CN114611928A - Enterprise information security management level evaluation method and system based on big data analysis - Google Patents

Enterprise information security management level evaluation method and system based on big data analysis Download PDF

Info

Publication number
CN114611928A
CN114611928A CN202210237907.4A CN202210237907A CN114611928A CN 114611928 A CN114611928 A CN 114611928A CN 202210237907 A CN202210237907 A CN 202210237907A CN 114611928 A CN114611928 A CN 114611928A
Authority
CN
China
Prior art keywords
enterprise
evaluation
management level
model
index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210237907.4A
Other languages
Chinese (zh)
Inventor
夏拥军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210237907.4A priority Critical patent/CN114611928A/en
Publication of CN114611928A publication Critical patent/CN114611928A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/044Recurrent networks, e.g. Hopfield networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Human Resources & Organizations (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Artificial Intelligence (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Economics (AREA)
  • Educational Administration (AREA)
  • Evolutionary Computation (AREA)
  • Development Economics (AREA)
  • General Health & Medical Sciences (AREA)
  • Game Theory and Decision Science (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Computing Systems (AREA)
  • Molecular Biology (AREA)
  • Computational Linguistics (AREA)
  • Biophysics (AREA)
  • Biomedical Technology (AREA)
  • Mathematical Physics (AREA)
  • Health & Medical Sciences (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an enterprise information safety management level evaluation method based on big data analysis, which comprises the following steps: s1, constructing an index system for evaluating the information security management level of the enterprise; s2, acquiring index values of all indexes in an enterprise index system as input data of the logic model; s3, the logic model outputs coefficient coef according to the input data1(ii) a S4, coefficient coef output by logic model1Updating the training evaluation model as the real value output by the evaluation model; s5, updating the trained evaluation model and outputting the coefficient coef according to the input data2(ii) a S6, the LSTM classification model takes the time sequence of the enterprise information safety management level evaluation data as inputOutput the coefficient coef of the enterprise3(ii) a S7, calculating a correction factor div; s8, correcting the coefficient coef of the estimation model prediction output in S5 by the correction factor div2And determining the information security management level grade of the enterprise according to the correction result. The invention improves the accuracy of enterprise information security management level evaluation.

Description

Enterprise information security management level evaluation method and system based on big data analysis
Technical Field
The invention relates to the technical field of information security management, in particular to an enterprise information security management level evaluation method and system based on big data analysis.
Background
Information security, i.e., the technical and administrative security protection established and adopted for data processing systems, is intended to protect computer hardware, software, data from being damaged, altered, and revealed for casual and malicious reasons. Enterprise information security management, namely, enterprises ensure enterprise information security through management measures such as fire prevention, water prevention, moisture prevention, temperature and humidity control, separation of computer system power supply and other power supply, prevention of malicious codes of business software, access control, identity authentication, data confidentiality and the like. And (4) enterprise information security management level evaluation, namely evaluating the information security management level of the enterprise on the enterprise or other enterprises.
At present, the evaluation mode of the information security management level of an enterprise mostly adopts a manual evaluation mode, and evaluators compare and score information security management measures of the enterprise item by item according to established standards so as to quantify the current information security management level of the enterprise by scores. However, the evaluation process of this artificial evaluation method is very tedious, depends on artificial experience, and an enterprise needs to invite a professional evaluation organization to evaluate, but the evaluation result may not be objective.
In recent years, machine learning techniques are rapidly developed, and machine learning algorithms such as an XGBoost gradient decision tree model and a LightGBM model are widely applied to evaluation and analysis of complex problems. In the face of the complex problem of enterprise information safety management level evaluation, the machine learning model can rapidly output a prediction result according to input data by learning the mapping relation between the input data and an output result. However, there are many factors affecting the evaluation result of the information security management level of the enterprise, and for different types of enterprises, the evaluation standards are usually different, and even for the same enterprise, the enterprise conditions at different evaluation time points are usually different, so how to ensure the prediction performance of the machine learning model, so that the trained machine learning model has universality for different types of enterprises and different enterprise conditions of the same enterprise at different evaluation time points, becomes a technical problem to be solved in the field of the enterprise information security evaluation technology.
Disclosure of Invention
The invention provides an enterprise information safety management level evaluation method based on big data analysis, aiming at improving the accuracy of enterprise information safety management level evaluation.
In order to achieve the purpose, the invention adopts the following technical scheme:
the enterprise information safety management level evaluation method based on big data analysis comprises the following steps:
s1, grading the standard of the information security management level of the enterprise according to the enterprise type, and then constructing an index system for evaluating the information security management level of the enterprise according to the evaluation index under the level standard corresponding to any one or more items of table look-up tables in the industry type, the enterprise scale, the service software owned quantity, the service software user scale and the software development mode to which the enterprise belongs;
s2, obtaining index values of indexes under the index system related to the enterprise obtained by table lookup as input data of the logic model;
s3, the logic model outputs the information security management level coefficient coef of the enterprise according to the input data prediction1
S4, predicting the coefficient coef output by the logic model1Updating and training the evaluation model as a real value output by the evaluation model;
s5, updating the trained evaluation model, taking the information safety management level evaluation data of the enterprise at the current evaluation time point as model input, and predicting and outputting the information safety management level coefficient coef of the enterprise2
S6, the LSTM classification model takes the time sequence of the enterprise information safety management level evaluation data as model input, and predicts and outputs the enterprise information safety management level coefficient coef3
S7, predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating an information security management level evaluation correction factor div of the enterprise;
s8, correcting the coefficient coef output by the estimation model prediction in step S5 by the correction factor div2And determining the enterprise information safety management level grade in which the table look-up correction result fallsAnd finally determining the information security management level grade of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information security management level grade.
Preferably, in step S1, the policy for the enterprise information security management system to rank the criteria for evaluating the information security management level of the enterprise is:
when the type of the enterprise is identified as a civil enterprise, determining the standard for evaluating the information security management level of the enterprise as a first level;
when the type of the enterprise is identified to be a nationally owned enterprise, or a government agency, or an information security administration department below provincial level, determining the standard for evaluating the information security management level of the enterprise as a second level;
when the type of the enterprise is identified to be provincial and above information security administration departments, determining the standard for evaluating the information security management level of the enterprise as a third level;
determining the standard for evaluating the information security management level of the enterprise as a fourth level when the type of the enterprise is identified as a military enterprise, or an aerospace field-related enterprise, or an army agency,
the first-level enterprise information security management level evaluation standard comprises 10 first-level indexes of physical security, network security, host system security, application security, data security, security management mechanisms, security management systems, personnel security management, system construction management and system operation and maintenance management, wherein,
the primary indexes of physical safety comprise 7 secondary indexes of physical access control, theft and damage prevention, lightning protection, fire prevention, water and moisture prevention, temperature and humidity control and power supply;
the one-level index of network security comprises 4 two-level indexes of structural network and network segment division, network access control, dial-up access control and network equipment protection;
the primary index of the host system safety comprises 3 secondary indexes of identity authentication, autonomous access control and malicious code prevention;
the primary indexes of application safety comprise 6 secondary indexes of identity authentication, access control, communication integrity, software fault tolerance, resource control and code safety;
the primary index of data safety comprises 3 secondary indexes of data integrity, data confidentiality and data backup and recovery;
the one-level indexes of the safety management mechanism comprise 4 two-level indexes of post setting, personnel allocation, authorization and approval, communication and cooperation;
the primary index of the safety management system comprises 2 secondary indexes of the management system, formulation and release;
the personnel safety management primary index comprises 4 secondary indexes of personnel recording, personnel leaving the post, safety consciousness education and training and third party personnel access management;
the primary indexes of system construction management comprise 9 secondary indexes of system grading, safety scheme design, product purchase, self-running software development, outsourcing software development, engineering implementation, test acceptance, system delivery and safety service provider selection;
the primary indexes of the system operation and maintenance management comprise 10 secondary indexes of environment management, asset management, medium management, equipment management, monitoring management, network security management, system security management, malicious code prevention management, backup and recovery management and security event handling.
Preferably, in step S3, the logic model outputs the information security management level coefficient coef of the enterprise by predicting according to the following formula (1)1
Figure BDA0003543038130000031
In the formula (1), wikRepresenting a weight assigned to a kth secondary indicator under an ith primary indicator in the index hierarchy for the enterprise;
i represents the number of primary indexes in the index system of the enterprise;
k represents the number of the secondary indexes under the ith primary index;
nikan evaluation logic number representing an evaluation logic set under the kth secondary index conforming to the ith primary index;
Nikrepresenting the total number of evaluation logics set under the k second-level index under the ith first-level index;
n represents the total number of all evaluation logics under the index system of the enterprise;
wiksatisfying the constraint condition expressed by the following formula (2):
Figure BDA0003543038130000041
in the formula (2), wiWeight, w, representing the ith primary indicator in the index system assigned to the businessiSatisfying the constraint condition expressed by the following formula (3):
Figure BDA0003543038130000042
preferably, in step S6, the LSTM classification model predicts the output coefficient coef3The method comprises the following steps:
s61, calculating the coefficient coef of the current m-th evaluation on the enterprise2Coef of recent n evaluations of the enterprise history before the m-th evaluation2Mean of1Is marked as value1
S62, in the ratio value1Falling ratio interval int1The lower limit value of (1) is a correction coefficient fac;
s63, calculating coef of the enterprise evaluation for the current mth time and the historical recent n-1 times2Mean of2Then mean is calculated2The product of fac is used as the coefficient coef of the m +1 th prediction output of the LSTM classification model3
5. The big-data-analysis-based enterprise information security management level evaluation method according to claim 4, wherein in step S7, the calculation method of the correction factor div comprises:
step S71, calculating coef of the m +1 th prediction output of the LSTM classification model3And coef of m-th prediction output3Is marked as value2
Step S72, according to the value of the ratio2Falling ratio interval int2Determining and correcting the coefficient coef of the enterprise obtained by predicting the evaluation model at the (m + 1) th time2The correction factor div.
Preferably, in step S8, the coefficient coef is corrected by the following formula (4)2
coef′2=coef2X div formula (4)
In formula (4), coef'2Representing the correction result.
Preferably, the evaluation model is a pre-trained LightGBM model.
The invention also provides an enterprise information security management level evaluation system based on big data analysis, which can realize the enterprise information security management level evaluation method, and the system comprises:
the evaluation standard grading module is used for grading the standard for evaluating the information security management level of the enterprise according to the type of the enterprise;
the evaluation index system building module is connected with the evaluation standard grading module and used for building an index system for evaluating the information security management level of the enterprise according to evaluation indexes under the corresponding evaluation standard level determined by any one or more table look-up tables in the industry category, the enterprise scale, the service software owned quantity, the service software user scale and the software development mode to which the enterprise belongs;
an index value acquisition module, connected to the evaluation index system construction module, configured to acquire, from a database, an index value of each index in the index system associated with the enterprise, the index value being obtained by table lookup and serving as input data of a logic model, and store, after information binding is performed between information security management level evaluation data acquired for each evaluation of the enterprise and the enterprise, the information security management level evaluation data in a memory;
a logic model prediction module connected with the index value acquisition module and used for taking the index value of each acquired index as the input data of the logic model and outputting the information security management level coefficient coef of the enterprise through the logic model prediction1
An evaluation model updating and training module connected with the logic model prediction module and used for predicting the output coefficient coef by the logic model1Updating and training the evaluation model as a real value output by the evaluation model;
an evaluation model prediction module, connected to the index value acquisition module and the evaluation model update training module, configured to use the information security management level evaluation data of the enterprise acquired at the current evaluation time point as an input of the evaluation model, and output an information security management level coefficient coef of the enterprise through the evaluation model prediction2
The classification prediction module is connected with the memory and used for acquiring historical n times of information safety management level evaluation data aiming at the enterprise from the memory, forming a time sequence to be input into the LSTM classification model, and predicting and outputting an information safety management level coefficient coef of the enterprise through the LSTM classification model3
A correction factor calculation module connected with the classification prediction module and used for predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating a correction factor div for evaluating the information security management level of the enterprise;
a correction module connected to the correction factor calculation module and the estimation model prediction module for calculating the correction factor div and the coefficient coef predicted and output by the estimation model2As a correction result;
and the enterprise information safety management level grade determining module is connected with the correcting module and used for looking up a judgment interval of the enterprise information safety management level grade in which the correction result falls, and finally determining the information safety management level grade of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information safety management level grade.
The invention has the following beneficial effects:
1. the method comprises the steps of grading a standard for evaluating the information security management level of an enterprise according to the type of the enterprise, establishing an index system for evaluating the information security management level of the enterprise according to evaluation indexes under corresponding grade standards determined by a table look-up table according to the specific conditions of the enterprise, such as the industry type, the enterprise scale, the number of owned business software, the user scale of the business software, the software development mode and the like of the enterprise, and enabling evaluation data to be more targeted in a mode of 'one enterprise one index system', wherein the evaluation data of the enterprise are used as effective samples of a subsequent training evaluation model, so that the training effect of the evaluation model is favorably improved;
2. enterprise information security management level coefficient coef output by logic model prediction1The objectivity of a prediction result is ensured, the output of the logic model is used as a true value output by the evaluation model to update and train the evaluation model, and the prediction performance of the evaluation model on the enterprise information safety management level is favorably improved;
3. enterprise information security management level coefficient coef predicted by LSTM classification model3In the process, the time sequence characteristics of the enterprise information security evaluation data are considered, and the output of the evaluation model is corrected by the output of the LSTM classification model, so that the accuracy of the evaluation result of the enterprise information security management level is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
FIG. 1 is a diagram of implementation steps of an enterprise information security management level evaluation method based on big data analysis according to an embodiment of the present invention;
FIG. 2 is a prediction output system of the LSTM classification modelNumber coef3A diagram of method steps of;
FIG. 3 is a diagram of method steps for calculating the factor div;
fig. 4 is a schematic structural diagram of an enterprise information security management level evaluation system based on big data analysis according to an embodiment of the present invention.
Detailed Description
The technical scheme of the invention is further explained by the specific implementation mode in combination with the attached drawings.
Wherein the showings are for the purpose of illustration only and are shown by way of illustration only and not in actual form, and are not to be construed as limiting the present patent; to better illustrate the embodiments of the present invention, some parts of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product; it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The same or similar reference numerals in the drawings of the embodiments of the present invention correspond to the same or similar components; in the description of the present invention, it should be understood that if the terms "upper", "lower", "left", "right", "inner", "outer", etc. are used for indicating the orientation or positional relationship based on the orientation or positional relationship shown in the drawings, it is only for convenience of description and simplification of description, but it is not indicated or implied that the referred device or element must have a specific orientation, be constructed in a specific orientation and be operated, and therefore, the terms describing the positional relationship in the drawings are only used for illustrative purposes and are not to be construed as limitations of the present patent, and the specific meanings of the terms may be understood by those skilled in the art according to specific situations.
In the description of the present invention, unless otherwise explicitly specified or limited, the term "connected" or the like, if appearing to indicate a connection relationship between the components, is to be understood broadly, for example, as being fixed or detachable or integral; can be mechanically or electrically connected; they may be directly connected or indirectly connected through intervening media, or may be connected through one or more other components or may be in an interactive relationship with one another. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
The enterprise information security management level evaluation method based on big data analysis provided by the embodiment of the invention, as shown in fig. 1, includes:
step S1, according to the enterprise type, the standard for evaluating the information security management level of the enterprise is graded, in this embodiment, the evaluation standard for the information security management level of the enterprise is divided into 4 grades from the first grade to the fourth grade as shown in the following table a, and when the enterprise information security management system identifies that the enterprise type is a private enterprise, the standard for evaluating the information security management level of the enterprise is determined as the first grade; when the enterprise type is identified to be a nationally owned enterprise, or a government agency, or an information security administration department below provincial level, determining the standard for evaluating the information security management level of the enterprise as a second level; when the identified type of the enterprise is provincial and above information security administration departments, determining the standard for evaluating the information security management level of the enterprise as a third level; when the enterprise type is identified to be a military enterprise, or a related enterprise in the aerospace field, or an army organ, determining the standard for evaluating the information security management level of the enterprise as a fourth level;
the first-level index and the second-level index of the first-level enterprise information security management level evaluation standard and the evaluation logic of each second-level index are summarized in the following table a, the first-level or second-level index in the second-level to fourth-level enterprise information security management level evaluation standards is partially different from the first-level or second-level index in the first-level enterprise information security management level evaluation standard, and the evaluation logic of the partially same first-level or second-level index is partially different. Because the number of indexes is large, the specific indexes and evaluation logics in the second-level to fourth-level enterprise information security management level evaluation standards are not specified in table a. In the following, also taking a civil enterprise as an example, the evaluation process of the enterprise information security management level is specifically described.
After the evaluation criteria of the private enterprise is accurately set to the first level, the enterprise information security management level evaluation system constructs an index system for evaluating the information security management level of the private enterprise according to evaluation indexes under the level standard corresponding to any one or more table lookups in the industry category, the enterprise scale, the owned quantity of business software, the user scale of the business software and the software development mode of the enterprise, and the specific construction method comprises the following steps:
when the system identifies that the industry category of the civil enterprise is 'software development', a strategy is established according to a preset index system, 5 primary indexes of physical security, network security, host system security, application security and data security are extracted from the table a, but 3 secondary indexes of software fault tolerance, resource control and code security are not included under the primary index item of the extracted application security;
when the system identifies that the enterprise scale of the civil enterprise is more than 500 persons, 3 primary indexes of a safety management mechanism, a safety management system and personnel safety management are extracted from the table a again and are included into an index system to be constructed;
when the system identifies that the number of the service software owned by the civil enterprise at present is more than 3, the primary index of the system construction management is extracted from the table a again, and the 3 secondary indexes of software fault tolerance, resource control and code safety under the item of the application safety primary index are added into the index system, but the extracted system construction management does not bring the 2 secondary indexes of outsourcing software development and self-service software development into the index system;
when the system recognizes that the software development mode of the civil enterprise comprises both outsourcing software development and self-running software development, the 2 secondary indexes of the outsourcing software development and the self-running software development under the index item of system construction management are brought into the index system;
when the system recognizes that the scale of the business software user of the civil enterprise reaches 10 ten thousand +, the one-level index of the system operation and maintenance management is extracted from the table a again and is incorporated into the index system, and finally the construction of the index system of the civil enterprise is completed.
Figure BDA0003543038130000081
Figure BDA0003543038130000091
Figure BDA0003543038130000101
Figure BDA0003543038130000111
Figure BDA0003543038130000121
Figure BDA0003543038130000131
Figure BDA0003543038130000141
Figure BDA0003543038130000151
Figure BDA0003543038130000161
TABLE a
After the construction of the index system of the enterprise is completed, the method for evaluating the enterprise information security management level provided by the embodiment is switched to:
step S2, obtaining an index value associated with each index under the index system of the private enterprise obtained by table lookup as input data of a logic model, for example, when the index value meets the evaluation logic, the index value assigned to the corresponding evaluation logic is 1, when the index value does not meet the evaluation logic, the index value assigned to the corresponding evaluation logic is 0, for example, two evaluation logics are provided under the two-level index item of anti-theft and anti-damage in table a, if the evaluation logic "should place the main device in a physically limited range" is satisfied, the index value of the evaluation logic is determined to be "1", and if the evaluation logic "should fix the corresponding device or the main component and set an obvious mark that cannot be removed" is not satisfied, the index value of the evaluation logic is determined to be "0", and the calculation method of the index value of the two-level index can be the logic number meeting the evaluation logic and the two-level index item 1/2, is calculated as the ratio of the total logic number of the evaluation logic. The index value of the first-level index 'physical safety' belonging to the first-level index and the second-level index for preventing theft and damage can be the accumulation result or the weighted accumulation result of the index values of all the second-level indexes.
After the input data of the logic model is obtained, the following steps are carried out:
step S3, the logic model predicts and outputs the information security management level coefficient coef of the enterprise according to the input data1The prediction process is expressed by the following formula (1):
Figure BDA0003543038130000162
in the formula (1), wikRepresenting a weight assigned to a kth secondary index under an ith primary index in an index system of the enterprise;
i represents the number of first-level indexes in an index system of an enterprise;
k represents the number of the secondary indexes under the ith primary index;
nikan evaluation logic number representing an evaluation logic set under the kth secondary index conforming to the ith primary index;
Nikrepresenting the total number of evaluation logics set under the k second-level index under the ith first-level index;
n represents the total number of all evaluation logics under the index system of the enterprise;
wiksatisfying the constraint condition expressed by the following formula (2):
Figure BDA0003543038130000163
in the formula (2), wiWeight, w, representing the ith primary index in the index hierarchy assigned to the enterpriseiSatisfying the constraint condition expressed by the following formula (3):
Figure BDA0003543038130000171
the equation (3) that the sum of the weights of all the first-order indicators is 1 is beneficial to simplify coef1Increase coef1The calculated speed of (2).
The logic model outputs the coefficients coef of different types of enterprises at different evaluation time points1And then, turning into:
step S4, predicting the output coefficient coef by using the logic model1Updating the training evaluation model as the real value output by the evaluation model; in the present invention, the LightGBM model is preferably used as the evaluation model, and since the specific training process of the LightGBM model is not within the scope of the claims of the present invention, the training process of the LightGBM model is not specifically described;
step S5, updating the trained evaluation model, taking the information security management level evaluation data of the enterprise at the current evaluation time point as model input, and predicting and outputting the information security management level coefficient coef of the enterprise2
Step S6, the LSTM classification model takes the time sequence of the enterprise information security assessment data as the model input, and predicts and outputs the information security management level coefficient coef of the enterprise3Specifically, as shown in FIG. 2, the LSTM classification model predicts the output coefficient coef3The method comprises the following steps:
step S61, calculating the coefficient coef of the current m-th enterprise evaluation2Coef of recent n evaluations of the enterprise history before the m-th evaluation2Mean of1Is marked as value1(ii) a Suppose, for a civil enterprise A, coef currently evaluated for the mth time2Value 0.78, coef of nearly 10 evaluations of the enterprise history before the mth evaluation2Values of 0.8, 0.82, 0.85, 0.88, 0.9, 0.92, 0.89, 0.88, 0.91, 0.8, respectively, then mean1=0.865,
Figure BDA0003543038130000172
Step S62, value of ratio1Interval of ratio int1The lower limit value of (1) is the correction coefficient fac, the ratio interval int1The correspondence with fac is for example as shown in table b below,
int1interval of ratio Correction factor fac
0.95 or more 0.95
0.85-0.95 0.85
0.75-0.85 0.75
0.65-0.75 0.65
0.55-0.65 0.55
0.55 or less 0.55
Table b
As can be seen from the above table b,
Figure BDA0003543038130000173
if the correction coefficient fac falls within the range of 0.85-0.95, the value of the correction coefficient fac is 0.85;
step S63, calculating coef of enterprise evaluation of current mth time and historical near n-1 times2Mean of2Then mean is calculated2The product of fac is used as the coefficient coef of the m +1 th prediction output of the LSTM classification model3. Assume coef of the m-th evaluation2Has a value of 0.78, coef of last 9 evaluations2Respectively, of 0.82, 0.85, 0.88, 0.9, 0.92, 0.89, 0.88, 0.91, 0.8, then mean20.845, then mean is calculated2(0.845) and the product of the correction coefficient fac (0.85) calculated in step S62 as the coefficient coef of the m +1 th prediction output of the LSTM classification model3=0.71825。
Here, it should be noted that coef3The calculated result of (2) is directly related to fac, and the value of fac is also related to int1The width of the ratio interval is directly related, hence int1The invention is crucial to the setting of the width of the ratio interval, learns the time sequence characteristics of the enterprise information safety level evaluation data through the LSTM long-and-short time memory neural network and sets the int1The learned time sequence characteristics are summarized and summarized in a ratio interval mode, and the coef of the LSTM classification model is improved3The predicted speed of the coefficients.
Obtain coef3After the coefficients are obtained, as shown in fig. 1, the method for evaluating the enterprise information security management level provided in this embodiment proceeds to:
step S7, predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating an information security management level evaluation correction factor div of an enterprise, wherein a calculation mode is shown in fig. 3 and includes:
step S71, calculating the m +1 th prediction output of the LSTM classification modelcoef3And coef of m-th prediction output3Is marked as value2
Step S72, according to the value of the ratio2Falling ratio interval int2Determining the coefficient coef of the enterprise obtained by the correction evaluation model in the (m + 1) th prediction2The correction factor div.
Coef calculation due to LSTM classification model3Coef predicted by evaluation model2In connection with coef predicted when evaluating the model2Coef predicted by LSTM classification model when it is not accurate enough3There will be an error but this error is regularly recurring and therefore we introduce a correction factor div to reduce this error to coef3The influence of the value, and further correcting coef output by the estimation model by the correction factor div2And the prediction precision of the evaluation model is further improved.
Suppose, the coefficient coef of the m +1 th prediction output of the LSTM classification model30.71825, and the coefficient coef of the m-th prediction output30.7325, then
Figure BDA0003543038130000181
Interval of ratio int2The correspondence with div is shown in table c below, for example:
Figure BDA0003543038130000182
Figure BDA0003543038130000191
table c
It should be noted that the correction factor div evaluates the relationship between the prediction error magnitudes of the LSTM classification model twice before and after, i.e., the m-th time and the m + 1-th time, and when the input data amount of the model is large enough, the relationship between the prediction error magnitudes of the two times before and after is regularly repeatable, but as described above, the lsetm classification model predicts coef3And coef2Related to, two errors before and after affecting the LSTM classification modelThe size relationship has more factors, so in order to represent the relationship change rule of the two previous and next error sizes of the LSTM classification model, the invention adopts the above table c to set int2The manner of the ratio interval converges this error relation, and we take value2The lower limit value of the falling interval serves as the correction factor div.
It should be emphasized that the widths of the ratio intervals in the above tables b and c are only examples, and when the model input data type, the data amount, the model training parameters, and the like are changed, the widths of the ratio intervals are adjusted accordingly.
After the correction factor div is calculated, as shown in fig. 1, the enterprise information security management level evaluation method provided in this embodiment is shifted to:
step S8, correcting the coefficient coef of the estimation model prediction output in step S5 by the correction factor div2And checking a judgment interval of the enterprise information safety management level in which the correction result falls, and finally determining the information safety management level of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information safety management level. Specifically, the coefficient coef is corrected by the following formula (4)2
coef′2=coef2X div formula (4)
In formula (4), coef'2Indicating the result of the correction.
Then, the information security management level grade of the civil enterprise is finally determined by inquiring the following table d:
coef′2 grade
0.9 or more 1
0.8-0.9 2
0.6-0.8 3
0.6 or less 4
Table d
It should be noted that the enterprise information security management level hierarchy in the table d is only an example, and actually, an appropriate amount of coef 'may be defined according to the index number of the index system determined in step S1 or the richness of the model input data'2Falls into interval and is each coef'2And giving corresponding enterprise information security management level levels to the falling intervals so as to further refine and classify the enterprise information security management level levels.
The present invention further provides an enterprise information security management level evaluation system based on big data analysis, which can implement the above enterprise information security management level evaluation method, as shown in fig. 4, the system includes:
the evaluation standard grading module is used for grading the standard for evaluating the information security management level of the enterprise according to the type of the enterprise;
the evaluation index system building module is connected with the evaluation standard grading module and used for building an index system for evaluating the information security management level of the enterprise according to evaluation indexes under the corresponding evaluation standard level determined by any one or more table look-up tables in the industry category, the enterprise scale, the service software owned quantity, the service software user scale and the software development mode to which the enterprise belongs;
the index value acquisition module is connected with the evaluation index system construction module and used for acquiring index values of indexes under the index system related to the enterprise, which are constructed by table look-up, from a database and serving as input data of a logic model, binding information safety management level evaluation data acquired by each evaluation of the enterprise with the enterprise information and then storing the information into a memory;
a logic model prediction module connected with the index value acquisition module and used for predicting and outputting the information security management level coefficient coef of the enterprise by using the index value of each acquired index as the input data of the logic model1
An evaluation model updating and training module connected with the logic model prediction module and used for predicting the output coefficient coef by the logic model1Updating and training the evaluation model as a real value output by the evaluation model;
an evaluation model prediction module connected with the index value acquisition module and the evaluation model update training module and used for taking the information security management level evaluation data of the enterprise acquired at the current evaluation time point as the input of the evaluation model and outputting the information security management level coefficient coef of the enterprise through the prediction of the evaluation model2
The classification prediction module is connected with the memory and used for acquiring historical n times of information safety management level evaluation data aiming at the enterprise from the memory, forming a time sequence to be input into the LSTM classification model and predicting and outputting an information safety management level coefficient coef of the enterprise through the LSTM classification model3
A correction factor calculation module connected with the classification prediction module and used for predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating a correction factor div for evaluating the information security management level of the enterprise;
a correction module connected with the correction factor calculation module and the estimation model prediction module for calculating the correction factor div and the coefficient coef output by estimation model prediction2The product of (a) and (b) as a correction result;
and the enterprise information safety management level grade determining module is connected with the correction module and used for looking up a judgment interval of the enterprise information safety management level grade in which the correction result falls, and finally determining the information safety management level grade of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information safety management level grade.
It should be understood that the above-described embodiments are merely preferred embodiments of the invention and the technical principles applied thereto. It will be understood by those skilled in the art that various modifications, equivalents, changes, and the like can be made to the present invention. However, such variations are within the scope of the invention as long as they do not depart from the spirit of the invention. In addition, certain terminology used in the description and claims of the present application is not limiting, but is used for convenience only.

Claims (8)

1. A big data analysis-based enterprise information security management level assessment method is characterized by comprising the following steps:
s1, grading the standard of the information security management level of the enterprise according to the enterprise type, and then constructing an index system for evaluating the information security management level of the enterprise according to the evaluation index under the level standard corresponding to any one or more items of table look-up tables in the industry type, the enterprise scale, the service software owned quantity, the service software user scale and the software development mode to which the enterprise belongs;
s2, obtaining index values of indexes under the index system related to the enterprise obtained by table lookup as input data of the logic model;
s3, the logic model outputs the information security management level coefficient coef of the enterprise according to the input data prediction1
S4, predicting the coefficient coef output by the logic model1Updating and training the evaluation model as a real value output by the evaluation model;
s5, updating the trained evaluation model, taking the information safety management level evaluation data of the enterprise at the current evaluation time point as model input, and predicting and outputting the information safety management level coefficient coef of the enterprise2
S6, the LSTM classification model takes the time sequence of the enterprise information safety management level evaluation data as model input, and predicts and outputs the enterprise information safety management level coefficient coef3
S7, predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating an information security management level evaluation correction factor div of the enterprise;
s8, correcting the coefficient coef output by the estimation model prediction in step S5 by the correction factor div2And checking a judgment interval of the enterprise information safety management level in which the correction result falls, and finally determining the information safety management level of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information safety management level.
2. The big data analysis-based enterprise information security management level evaluation method according to claim 1, wherein in step S1, the strategy for the enterprise information security management system to grade the standard for evaluating the information security management level of the enterprise is:
when the type of the enterprise is identified as a civil enterprise, determining the standard for evaluating the information security management level of the enterprise as a first level;
when the type of the enterprise is identified to be a nationally owned enterprise, or a government agency, or an information security administration department below provincial level, determining the standard for evaluating the information security management level of the enterprise as a second level;
when the type of the enterprise is identified to be provincial and above information security administration departments, determining the standard for evaluating the information security management level of the enterprise as a third level;
determining the standard for evaluating the information security management level of the enterprise as a fourth level when the type of the enterprise is identified as a military enterprise, or an aerospace field-related enterprise, or an army agency,
the first-level enterprise information security management level evaluation standard comprises 10 first-level indexes of physical security, network security, host system security, application security, data security, security management mechanisms, security management systems, personnel security management, system construction management and system operation and maintenance management, wherein,
the primary indexes of physical safety comprise 7 secondary indexes of physical access control, theft and damage prevention, lightning protection, fire prevention, water and moisture prevention, temperature and humidity control and power supply;
the one-level index of network safety also comprises 4 secondary indexes of structural network and network segment division, network access control, dialing access control and network equipment protection;
the primary index of the host system safety comprises 3 secondary indexes of identity authentication, autonomous access control and malicious code prevention;
the primary index of application safety comprises 6 secondary indexes of identity authentication, access control, communication integrity, software fault tolerance, resource control and code safety;
the primary index of data safety comprises 3 secondary indexes of data integrity, data confidentiality and data backup and recovery;
the one-level indexes of the safety management mechanism comprise 4 two-level indexes of post setting, personnel allocation, authorization and approval, communication and cooperation;
the primary index of the safety management system comprises 2 secondary indexes of the management system, formulation and release;
the personnel safety management primary index comprises 4 secondary indexes of personnel recording, personnel leaving the post, safety consciousness education and training and third party personnel access management;
the primary indexes of system construction management comprise 9 secondary indexes of system grading, safety scheme design, product purchase, self-running software development, outsourcing software development, engineering implementation, test acceptance, system delivery and safety service provider selection;
the primary indexes of the system operation and maintenance management comprise 10 secondary indexes of environment management, asset management, medium management, equipment management, monitoring management, network security management, system security management, malicious code prevention management, backup and recovery management and security event handling.
3. The big data analysis-based enterprise information security management level assessment method according to claim 1, wherein the method is characterized in thatIn step S3, the logic model predicts and outputs the information security management level coefficient coef of the enterprise according to the following formula (1)1
Figure FDA0003543038120000021
In the formula (1), wikRepresenting a weight assigned to a kth secondary index under an ith primary index in the index hierarchy for the enterprise;
i represents the number of primary indexes in the index system of the enterprise;
k represents the number of the secondary indexes under the ith primary index;
nikan evaluation logic number representing an evaluation logic set under the kth secondary index conforming to the ith primary index;
Nikrepresenting the total number of evaluation logics set under the k second-level index under the ith first-level index;
n represents the total number of all evaluation logics under the index system of the enterprise;
wiksatisfying the constraint condition expressed by the following formula (2):
Figure FDA0003543038120000031
in the formula (2), wiWeight, w, representing the ith primary indicator in the indicator system assigned to the enterpriseiSatisfying the constraint condition expressed by the following formula (3):
Figure FDA0003543038120000032
4. the big-data-analysis-based enterprise information security management level evaluation method according to claim 1, wherein in step S6, the LSTM classification model predictsOutput coefficient coef3The method comprises the following steps:
s61, calculating the coefficient coef of the current m-th enterprise evaluation2Coef of recent n evaluations of the enterprise history before the m-th evaluation2Mean of1Is marked as value1
S62, in the ratio value1Interval of ratio int1The lower limit value of (1) is a correction coefficient fac;
s63, calculating coef of the enterprise evaluation for the current mth time and the historical recent n-1 times2Mean of2Then mean is calculated2The product of fac is used as the coefficient coef of the m +1 th prediction output of the LSTM classification model3
5. The big-data-analysis-based enterprise information security management level evaluation method according to claim 4, wherein in step S7, the calculation method of the correction factor div comprises:
step S71, calculating coef of the m +1 th prediction output of the LSTM classification model3Coef of m-th prediction output3Is marked as value2
Step S72, according to the value of the ratio2Falling ratio interval int2Determining and correcting the coefficient coef of the enterprise obtained by predicting the evaluation model at the (m + 1) th time2The correction factor div.
6. The big-data-analysis-based enterprise information security management level assessment method according to any one of claims 1 to 5, wherein in step S8, the coefficient coef is corrected by the following formula (4)2
coef′2=coef2X div formula (4)
Coef 'in the formula (4)'2Representing the correction result.
7. The big data analysis-based enterprise information security management level evaluation method of claim 1, wherein the evaluation model is a pre-trained LightGBM model.
8. An enterprise information security management level evaluation system based on big data analysis, which can realize the enterprise information security management level evaluation method of any one of claims 1-7, wherein the system comprises:
the evaluation standard grading module is used for grading the standard for evaluating the information security management level of the enterprise according to the enterprise type;
the evaluation index system building module is connected with the evaluation standard grading module and used for building an index system for evaluating the information security management level of the enterprise according to evaluation indexes under the corresponding evaluation standard level determined by any one or more table look-up tables in the industry category, the enterprise scale, the service software owned quantity, the service software user scale and the software development mode to which the enterprise belongs;
an index value acquisition module, connected to the evaluation index system construction module, configured to acquire, from a database, an index value of each index in the index system associated with the enterprise, the index value being obtained by table lookup and serving as input data of a logic model, and store, after information binding is performed between information security management level evaluation data acquired for each evaluation of the enterprise and the enterprise, the information security management level evaluation data in a memory;
a logic model prediction module connected with the index value acquisition module and used for taking the index value of each acquired index as the input data of the logic model and outputting the information security management level coefficient coef of the enterprise through the logic model prediction1
An evaluation model updating and training module connected with the logic model prediction module and used for predicting the output coefficient coef by the logic model1Updating and training the evaluation model as a real value output by the evaluation model;
an evaluation model prediction module connected with the index value acquisition module and the evaluation model updating training module and used for taking the information security management level evaluation data of the enterprise acquired at the current evaluation time point as evaluation dataInputting the evaluation model, and outputting the information security management level coefficient coef of the enterprise through the prediction of the evaluation model2
The classification prediction module is connected with the memory and used for acquiring historical n times of information safety management level evaluation data aiming at the enterprise from the memory, forming a time sequence to be input into an LSTM classification model, and predicting and outputting an information safety management level coefficient coef of the enterprise through the LSTM classification model3
A correction factor calculation module connected with the classification prediction module and used for predicting the output coefficient coef according to the m times and the m +1 times of the LSTM classification model3Calculating a correction factor div for evaluating the information security management level of the enterprise;
a correction module connected to the correction factor calculation module and the estimation model prediction module for calculating the correction factor div and the coefficient coef predicted by the estimation model2As a correction result;
and the enterprise information safety management level grade determining module is connected with the correcting module and used for looking up a judgment interval of the enterprise information safety management level grade in which the correction result falls, and finally determining the information safety management level grade of the enterprise according to the incidence relation between the judgment interval and the corresponding enterprise information safety management level grade.
CN202210237907.4A 2022-03-11 2022-03-11 Enterprise information security management level evaluation method and system based on big data analysis Pending CN114611928A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210237907.4A CN114611928A (en) 2022-03-11 2022-03-11 Enterprise information security management level evaluation method and system based on big data analysis

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210237907.4A CN114611928A (en) 2022-03-11 2022-03-11 Enterprise information security management level evaluation method and system based on big data analysis

Publications (1)

Publication Number Publication Date
CN114611928A true CN114611928A (en) 2022-06-10

Family

ID=81863748

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210237907.4A Pending CN114611928A (en) 2022-03-11 2022-03-11 Enterprise information security management level evaluation method and system based on big data analysis

Country Status (1)

Country Link
CN (1) CN114611928A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396238A (en) * 2022-10-28 2022-11-25 中孚信息股份有限公司 Big data security evaluation analysis system and method
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396238A (en) * 2022-10-28 2022-11-25 中孚信息股份有限公司 Big data security evaluation analysis system and method
CN115396238B (en) * 2022-10-28 2023-03-14 中孚信息股份有限公司 Big data based security assessment analysis system and method
CN115766138A (en) * 2022-11-03 2023-03-07 国家工业信息安全发展研究中心 Industrial internet enterprise network security grading evaluation method and system

Similar Documents

Publication Publication Date Title
CN114611928A (en) Enterprise information security management level evaluation method and system based on big data analysis
CN110020770A (en) Risk and information management based on artificial intelligence
CN107909299A (en) People hinders Claims Resolution data risk checking method and system
CN108764707A (en) A kind of data assessment system and method
Yang et al. The multiplicative consistency threshold of intuitionistic fuzzy preference relation
CN107786369A (en) Based on the perception of IRT step analyses and LSTM powerline network security postures and Forecasting Methodology
CN106850254A (en) Key node recognition methods in a kind of power telecom network
Ferrari et al. Diagnostic tools in beta regression with varying dispersion
CN106230773A (en) Risk evaluating system based on fuzzy matrix analytic hierarchy process (AHP)
CN113177396B (en) Report generation method and device, computer equipment and storage medium
CN106295332A (en) Based on interval number and the Information Security Risk Assessment Methods of ideal solution
CN112836964B (en) Enterprise abnormity evaluation system and method
CN112784277B (en) Software credibility comprehensive evaluation method based on improved D-S evidence theory
CN105262719B (en) The method for evaluating trust of user behavior under a kind of Web environment
CN112418603A (en) ETC portal system state evaluation method based on equipment health index, electronic equipment and storage medium
Dammak et al. An exhaustive study of possibility measures of interval‐valued intuitionistic fuzzy sets and application to multicriteria decision making
CN104766250A (en) Risk factor weight value calculation method for pipe of pipe gallery
CN111738601A (en) Urban emergency capacity assessment method based on entropy weight element extension model
CN111898842A (en) Black start scheme evaluation method based on fuzzy entropy weight
Da Silva e Souza et al. Two‐stage inference using data envelopment analysis efficiency measurements in univariate production models
CN107590733A (en) Platform methods of risk assessment is borrowed based on the net of geographical economy and social networks
Hoskins et al. Modelling the degradation of condition indices
CN112702410B (en) Evaluation system, method and related equipment based on blockchain network
CN117252305A (en) House risk assessment method, device, equipment and medium
VandenHeuvel et al. Robust regression for electricity demand forecasting against cyberattacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination