CN116346405A - Network security operation and maintenance capability evaluation system and method based on data statistics - Google Patents
Network security operation and maintenance capability evaluation system and method based on data statistics Download PDFInfo
- Publication number
- CN116346405A CN116346405A CN202310069775.3A CN202310069775A CN116346405A CN 116346405 A CN116346405 A CN 116346405A CN 202310069775 A CN202310069775 A CN 202310069775A CN 116346405 A CN116346405 A CN 116346405A
- Authority
- CN
- China
- Prior art keywords
- risk
- network
- module
- threat
- assessment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000011156 evaluation Methods 0.000 title claims abstract description 32
- 238000012423 maintenance Methods 0.000 title claims abstract description 24
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012502 risk assessment Methods 0.000 claims abstract description 45
- 230000002787 reinforcement Effects 0.000 claims abstract description 26
- 230000006378 damage Effects 0.000 claims abstract description 13
- 230000003993 interaction Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 8
- 230000000694 effects Effects 0.000 claims description 4
- 230000002457 bidirectional effect Effects 0.000 claims description 3
- 238000004891 communication Methods 0.000 claims description 3
- 230000007123 defense Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 230000003449 preventive effect Effects 0.000 claims description 3
- 230000001681 protective effect Effects 0.000 claims description 3
- 238000004451 qualitative analysis Methods 0.000 claims description 3
- 238000004445 quantitative analysis Methods 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims description 3
- 238000013459 approach Methods 0.000 claims description 2
- 230000008439 repair process Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000005856 abnormality Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000007704 transition Effects 0.000 description 3
- 238000010801 machine learning Methods 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013178 mathematical model Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000037361 pathway Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S10/00—Systems supporting electrical power generation, transmission or distribution
- Y04S10/50—Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a network security operation and maintenance capability assessment system and method based on data statistics, and belongs to the technical field of network security. The system and the method for evaluating the network security operation and maintenance capability based on the data statistics comprise a risk evaluation module, a risk understanding module, a risk reinforcement scheme module, a risk prediction module, a data acquisition module, a user interface and a database, wherein the data acquisition module is respectively interacted with the risk understanding module and the risk reinforcement scheme module. In order to solve the problem that the risk assessment coverage of the assessment system for network security is wider, but the risk assessment system cannot assess the risk level and the damage condition caused by each risk, the risk assessment module is used for calculating the reinforcement scheme which is implemented under the condition that the threat is transmitted to the network at the maximum risk by assuming that no security reinforcement is performed, so that the risk of the network is minimum.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a network security operation and maintenance capability evaluation system and method based on data statistics.
Background
With the advent of the network age, the scale and application field of the internet are continuously developed, the network is gradually permeated into the fields of daily life, economy, military, science and technology, education and the like of people, the basic and global status and the effect of the network are increasingly enhanced, however, the network is faced with increasingly complex structures and huge scales, and particularly, various novel attack means utilizing the security weaknesses of the system are largely used by invaders, and the security risks and threats faced by the information system are increasingly serious;
the Chinese patent with publication number of CN113225358B discloses a network security risk assessment system, an abnormality detection module based on machine learning is introduced, an abnormality detection result is integrated into the network security risk assessment result, the abnormality detection model can discover system abnormality and potential risks related to the system abnormality only by calculating the deviation degree of system characteristics and system normal outline characteristics which are characterized by the machine learning model, and the process does not need prior knowledge about attack, so that risk assessment has the capability of assessing unknown security risks.
In the above patent, the risk assessment coverage of the assessment system for network security is wider, but the risk level and the damage condition caused by each risk cannot be estimated; therefore, the existing requirements are not met, and a network security operation and maintenance capability assessment system and method based on data statistics are provided.
Disclosure of Invention
The invention aims to provide a network security operation and maintenance capability assessment system and method based on data statistics, wherein a risk assessment module is used for solving the problems in the prior art by calculating a reinforcement scheme to be implemented under the condition that the threat is transmitted to the network at the maximum risk by the threat under the condition that no security reinforcement is performed, and the system reinforcement module is used for calculating the maximum risk by the threat transmission.
In order to achieve the above purpose, the present invention provides the following technical solutions: the network security operation and maintenance capability assessment system based on data statistics comprises a risk assessment module, a risk understanding module, a risk reinforcement scheme module, a risk prediction module, a data acquisition module, a user interface and a database, wherein:
the data acquisition module is respectively interacted with the risk understanding module and the risk reinforcement scheme module;
the data acquisition module is used for collecting all data information in the monitoring range;
the risk understanding module is used for converting the format of the information collected by the data acquisition module;
the risk reinforcement scheme module is used for selecting and issuing a defense instruction according to the risk assessment result;
the risk assessment module is in bidirectional interaction with the risk prediction module, the risk assessment module is in interaction with the risk reinforcement scheme module, and the risk understanding module is in interaction with the risk assessment module;
the risk assessment module is used for detecting and assessing the network security data;
and the risk prediction module is used for carrying out simulation calculation by referring to a risk assessment result to obtain the damage degree.
Preferably, the risk assessment module comprises an asset identification module for identifying an asset and assigning a value to the asset, a threat identification module for identifying a threat, describing the attribute of the threat, and assigning a frequency of occurrence of the threat, and a vulnerability identification module for identifying a vulnerability and assigning a severity of the vulnerability to a specific asset.
Preferably, the threat identification module is configured to analyze the network asset for possible damage, including threat sources, threat pathways, threat capabilities, threat effects, threat intents, and threat frequencies;
the threat is classified into five classes, and from 1 to 5 represent the threat occurrence probability of the five classes respectively, and the greater the class value, the greater the threat occurrence probability.
Preferably, the asset identification module is composed of an asset identification unit and an asset estimation unit, wherein the asset identification unit is responsible for giving the specific object considered by the evaluation, determining the type and list of the network asset, and the asset estimation unit is responsible for confirming the importance degree of a specific asset in the network system.
Preferably, the vulnerability identification module adopts a qualitative relative grade mode, and the grade suggestions of the vulnerability are divided into five grades, wherein from 1 to 5 respectively represent the weakness degree of a certain asset of the five grades, and the greater the grade is, the higher the weakness degree is.
The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics comprises the following steps:
s101: preparing for network risk assessment;
s102: asset identification, threat identification, and vulnerability identification;
s103: confirming the existing safety measures;
s104: calculating risks;
s105: implementing risk management
Preferably, in S101, the network risk assessment preparation needs to determine a network assessment range, where the network assessment range includes:
a network system topology;
a network communication protocol;
network address allocation;
a network device;
a network service;
the network service type and service information flow;
network security precautions;
a network operating system;
network related personnel;
a network physical environment;
this stage generates an assessment definition report for scope definition of subsequent assessment work.
Preferably, in S102, based on asset assessment, threat assessment, vulnerability assessment, and security management assessment, a qualitative and quantitative analysis method is used to select a suitable risk technical method or tool to determine the size and risk level of the risk, and the risk value is calculated by analyzing the assessed data.
Preferably, in S103, the validity of various preventive and protective security measures taken by the evaluation target is checked, and whether the evaluation security measure can prevent the vulnerability from being utilized or resist the checked security threat.
Preferably, in the step S104, according to the principle of risk analysis, the risk value may be calculated by the following formula:
risk value=r (a, T, V) =r (L (T, V), F (Ia, va))
Wherein R represents a security risk calculation function; a represents an asset; t represents a threat; v represents vulnerability; ia represents the asset value acted upon by the security event; va represents vulnerability severity; l represents the likelihood that the vulnerability of the threat exploitation asset will result in a security event; f represents loss caused by the occurrence of a security event;
1) Calculating the likelihood of a security event occurring
Probability of security event = L (frequency of threat occurrence, vulnerability to exploitation) = L (T, V);
4) Calculating loss caused by loss security event caused by security event occurrence=f (asset value, vulnerability severity) =f (Ia, va);
5) Calculating risk values
Risk value=r (likelihood of security event, loss due to security event) =r (L (T, V), F (Ia, va)).
Compared with the prior art, the invention has the beneficial effects that:
1. the invention describes the current security situation value and the change trend of the network system through an accurate mathematical model, simultaneously, the system also gives a security reinforcement scheme for the network system in the current state, the reinforcement scheme guides a user to reduce threat and repair vulnerability, thereby improving the security situation of the system, and also gives a security reinforcement scheme for the network system in the current state, the reinforcement scheme guides the user to reduce threat and repair vulnerability, thereby improving the security situation of the network system;
2. in the invention, the risk assessment module is used for assuming that the greatest risk is brought to the network by the threat through propagation under the condition of no security reinforcement, and the system reinforcement module is used for calculating the reinforcement scheme which is required to be implemented under the condition of the greatest risk brought by the threat propagation so as to minimize the risk of the network.
Drawings
FIG. 1 is a diagram of a network security operation and maintenance capability assessment system framework of the present invention;
FIG. 2 is a schematic diagram of a risk assessment module according to the present invention;
FIG. 3 is a schematic diagram of a threat identification module composition of the invention;
FIG. 4 is a schematic diagram of an asset identification module according to the present invention;
FIG. 5 is a schematic diagram illustrating the steps of evaluating the network security operation capability according to the present invention;
FIG. 6 is a flow chart of the network security operation and maintenance capability evaluation of the present invention;
FIG. 7 is a schematic diagram of a network evaluation scope structure according to the present invention;
fig. 8 is a flow chart of the cyber-security risk analysis of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1-4, an embodiment of the present invention is provided: the network security operation and maintenance capability assessment system based on data statistics comprises a risk assessment module, a risk understanding module, a risk reinforcement scheme module, a risk prediction module, a data acquisition module, a user interface and a database, wherein:
the data acquisition module is respectively interacted with the risk understanding module and the risk reinforcement scheme module;
the data acquisition module is used for collecting all data information in the monitoring range;
the risk understanding module is used for converting the format of the information collected by the data acquisition module;
the risk reinforcement scheme module is used for selecting and issuing a defense instruction according to the risk assessment result;
the risk assessment module is in bidirectional interaction with the risk prediction module, the risk assessment module is in interaction with the risk reinforcement scheme module, and the risk understanding module is in interaction with the risk assessment module;
the risk assessment module is used for detecting and assessing the network security data;
and the risk prediction module is used for carrying out simulation calculation by referring to a risk assessment result to obtain the damage degree.
The risk assessment module comprises an asset identification module for identifying assets and assigning values of the assets, a threat identification module for identifying threats, describing the attribute of the threat, assigning the frequency of occurrence of the threat, and a vulnerability identification module for identifying vulnerabilities and assigning the severity of the vulnerability of a specific asset.
The threat identification module is used for analyzing the possible harm to the network asset, wherein the threat identification module comprises threat sources, threat approaches, threat capabilities, threat effects, threat intents and threat frequencies;
the threat is classified into five classes, and from 1 to 5 represent the threat occurrence probability of the five classes respectively, and the greater the class value, the greater the threat occurrence probability.
The asset identification module consists of an asset identification unit and an asset estimation unit, wherein the asset identification unit is responsible for giving out the specific object considered by evaluation, determining the type and list of the network asset, and the asset estimation unit is responsible for confirming the importance degree of a specific asset in the network system.
The vulnerability recognition module adopts a qualitative relative grade mode, and the grade suggestions of the vulnerability are divided into five grades, wherein the grade suggestions respectively represent the weakness degree of certain assets of the five grades from 1 to 5, and the greater the grade is, the higher the weakness degree is.
The threat party is represented by t, S is a state set, and at the kth moment, the threat state of the nth asset is recorded as
The values of (2) may take the values 1 and 0;1 represents a threat and 0 represents no threat;
the threat state at time k is:
the vulnerability is represented by v, S is a state set, and at the kth time, the vulnerability state of the nth asset is recorded as
The values of (1) may take the form of 1 and 0,1 indicating a vulnerability and 0 indicating no vulnerability;
the vulnerability state at time k is:
the threat party increases the risk through the propagation of the threat, and the vulnerability party reduces the risk through the repair of the vulnerability by a system administrator;
for a threat party, one propagation of the threat is referred to as one behavior of the threat party, the threat may propagate to other assets with a probability given in a state transition rule, at time k the threat propagates from the source asset to the destination asset by various means, denoted as u t (k) T represents a threat party, u t (k) Representing threat propagation to asset number i for i;
for the vulnerability partner, the system administrator repairs one action of the vulnerability called vulnerability, the repair scheme of the system administrator to the vulnerability is described in the state transition rule, and at the time k, the repair of the system administrator to the vulnerability of the asset is marked as u v (k) V represents a vulnerability prescription, u v (k) I represents the vulnerability of repair asset number i;
when a threat exists on an asset, the threat will cause a certain damage to the asset, and the longer the threat exists, the larger the damage is, namely the damage value of the threat at the time k of the network information system is V (s (k)), and the damage value of the threat in the system at the time k in unit time (namely from the time k to the time k+1) is R (s (k));
s (k+1) is the state of the system at time k+1, β is the discount factor, p (s (k+1) |s (k), u t ,u v ) Is the state transition probability, and according to the principle of risk value calculation, obtains
R(s(k))=VA·s t (k)·s v (k);
Wherein V represents vulnerability severity, A represents asset value, risk of each threat to the system can be calculated through a damage function, and risk values V generated by all threats are accumulated to obtain a total risk value V of the system sys ;
Referring to fig. 5-8, an evaluation method of a network security operation and maintenance capability evaluation system based on data statistics includes the following steps:
s101: preparing for network risk assessment;
s102: asset identification, threat identification, and vulnerability identification;
s103: confirming the existing safety measures;
s104: calculating risks;
s105: implementing risk management
In S101, the network risk assessment preparation needs to determine a network assessment range, where the network assessment range includes:
a network system topology;
a network communication protocol;
network address allocation;
a network device;
a network service;
the network service type and service information flow;
network security precautions;
a network operating system;
network related personnel;
a network physical environment;
this stage generates an assessment definition report for scope definition of subsequent assessment work.
In S102, based on asset assessment, threat assessment, vulnerability assessment, and security management assessment, a qualitative and quantitative analysis method is used to select a proper risk technical method or tool to determine the size and risk level of risk, and the risk value is calculated by analyzing the assessed data.
In S103, the validity of various preventive and protective security measures taken by the evaluation target is confirmed, and whether the evaluation security measures can prevent vulnerability from being utilized or resist the confirmed security threat is evaluated.
In S104, according to the principle of risk analysis, the risk value may be calculated by the following formula:
risk value=r (a, T, V) =r (L (T, V), F (Ia, va))
Wherein R represents a security risk calculation function; a represents an asset; t represents a threat; v represents vulnerability; ia represents the asset value acted upon by the security event; va represents vulnerability severity; l represents the likelihood that the vulnerability of the threat exploitation asset will result in a security event; f represents loss caused by the occurrence of a security event;
1) Calculating the likelihood of a security event occurring
Probability of security event = L (frequency of threat occurrence, vulnerability to exploitation) = L (T, V);
6) Calculating loss caused by loss security event caused by security event occurrence=f (asset value, vulnerability severity) =f (Ia, va);
the loss caused by the occurrence of part of the security events not only aims at the asset itself, but also influences the continuity of the service, the influence of the occurrence of different security events on the organization is different, the influence on the organization should be considered when the loss of a certain security event is calculated, the judgment of the loss caused by the part of the security events should also refer to the result of the occurrence possibility of the security time, and the loss of the security event with extremely small occurrence possibility can not be calculated.
7) Calculating risk values
Risk value=r (likelihood of security event, loss due to security event) =r (L (T, V), F (Ia, va));
for risks within an unacceptable range, the residual risks should be evaluated after selecting appropriate control measures, whether the risks have been reduced to an acceptable level should be determined, inputs are provided for risk management, the evaluation of the residual risks may be performed according to criteria of an organizational risk assessment, considering the selected control measures and the reduction of the possibility of occurrence of the threat by the existing control measures, some risks may remain within an unacceptable risk range after selecting appropriate control measures, and whether such risks are accepted or the control measures are added should be considered by a management layer according to the principles of risk acceptance. To ensure the effectiveness of the selected control measures, a reevaluation can be made if necessary to determine whether the residual risk after the control measures are implemented is acceptable.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. The network security operation and maintenance capability assessment system based on data statistics is characterized by comprising a risk assessment module, a risk understanding module, a risk reinforcement scheme module, a risk prediction module, a data acquisition module, a user interface and a database, wherein:
the data acquisition module is respectively interacted with the risk understanding module and the risk reinforcement scheme module;
the data acquisition module is used for collecting all data information in the monitoring range;
the risk understanding module is used for converting the format of the information collected by the data acquisition module;
the risk reinforcement scheme module is used for selecting and issuing a defense instruction according to the risk assessment result;
the risk assessment module is in bidirectional interaction with the risk prediction module, the risk assessment module is in interaction with the risk reinforcement scheme module, and the risk understanding module is in interaction with the risk assessment module;
the risk assessment module is used for detecting and assessing the network security data;
and the risk prediction module is used for carrying out simulation calculation by referring to a risk assessment result to obtain the damage degree.
2. The data statistics based network security operation and maintenance capability assessment system according to claim 1, wherein: the risk assessment module comprises an asset identification module for identifying assets and assigning values of the assets, a threat identification module for identifying threats, describing the attribute of the threat, assigning the frequency of occurrence of the threat, and a vulnerability identification module for identifying vulnerabilities and assigning the severity of the vulnerability of a specific asset.
3. The data statistics based network security operation and maintenance capability assessment system according to claim 2, wherein: the threat identification module is used for analyzing the possible harm to the network asset, wherein the threat identification module comprises threat sources, threat approaches, threat capabilities, threat effects, threat intents and threat frequencies;
the threat is classified into five classes, and from 1 to 5 represent the threat occurrence probability of the five classes respectively, and the greater the class value, the greater the threat occurrence probability.
4. The data statistics based network security operation and maintenance capability assessment system according to claim 3, wherein: the asset identification module consists of an asset identification unit and an asset estimation unit, wherein the asset identification unit is responsible for giving out the specific object considered by evaluation, determining the type and the list of the network asset, and the asset estimation unit is responsible for confirming the importance degree of a specific asset in the network system.
5. The data statistics based network security operation and maintenance capability assessment system according to claim 4, wherein: the vulnerability identification module adopts a qualitative relative grade mode, and the grade suggestions of the vulnerability are divided into five grades, and the grade suggestions respectively represent the weakness degree of certain assets of the five grades from 1 to 5, wherein the greater the grade is, the higher the weakness degree is.
6. The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics is realized based on the network security operation and maintenance capability evaluation system based on data statistics as set forth in claim 5, wherein the evaluation method comprises the following steps:
s101: preparing for network risk assessment;
s102: asset identification, threat identification, and vulnerability identification;
s103: confirming the existing safety measures;
s104: calculating risks;
s105: risk management is implemented.
7. The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics according to claim 6, wherein: in S101, the network risk assessment preparation needs to determine a network assessment range, where the network assessment range includes:
a network system topology;
a network communication protocol;
network address allocation;
a network device;
a network service;
the network service type and service information flow;
network security precautions;
a network operating system;
network related personnel;
a network physical environment;
this stage generates an assessment definition report for scope definition of subsequent assessment work.
8. The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics according to claim 6, wherein: in S102, based on asset assessment, threat assessment, vulnerability assessment, and security management assessment, a qualitative and quantitative analysis method is used to select a proper risk technical method or tool to determine the size and risk level of risk, and the risk value calculation is performed by analyzing the assessed data.
9. The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics according to claim 6, wherein: in S103, the validity of various preventive and protective security measures taken by the evaluation target is checked, and whether the evaluation security measures can prevent the vulnerability from being utilized or resist the checked security threat is evaluated.
10. The evaluation method of the network security operation and maintenance capability evaluation system based on data statistics according to claim 6, wherein: in S104, according to the principle of risk analysis, the risk value may be calculated by the following formula:
risk value=r (a, T, V) =r (L (T, V), F (Ia, va))
Wherein R represents a security risk calculation function; a represents an asset; t represents a threat; v represents vulnerability; ia represents the asset value acted upon by the security event; va represents vulnerability severity; l represents the likelihood that the vulnerability of the threat exploitation asset will result in a security event; f represents loss caused by the occurrence of a security event;
1) Calculating the likelihood of a security event occurring
Probability of security event = L (frequency of threat occurrence, vulnerability to exploitation) = L (T, V);
2) Calculating losses after a security event occurs
Loss due to security event = F (asset value, vulnerability severity) = F (Ia, va);
3) Calculating risk values
Risk value=r (likelihood of security event, loss due to security event) =r (L (T, V), F (Ia, va)).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310069775.3A CN116346405A (en) | 2023-02-07 | 2023-02-07 | Network security operation and maintenance capability evaluation system and method based on data statistics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310069775.3A CN116346405A (en) | 2023-02-07 | 2023-02-07 | Network security operation and maintenance capability evaluation system and method based on data statistics |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116346405A true CN116346405A (en) | 2023-06-27 |
Family
ID=86882958
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310069775.3A Pending CN116346405A (en) | 2023-02-07 | 2023-02-07 | Network security operation and maintenance capability evaluation system and method based on data statistics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116346405A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117172791A (en) * | 2023-11-02 | 2023-12-05 | 中保车服科技服务股份有限公司 | Risk assessment method, system, storage medium and equipment for transaction system |
-
2023
- 2023-02-07 CN CN202310069775.3A patent/CN116346405A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117172791A (en) * | 2023-11-02 | 2023-12-05 | 中保车服科技服务股份有限公司 | Risk assessment method, system, storage medium and equipment for transaction system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110647539B (en) | Prediction method and system for vehicle faults | |
| JP5666757B1 (en) | System and method for identifying related events in a resource network monitoring system | |
| Romano et al. | Automated detection of pipe bursts and other events in water distribution systems | |
| CN112114579B (en) | Industrial control system safety measurement method based on attack graph | |
| CN112162878A (en) | Database fault discovery method and device, electronic equipment and storage medium | |
| Pierro et al. | Are the gas prices oracle reliable? a case study using the ethgasstation | |
| WO2014101636A1 (en) | Method for evaluating risk in electric power communications network | |
| Yu et al. | Experience in predicting fault-prone software modules using complexity metrics | |
| CN108898311A (en) | A kind of data quality checking method towards intelligent distribution network repairing dispatching platform | |
| CN103149475A (en) | Method and system for fault diagnosis of electrical equipment | |
| CN116346405A (en) | Network security operation and maintenance capability evaluation system and method based on data statistics | |
| CN115225336A (en) | Vulnerability availability calculation method and device for network environment | |
| CN114298558A (en) | Electric power network safety studying and judging system and studying and judging method thereof | |
| RU2687848C1 (en) | Method and system of vibration monitoring of industrial safety of dynamic equipment of hazardous production facilities | |
| CN117034299B (en) | Intelligent contract safety detection system based on block chain | |
| KR20220116410A (en) | Security compliance automation method | |
| CN116405287B (en) | Industrial control system network security assessment method, equipment and medium | |
| CN116743503B (en) | Health evaluation method based on industrial control asset | |
| CN112800437B (en) | Information security risk evaluation system | |
| CN117972686B (en) | Data management method and related device | |
| Setiawan et al. | Designing a Cybersecurity Risk Assessment Framework for Local Government Web-Based Applications | |
| CN116485187A (en) | Enterprise-oriented carbon emission right transaction compliance risk management method and device | |
| Sabat et al. | Using semantic analysis of document text in building risk models in the threats system. | |
| CN116050633A (en) | Method and system for predicting enterprise contract default probability based on machine learning | |
| CN116502128A (en) | Bearing fault diagnosis method based on improved association rule |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |