy sequence according to the priority and the supplemented current security policy.
In a third aspect, the technical solution of the present application further provides an information security policy generating device, which includes at least one processor; at least one memory for storing at least one program; when the at least one program is executed by the at least one processor, the at least one processor is caused to perform an information security policy generation method as in the first aspect.
The embodiment of the invention also provides a program stored in the storage medium, and the program is executed by the processor to realize any information security policy generation method.
From the above specific implementation process, it can be summarized that, compared with the prior art, the technical solution provided by the present invention has the following advantages or advantages:
according to the technical scheme, the security policy mode is formed automatically, the security policy mode can play a role similar to that of security specialists, a user is helped to obtain security policies which are suitable for organizing own risk preference and are ordered according to priority, and security work is more reasonable to develop.
In some alternative embodiments, the functions/acts noted in the block diagrams may occur out of the order noted in the operational illustrations. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved. Furthermore, the embodiments presented and described in the flowcharts of the present invention are provided by way of example in order to provide a more thorough understanding of the technology. The disclosed methods are not limited to the operations and logic flows presented herein. Alternative embodiments are contemplated in which the order of various operations is changed, and in which sub-operations described as part of a larger operation are performed independently.
Furthermore, while the invention is described in the context of functional modules, it should be appreciated that, unless otherwise indicated, one or more of the functions and/or features may be integrated in a single physical device and/or software module or may be implemented in separate physical devices or software modules. It will also be appreciated that a detailed discussion of the actual implementation of each module is not necessary to an understanding of the present invention. Rather, the actual implementation of the various functional modules in the apparatus disclosed herein will be apparent to those skilled in the art from consideration of their attributes, functions and internal relationships. Accordingly, one of ordinary skill in the art can implement the invention as set forth in the claims without undue experimentation. It is also to be understood that the specific concepts disclosed are merely illustrative and are not intended to be limiting upon the scope of the invention, which is to be defined in the appended claims and their full scope of equivalents.
Logic and/or steps represented in the flowcharts or otherwise described herein, e.g., a ordered listing of executable instructions for implementing logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions.
In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiments or examples. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: many changes, modifications, substitutions and variations may be made to the embodiments without departing from the spirit and principles of the invention, the scope of which is defined by the claims and their equivalents.
While the preferred embodiment of the present invention has been described in detail, the present invention is not limited to the above embodiments, and various equivalent modifications and substitutions can be made by those skilled in the art without departing from the spirit of the present invention, and these equivalent modifications and substitutions are intended to be included in the scope of the present invention as defined in the appended claims.
Claims (9)
1. The information security policy generation method is characterized by comprising the following steps:
determining a target security environment and determining a current security policy in the target security environment;
determining the security risk sensitivity of a user in the target security environment to obtain a first value;
the first value is a security risk sensitivity value determined according to a user input instruction;
determining the priority of the security policy according to the first value;
acquiring a baseline security policy, and performing similarity analysis on the baseline security policy and the current security policy; supplementing the current security policy according to a preset similarity threshold value and a similarity analysis result;
and forming a security policy sequence according to the priority and the supplemented current security policy.
2. The method of claim 1, wherein the step of determining the target security environment and determining the current security policy in the target security environment comprises at least one of:
acquiring a user instruction, and forming the current security policy through the content of the user instruction;
and acquiring a text file of the security policy, and obtaining the current security policy by analyzing the text file.
3. The method of claim 1, wherein the step of determining the priority of the security policy based on the first value comprises:
determining the priority according to the product of the security risk sensitivity and the association coefficient;
the correlation coefficient is a coefficient matrix for representing a correlation between the security policy and security risk.
4. The method of claim 1, wherein the step of performing similarity analysis on the baseline security policy and the current security policy comprises:
encoding the baseline security policy to obtain a first character string, and encoding the current security policy to obtain a second character string;
vectorizing the first character string to obtain a first text vector, and vectorizing the second character string to obtain a second text vector;
and calculating an inner product of the first text vector and the second text vector, and determining the similarity according to the inner product.
5. An information security policy generation method according to claim 1, wherein before the step of determining the security risk sensitivity of the user in the target security environment to obtain the first value, the method further comprises the steps of:
and acquiring historical data of the security event, and carrying out statistical analysis according to the historical data to determine the first numerical value.
6. An information security policy generation method according to any of claims 1-5, wherein after the step of determining the target security environment and determining the current security policy in the target security environment, the method further comprises the steps of:
determining that the current security policy does not exist;
determining a first security problem in the target security environment, matching the first security problem with the baseline security policy, and determining the target security policy according to a matching result.
7. An information security policy generation system, comprising:
the security policy acquisition unit is used for determining a target security environment and determining a current security policy in the target security environment;
the risk sensitivity determining unit is used for determining the safety risk sensitivity of the user in the target safety environment to obtain a first value; the first value is a security risk sensitivity value determined according to a user input instruction;
a priority calculating unit, configured to determine a priority of the security policy according to the first value;
the security policy supplementing unit is used for acquiring a baseline security policy and carrying out similarity analysis on the baseline security policy and the current security policy; supplementing the current security policy according to a preset similarity threshold value and a similarity analysis result; and forming a security policy sequence according to the priority and the supplemented current security policy.
8. An information security policy generation apparatus, comprising:
at least one processor;
at least one memory for storing at least one program;
when said at least one program is executed by said at least one processor, said at least one processor is caused to run an information security policy generation method as claimed in any one of claims 1 to 6.
9. A storage medium having stored therein a processor executable program, wherein the processor executable program when executed by a processor is for running an information security policy generation method as claimed in any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210141582.XA CN114448709B (en) | 2022-02-16 | 2022-02-16 | Information security policy generation method, system, device and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210141582.XA CN114448709B (en) | 2022-02-16 | 2022-02-16 | Information security policy generation method, system, device and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114448709A CN114448709A (en) | 2022-05-06 |
| CN114448709B true CN114448709B (en) | 2024-03-12 |
Family
ID=81374184
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210141582.XA Active CN114448709B (en) | 2022-02-16 | 2022-02-16 | Information security policy generation method, system, device and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114448709B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499153A (en) * | 2008-12-26 | 2009-08-05 | 北京握奇数据***有限公司 | Method and device for implementing security mobile payment |
| CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
| CN104182704A (en) * | 2014-08-25 | 2014-12-03 | 酷派软件技术(深圳)有限公司 | Safety strategy setting method, safety strategy setting device and terminal |
| CN108040055A (en) * | 2017-12-14 | 2018-05-15 | 广东天网安全信息科技有限公司 | A kind of fire wall combined strategy and safety of cloud service protection |
| CN108768879A (en) * | 2018-04-26 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of policy priority grade method of adjustment and device |
| CN111967000A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Cross-border financial APP compliance monitoring method, device and system |
| CN112351014A (en) * | 2020-10-28 | 2021-02-09 | 武汉思普崚技术有限公司 | Firewall security policy compliance baseline management method and device between security domains |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10819751B2 (en) * | 2018-03-30 | 2020-10-27 | Amazon Technologies, Inc. | Firewall management service architecture |
| US11303678B2 (en) * | 2019-08-15 | 2022-04-12 | ColorTokens, Inc. | Determination and autocorrection of modified security policies |
-
2022
- 2022-02-16 CN CN202210141582.XA patent/CN114448709B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101499153A (en) * | 2008-12-26 | 2009-08-05 | 北京握奇数据***有限公司 | Method and device for implementing security mobile payment |
| CN101505302A (en) * | 2009-02-26 | 2009-08-12 | 中国联合网络通信集团有限公司 | Dynamic regulating method and system for security policy |
| CN104182704A (en) * | 2014-08-25 | 2014-12-03 | 酷派软件技术(深圳)有限公司 | Safety strategy setting method, safety strategy setting device and terminal |
| CN108040055A (en) * | 2017-12-14 | 2018-05-15 | 广东天网安全信息科技有限公司 | A kind of fire wall combined strategy and safety of cloud service protection |
| CN108768879A (en) * | 2018-04-26 | 2018-11-06 | 新华三信息安全技术有限公司 | A kind of policy priority grade method of adjustment and device |
| CN111967000A (en) * | 2020-08-18 | 2020-11-20 | 中国银行股份有限公司 | Cross-border financial APP compliance monitoring method, device and system |
| CN112351014A (en) * | 2020-10-28 | 2021-02-09 | 武汉思普崚技术有限公司 | Firewall security policy compliance baseline management method and device between security domains |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114448709A (en) | 2022-05-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Masry et al. | Chartqa: A benchmark for question answering about charts with visual and logical reasoning | |
| CN108920654A (en) | A kind of matched method and apparatus of question and answer text semantic | |
| Burkhardt et al. | Leading your organization to responsible AI | |
| US20140365403A1 (en) | Guided event prediction | |
| CN109460549A (en) | The processing method and processing device of semantic vector | |
| CN105912645A (en) | Intelligent question and answer method and apparatus | |
| CN112364165A (en) | Automatic classification method based on Chinese privacy policy terms | |
| CN113343677A (en) | Intention identification method and device, electronic equipment and storage medium | |
| McAleenan | Moral responsibility and action in the use of artificial intelligence in construction | |
| CN115456421A (en) | Work order dispatching method and device, processor and electronic equipment | |
| Martínez-Rojas et al. | An analysis of occupational accidents involving national and international construction workers in Spain using the association rule technique | |
| CN114448709B (en) | Information security policy generation method, system, device and medium | |
| Luo et al. | Convolutional neural network algorithm–based novel automatic text classification framework for construction accident reports | |
| Liu et al. | AMulti-Attribute Decision-Making Method Using Belief-Based Probabilistic Linguistic Term Sets and Its Application in Emergency Decision-Making. | |
| CN110457009B (en) | Method for realizing software security requirement recommendation model based on data analysis | |
| CN112579710A (en) | Data warehouse management method and device, electronic equipment and storage medium | |
| CN108052520A (en) | Conjunctive word analysis method, electronic device and storage medium based on topic model | |
| Ponelis et al. | A descriptive framework of business intelligence derived from definitions by academics, practitioners and vendors | |
| CN115618297A (en) | Method and device for identifying abnormal enterprise | |
| Gilb | Level 6: Why we can't get there from here | |
| CN115482075A (en) | Financial data anomaly analysis method and device, electronic equipment and storage medium | |
| US11403557B2 (en) | System and method for scalable, interactive, collaborative topic identification and tracking | |
| Hamid et al. | GenAIPABench: A benchmark for generative AI-based privacy assistants | |
| Guo et al. | Review of the Applications of Computer Vision to Construction Health and Safety | |
| CN105229668A (en) | Make the search that line pattern is represented that uses gesture |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |