CN116562627A - Security risk management method, system, equipment, medium and product - Google Patents
Security risk management method, system, equipment, medium and product Download PDFInfo
- Publication number
- CN116562627A CN116562627A CN202310567539.4A CN202310567539A CN116562627A CN 116562627 A CN116562627 A CN 116562627A CN 202310567539 A CN202310567539 A CN 202310567539A CN 116562627 A CN116562627 A CN 116562627A
- Authority
- CN
- China
- Prior art keywords
- risk
- data
- determining
- security risk
- evaluated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 106
- 238000012545 processing Methods 0.000 claims abstract description 95
- 238000011156 evaluation Methods 0.000 claims abstract description 55
- 238000000034 method Methods 0.000 claims description 25
- 230000015654 memory Effects 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004891 communication Methods 0.000 claims description 6
- 238000012512 characterization method Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 7
- 238000004519 manufacturing process Methods 0.000 description 5
- 238000012549 training Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 238000010606 normalization Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012954 risk control Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003631 expected effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001550 time effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0635—Risk analysis of enterprise or organisation activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- Tourism & Hospitality (AREA)
- Artificial Intelligence (AREA)
- Operations Research (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Game Theory and Decision Science (AREA)
- Educational Administration (AREA)
- Development Economics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Quality & Reliability (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Bioinformatics & Computational Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Evolutionary Biology (AREA)
- Evolutionary Computation (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The embodiment of the invention discloses a security risk management method, a system, equipment, a medium and a product. When the security risk result characterizes that the environment has security risk, determining a risk type according to the characterization evaluation data, and then determining a predicted processing result according to the risk type, wherein the predicted processing result characterizes whether the risk type can carry out risk processing. And when the predicted processing result represents that the risk processing can be performed, determining corresponding risk measures according to the risk types. Therefore, the data of different enterprises can be subjected to standardized management, and the management effect is improved.
Description
Technical Field
Embodiments of the present invention relate to the field of computer technology, and in particular, to a security risk management method, system, device, computer readable storage medium, and computer program product.
Background
Safety risk refers to a dangerous or harmful factor existing in production operation activities, and in order to achieve the purpose of safe production, safety risk management is generally required.
Typically, security risk management for different enterprises relies on their own platforms, where the platform standards are not uniform. And, the own platform is relatively isolated, and similar problems of other enterprises are difficult to obtain, so that corresponding treatment measures are obtained.
Therefore, there is a need for a comprehensive security risk management method.
Disclosure of Invention
In view of this, it is desirable to provide a security risk management method, which can acquire and manage data of different platforms. The application also provides a system, equipment, medium and program product corresponding to the method.
The technical scheme of the embodiment of the invention is realized as follows:
in a first aspect, an embodiment of the present invention provides a security risk management method, where the method includes:
acquiring data to be evaluated;
normalizing the data to be evaluated to obtain standard evaluation data;
determining a safety risk result according to the standard evaluation data, wherein the safety risk result represents whether an environment corresponding to the data to be evaluated has safety risk or not;
when the safety risk result represents that the environment has safety risk, determining a risk type according to the standard evaluation data;
determining a predicted processing result according to the risk type, wherein the predicted processing result represents whether the risk type can carry out risk processing;
and when the predicted processing result represents that risk processing can be performed, determining corresponding risk measures according to the risk type.
In a second aspect, an embodiment of the present invention provides a security risk management system, including:
the communication module is used for acquiring data to be evaluated;
the standardized module is used for standardizing the data to be evaluated to acquire standard evaluation data;
the safety risk result determining module is used for determining a safety risk result according to the standard evaluation data, and the safety risk result represents whether the environment corresponding to the data to be evaluated has safety risk or not;
the risk type determining module is used for determining a risk type according to the standard evaluation data when the safety risk result represents that the environment has safety risk;
the predicted processing result determining module is used for determining a predicted processing result according to the risk type, wherein the predicted processing result represents whether the risk type can carry out risk processing or not;
and the risk measure determining module is used for determining corresponding risk measures according to the risk types when the predicted processing result represents that the risk processing can be performed.
In a third aspect, an embodiment of the present invention provides an apparatus, including a processor and a memory. The processor and the memory communicate with each other. The processor is configured to execute instructions stored in the memory to cause the apparatus to perform the security risk management method as in the first aspect or any implementation of the first aspect.
In a fourth aspect, the present application provides a computer readable storage medium having stored therein instructions for instructing a device to execute the security risk management method according to the first aspect or any implementation manner of the first aspect.
In a fifth aspect, the present application provides a computer program product comprising instructions which, when run on a device, cause the device to perform the security risk management method of the first aspect or any implementation of the first aspect.
Further combinations of the present application may be made to provide further implementations based on the implementations provided in the above aspects.
From the above technical solutions, the embodiments of the present application have the following advantages:
the embodiment of the invention provides a security risk management method, which comprises the steps of obtaining data to be evaluated, standardizing the data to be evaluated, obtaining standard evaluation data, and determining a security risk result according to the standard evaluation data, wherein the security risk result represents whether an environment corresponding to the data to be evaluated has security risk or not. When the security risk result characterizes that the environment has security risk, determining a risk type according to the characterization evaluation data, and then determining a predicted processing result according to the risk type, wherein the predicted processing result characterizes whether the risk type can carry out risk processing. And when the predicted processing result represents that the risk processing can be performed, determining corresponding risk measures according to the risk types. Therefore, the data of different enterprises can be subjected to standardized management, and the management effect is improved.
Drawings
In order to more clearly illustrate the technical method of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1 is a schematic flow chart of a security risk management method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating another security risk management method according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating another security risk management method according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating interaction between a security risk management system and a user according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a security risk management system according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of another security risk management apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
The terms "first", "second" in the embodiments of the present application are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature.
The safety risk management means that the risk severity is determined by identifying dangerous and harmful factors existing in production operation activities and using a qualitative or quantitative statistical analysis method, and then the priority sequence of risk control and risk control measures are determined, so that the aims of improving the safety production environment, reducing and stopping safety production accidents are achieved.
Different enterprises generally conduct security risk management through own platforms, so that data in each platform is relatively isolated, when one risk appears in one enterprise, other enterprises cannot know and avoid the risk in time, and expected effects are difficult to achieve.
In view of this, the present application provides a security risk management method, which can be applied to a security risk management system to perform unified management on data of different platforms, thereby improving management effects. The security risk management system may be a device with data processing capability, for example, a server, or a terminal device such as a desktop, a notebook, or a smart phone.
Specifically, the security risk management system acquires data to be evaluated, then normalizes the data to be evaluated, acquires standard evaluation data, and then determines a security risk result according to the standard evaluation data, wherein the security risk result represents whether an environment corresponding to the data to be evaluated has security risk or not. When the security risk result characterizes that the environment has security risk, determining a risk type according to the characterization evaluation data, and then determining a predicted processing result according to the risk type, wherein the predicted processing result characterizes whether the risk type can carry out risk processing. And when the predicted processing result represents that the risk processing can be performed, determining corresponding risk measures according to the risk types.
Therefore, the data of different enterprises can be subjected to standardized management, and the management effect is improved. And on the basis of determining the risk result, the risk type is determined, and the risk measures are determined according to the type, so that the risk measures can be directly executed according to the corresponding risk measures, and the management efficiency is improved. Further, the safety risk result, the risk type and the corresponding risk measures can be used for managing the whole safety risk process, more information in the management process is obtained, and a comprehensive management effect is obtained.
In order to facilitate understanding of the technical solution of the present application, a security risk management method provided in the present application is described below with reference to fig. 1.
Referring to the flow chart of a security risk management method shown in fig. 1, the specific steps of the method are as follows:
102: the security risk management system acquires the data to be evaluated.
The data to be evaluated may be raw data. Because risk management of different enterprises depends on own platforms and standards are not uniform, the data to be evaluated in the scheme can be data with non-uniform standards in different platforms. For example, for the data with the standard a in the enterprise a, security risk management needs to be performed, in this scheme, the data with the standard a may be used as data to be evaluated, and for the data with the standard B in the enterprise B, security risk management needs to be performed, in this scheme, the data with the standard B may be used as data to be evaluated.
The security risk management system may obtain the data to be evaluated in different ways. Specifically, the security risk management system may obtain the data to be evaluated from the a-platform through a wired connection, and the security risk management system may also obtain the data to be evaluated from the B-platform through a wireless (e.g., bluetooth or WIFI) connection.
104: and the security risk management system standardizes the data to be evaluated to acquire standard evaluation data.
The standard evaluation data are data with the same format standard.
Because the platform standards corresponding to different enterprise platforms are not uniform, the standards of the data to be evaluated are not uniform, and direct processing is difficult. Therefore, the security risk management system needs to standardize the data to be evaluated, and obtain standard evaluation data with uniform data format, so that the flexibility of security risk management is improved.
The normalization refers to performing format conversion from the data to be evaluated according to the format required by the standard evaluation data, and extracting the data content required by the standard evaluation data. Thus, the security risk management system can perform unified management on the data to be evaluated corresponding to different platforms.
106: and the security risk management system determines a security risk result according to the standard evaluation data.
And the security risk result represents whether the environment corresponding to the data to be evaluated has security risk or not.
The security risk results include having a security risk and not having a security risk. The environment corresponding to the data to be evaluated is characterized by safety risk; the environment corresponding to the data to be evaluated is not provided with a safety risk representation.
And the security risk management system determines a security risk result according to the standard evaluation data and preset evaluation requirements. For example, for a data in the standard evaluation data, when the preset evaluation requirement is a higher than 50, the safety risk is present, and when the standard evaluation requirement is not higher than 50, the safety risk is not present.
Executing 107 when the security risk result characterizes the environment as not having a security risk; when the security risk result characterizes the environment as having a security risk, execution 108.
107: and the security risk management system displays the security risk result.
Fig. 2 is a schematic flow chart of another security risk management method. When the security risk result characterizes that the environment does not have security risk, the security management system can display the security risk result through a display device so that a user can acquire the security risk result.
108: and the security risk management system determines the risk type according to the standard evaluation data.
And when the security risk result represents that the environment has security risk, the security risk management system determines the risk type according to the standard evaluation data.
The risk types include a first risk, a second risk, a third risk, and the like, or the risk types may also include a primary risk, a medium risk, and a high risk.
The standard evaluation data comprises, for example, a parameter a, a parameter b, and a parameter c, wherein the environment is characterized as having no security risk when the parameter a does not exceed 50, the parameter b does not exceed 60, and the parameter c does not exceed 70. When the parameter a is greater than 50 and not more than 60, the characterization has a primary first risk, when the parameter a is greater than 60 and not more than 80, the characterization has a medium first risk, and when the parameter a is greater than 80, the characterization has a high first risk. When parameter b is greater than 60, the characterization has a second risk. When the parameter c is greater than 70 and not more than 100, the characterization has a primary third risk, and when the parameter c is greater than 100, the characterization has a high-level third risk. When parameters a, b and c are all greater than 100, the characterization has a fourth risk (high priority).
110: and the security risk management system determines an expected processing result according to the risk type.
In some possible cases, there may be a risk of being able to process, or there may be a risk of being unable to process, so the security risk management system determines the expected processing result according to the risk type. And the predicted processing result characterizes whether the risk type can be subjected to risk processing, namely judging whether the risk type can be subjected to risk processing.
The criterion of whether risk processing is possible can be determined from historical data. For example, the database may have recorded therein information about the type of risk a and the corresponding processing results. When the processing result is that the processing is successful, the risk processing can be performed for the risk of the risk type a. When the processing result is processing failure, risk processing is not considered to be performed for risks with a risk type of a.
Further, the database may record a risk type a and a corresponding plurality of processing results, and when there is a successful processing in the plurality of processing results, the risk type a risk is considered to be a risk processing. Or when more than half of the processing results exist and the processing is successful, the risk type a risk can be considered as the risk processing can be performed.
Executing 111 when the predicted processing result characterizes that risk processing cannot be performed; when the projected treatment result characterizes the risk treatment, 112 is performed.
111: the security risk management system displays the predicted processing result.
When the predicted processing result characterizes that the risk processing cannot be performed, the security risk management system can display the predicted processing result so that a user can know the risk and consider other measures to solve.
In some possible implementations, the security risk management system may display the risk type while displaying the predicted processing results, so that the user obtains the risk type for processing. Further, the security risk results may also be displayed for timely handling by the user.
112: and the security risk management system determines corresponding risk measures according to the risk types.
And when the predicted processing result represents that risk processing can be performed, the security risk management system determines corresponding risk measures according to the risk types. In some possible implementations, the security risk management system may display the corresponding risk measures so that the user may perform the risk measures to avoid the risk.
In some possible implementations, a risk measure may include multiple steps. For example, for risk type a, there may be risk measure a, risk measure B, and risk measure C, where risk measure a, risk measure B, and risk measure C may correspond to different probabilities of resolving the risk. Further, the risk measure a may include step 1, step 2, and step 3, and the user may sequentially perform step 1, step 2, and step 3 in order to reduce the risk.
In some possible implementations, as shown in fig. 3, the method further includes the steps of:
114: the security risk management system acquires tracking information corresponding to each of the plurality of nodes.
The tracking information comprises arrival time, processing personnel, receiving time and finishing time.
The user may acquire risk through the security risk management system and then perform according to the risk measures provided by the risk management system in order to eliminate the risk.
In the related art, security risk management corresponding to different enterprises only provides a solution measure, and does not pay attention to the execution of the measure by the user. Therefore, in the application, the risk management system can also acquire the tracking information corresponding to each of the plurality of nodes, and acquire the execution condition of the user.
In some possible implementations, the user interacts with the risk management system, and the security risk management system obtains tracking information corresponding to each of the plurality of nodes in response to execution of the risk measure by the user.
Therefore, through interaction between the user and the risk management system, the user can acquire the safety risk condition from the risk management system and execute according to corresponding risk measures, the risk management system acquires the execution condition of the user, and evaluates the execution condition to perform unified management so that the user can execute better later and eliminate risks better.
116: and the security risk management system determines an evaluation result according to the tracking information.
The evaluation result comprises personnel receiving time consumption, personnel processing time consumption and processing result evaluation.
The evaluation result is related to the tracking information, wherein the time consumed by personnel for receiving and the time consumed by personnel for processing, and the evaluation of the processing result can be determined by the arrival time, the processing personnel, the receiving time, the finishing time and other tracking information.
As shown in fig. 4, the security risk management system provided in the present application may be used to interact with a user, and obtain and evaluate the management content of the full period according to the feedback of the user. Specifically, the security risk management system performs the security risk management method inside the security risk management system.
In some possible implementations, the security risk management system obtains data to be evaluated, normalizes the data to be evaluated, obtains standard evaluation data, and determines a security risk result according to the standard evaluation data. The security risk management system may display the security risk results so that the user may timely obtain the security risk results to begin processing.
When the security risk result indicates that the environment corresponding to the data to be evaluated does not have security risk, the user can consider that the environment is secure. When the security risk result represents that the environment corresponding to the data to be evaluated has security risk, the user can know the risk in time, and take corresponding measures such as stopping the action in the environment in time. And when the security risk result represents that the environment has security risk, the security risk management system determines the risk type according to the standard evaluation data.
Further, the security risk management system may also display the risk type to the user for timely acquisition by the user. And the security risk management system determines an expected processing result of whether risk processing can be performed on the risk type according to the risk type, and displays the expected processing result to a user so that the user can timely know whether the security risk can be processed.
When the security risk type cannot be handled by the risk, the user can acquire the security risk type in time so as to take other measures to solve the security risk type. When the risk type can be subjected to risk treatment, corresponding risk measures can be determined according to the risk type, and then the risk measures can be displayed to a user so that the user can treat according to the risk measures.
In some possible implementations, the risk measure includes a plurality of nodes, each node representing a step, and the user may communicate the execution for each node to the security risk management system for recording and evaluation by the security risk management system. Specifically, the security risk management system responds to the execution of the user on each node of the risk measures, acquires tracking information corresponding to a plurality of nodes respectively, and records the tracking information. And then determining an evaluation result according to the tracking information so as to realize the management of the whole risk safety risk process.
Based on the above description, the embodiment of the application provides a security risk management method, a security risk management system obtains data to be evaluated, then normalizes the data to be evaluated, obtains standard evaluation data, and then determines a security risk result according to the standard evaluation data, wherein the security risk result represents whether an environment corresponding to the data to be evaluated has security risk or not. When the security risk result characterizes that the environment has security risk, determining a risk type according to the characterization evaluation data, and then determining a predicted processing result according to the risk type, wherein the predicted processing result characterizes whether the risk type can carry out risk processing. And when the predicted processing result represents that the risk processing can be performed, determining corresponding risk measures according to the risk types.
Therefore, the data of different enterprises can be subjected to standardized management, and the management effect is improved. And on the basis of determining the risk result, the risk type is determined, and the risk measures are determined according to the type, so that the risk measures can be directly executed according to the corresponding risk measures, and the management efficiency is improved. Further, the safety risk result, the risk type and the corresponding risk measures can be used for managing the whole safety risk process, more information in the management process is obtained, and a comprehensive management effect is obtained.
Corresponding to the above method embodiment, the present application further provides a security risk management system, where the apparatus refers to fig. 5, and the system 500 includes: a communication module 502, a normalization module 504, a security risk result determination module 506, a risk type determination module 508, an expected processing result determination module 510, and a security risk measure determination module 512.
The communication module is used for acquiring data to be evaluated;
the standardized module is used for standardizing the data to be evaluated to acquire standard evaluation data;
the safety risk result determining module is used for determining a safety risk result according to the standard evaluation data, and the safety risk result represents whether the environment corresponding to the data to be evaluated has safety risk or not;
the risk type determining module is used for determining a risk type according to the standard evaluation data when the safety risk result represents that the environment has safety risk;
the predicted processing result determining module is used for determining a predicted processing result according to the risk type, wherein the predicted processing result represents whether the risk type can carry out risk processing or not;
and the risk measure determining module is used for determining corresponding risk measures according to the risk types when the predicted processing result represents that the risk processing can be performed.
In some possible implementations, the risk measure includes a plurality of nodes, as shown in fig. 6, and the apparatus further includes a tracking module 614 configured to:
acquiring tracking information corresponding to each of a plurality of nodes;
and determining an evaluation result according to the tracking information.
In some possible implementations, the tracking information includes arrival time, handler, receipt time, and completion time.
In some possible implementations, the evaluation results include personnel receiving time consuming, personnel processing time consuming, and processing result evaluation.
In some possible implementations, the standard evaluation data is data with the same format standard.
In some possible implementations, the tracking module is specifically configured to:
and responding to the execution of the risk measures by the user, and acquiring tracking information corresponding to the nodes respectively.
The application provides equipment for realizing a security risk management method. The apparatus includes a processor and a memory. The processor and the memory communicate with each other. The processor is configured to execute instructions stored in the memory to cause the device to perform the security risk management method described above.
The present application provides a computer readable storage medium having instructions stored therein that, when executed on a device, cause the device to perform the security risk management method described above.
The present application provides a computer program product containing instructions that, when run on a device, cause the device to perform the above-described security risk management method.
It should be further noted that the above-described apparatus embodiments are merely illustrative, and that the units described as separate units may or may not be physically separate, and that units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiment of the device provided by the application, the connection relation between the modules represents that the modules have communication connection therebetween, and can be specifically implemented as one or more communication buses or signal lines.
From the above description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented by means of software plus necessary general purpose hardware, or of course may be implemented by dedicated hardware including application specific integrated circuits, dedicated CPUs, dedicated memories, dedicated components and the like. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions can be varied, such as analog circuits, digital circuits, or dedicated circuits. However, a software program implementation is a preferred embodiment in many cases for the present application. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk or an optical disk of a computer, etc., including several instructions for causing a computer device (which may be a personal computer, a training device, or a network device, etc.) to perform the method described in the embodiments of the present application.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, training device, or data center to another website, computer, training device, or data center via a wired (e.g., coaxial cable, optical fiber, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a training device, a data center, or the like that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy Disk, a hard Disk, a magnetic tape), an optical medium (e.g., a DVD), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
It should be noted that: the technical schemes described in the embodiments of the present invention may be arbitrarily combined without any collision.
The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A security risk management method, the method comprising:
acquiring data to be evaluated;
normalizing the data to be evaluated to obtain standard evaluation data;
determining a safety risk result according to the standard evaluation data, wherein the safety risk result represents whether an environment corresponding to the data to be evaluated has safety risk or not;
when the safety risk result represents that the environment has safety risk, determining a risk type according to the standard evaluation data;
determining a predicted processing result according to the risk type, wherein the predicted processing result represents whether the risk type can carry out risk processing;
and when the predicted processing result represents that risk processing can be performed, determining corresponding risk measures according to the risk type.
2. The method of claim 1, wherein the risk measure comprises a plurality of nodes, the method further comprising:
acquiring tracking information corresponding to each of a plurality of nodes;
and determining an evaluation result according to the tracking information.
3. The method of claim 2, wherein the tracking information includes arrival time, handler, reception time, and completion time.
4. A method according to claim 3, wherein the assessment results comprise personnel receiving time, personnel processing time, and processing result assessment.
5. The method of claim 1, wherein the standard evaluation data is data having the same format standard.
6. The method according to claim 2, wherein the obtaining tracking information corresponding to each of the plurality of nodes includes:
and responding to the execution of the risk measures by the user, and acquiring tracking information corresponding to the nodes respectively.
7. A security risk management apparatus, the apparatus comprising:
the communication module is used for acquiring data to be evaluated;
the standardized module is used for standardizing the data to be evaluated to acquire standard evaluation data;
the safety risk result determining module is used for determining a safety risk result according to the standard evaluation data, and the safety risk result represents whether the environment corresponding to the data to be evaluated has safety risk or not;
the risk type determining module is used for determining a risk type according to the standard evaluation data when the safety risk result represents that the environment has safety risk;
the predicted processing result determining module is used for determining a predicted processing result according to the risk type, wherein the predicted processing result represents whether the risk type can carry out risk processing or not;
and the risk measure determining module is used for determining corresponding risk measures according to the risk types when the predicted processing result represents that the risk processing can be performed.
8. An apparatus comprising a processor and a memory;
the processor is configured to execute instructions stored in the memory to cause the apparatus to perform the method of any one of claims 1 to 6.
9. A computer readable storage medium comprising instructions that instruct a device to perform the method of any one of claims 1 to 6.
10. A computer program product, characterized in that the computer program product, when run on a computer, causes the computer to perform the method according to any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310567539.4A CN116562627A (en) | 2023-05-19 | 2023-05-19 | Security risk management method, system, equipment, medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310567539.4A CN116562627A (en) | 2023-05-19 | 2023-05-19 | Security risk management method, system, equipment, medium and product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116562627A true CN116562627A (en) | 2023-08-08 |
Family
ID=87494343
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310567539.4A Pending CN116562627A (en) | 2023-05-19 | 2023-05-19 | Security risk management method, system, equipment, medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116562627A (en) |
Citations (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102142105A (en) * | 2010-01-28 | 2011-08-03 | 镇江金钛软件有限公司 | Enterprise cluster distributed cooperative operation system |
| WO2014025809A1 (en) * | 2012-08-06 | 2014-02-13 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
| CN103699570A (en) * | 2013-11-22 | 2014-04-02 | 广东泛在无线射频识别公共技术支持有限公司 | Product supply chain information sharing realization method and product supply chain information sharing realization system |
| CN104376430A (en) * | 2014-11-28 | 2015-02-25 | 东莞中国科学院云计算产业技术创新与育成中心 | Hidden risk management system based on cloud service platform and implementing method of hidden risk management system |
| US20150242619A1 (en) * | 2014-02-24 | 2015-08-27 | Northcross Group | Security management system |
| CN106485396A (en) * | 2016-09-09 | 2017-03-08 | 北京科技大学 | A kind of safety in production hidden troubles removing system |
| CN107274075A (en) * | 2017-05-26 | 2017-10-20 | 陈曦 | A kind of HSE risk datas stage division |
| CN108920978A (en) * | 2018-06-26 | 2018-11-30 | 赛飞特工程技术集团有限公司 | Block chain technology-based safe production information sharing method |
| CN110046827A (en) * | 2019-04-23 | 2019-07-23 | 发贵科技(贵州)有限公司 | A kind of quality risk management network data base for information sharing |
| CN110135724A (en) * | 2019-05-10 | 2019-08-16 | 苏州睿沃信息科技有限公司 | Enterprise-Wide Total Risk Management System and method for based on COSO internal control framework |
| CN111062850A (en) * | 2019-12-19 | 2020-04-24 | 贵州惠智电子技术有限责任公司 | Government affair integration management system for solving interconnection and intercommunication of multi-platform services |
| CN111176680A (en) * | 2019-12-25 | 2020-05-19 | 远光软件股份有限公司 | Enterprise terminal management method, system, equipment and medium based on Internet of things |
| CN112733147A (en) * | 2021-01-07 | 2021-04-30 | 中国工商银行股份有限公司 | Equipment safety management method and system |
| CN113157980A (en) * | 2021-03-24 | 2021-07-23 | 浙江数链科技有限公司 | Data synchronization method, device, equipment and storage medium |
| CN113160021A (en) * | 2021-03-18 | 2021-07-23 | 天津中科物联科技有限公司 | Safe production early warning system based on multi-source heterogeneous data federal learning |
| CN113988670A (en) * | 2021-11-02 | 2022-01-28 | 城云科技(中国)有限公司 | Comprehensive enterprise credit risk early warning method and system |
| CN114021967A (en) * | 2021-11-04 | 2022-02-08 | 中国安全生产科学研究院 | Safe production risk pre-control evaluation method for village and town government departments |
| CN114140094A (en) * | 2021-12-13 | 2022-03-04 | 成都市食品检验研究院 | Intelligent risk monitoring and early warning system for food enterprises |
| CN114553599A (en) * | 2022-04-22 | 2022-05-27 | 北京思路智园科技有限公司 | Garden monitoring system and method based on edge calculation |
| CN114826874A (en) * | 2022-04-24 | 2022-07-29 | 上海碳泽信息科技有限公司 | Automatic processing method, system and storage medium for safety alarm log |
| CN114881498A (en) * | 2022-05-18 | 2022-08-09 | 电子科技大学长三角研究院(湖州) | Enterprise production safety comprehensive evaluation method of coupled space-time elements |
| CN115062006A (en) * | 2022-06-16 | 2022-09-16 | 平安银行股份有限公司 | Risk assessment method and system based on associated enterprises |
| CN115222513A (en) * | 2022-07-19 | 2022-10-21 | 深圳市银雁金融服务有限公司 | Cross-bank account risk sharing oriented configuration method and system |
| CN115409375A (en) * | 2022-08-31 | 2022-11-29 | 海南锦赟安全技术服务有限公司 | Security accident monitoring method, device, equipment and readable storage medium |
| CN115801828A (en) * | 2022-11-08 | 2023-03-14 | 国网浙江省电力有限公司湖州供电公司 | Intelligent substation secondary data analysis system based on platform and terminal |
| CN116050836A (en) * | 2023-01-03 | 2023-05-02 | 清华大学 | Accident prevention service datamation construction method and system based on double prevention mechanism |
-
2023
- 2023-05-19 CN CN202310567539.4A patent/CN116562627A/en active Pending
Patent Citations (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102142105A (en) * | 2010-01-28 | 2011-08-03 | 镇江金钛软件有限公司 | Enterprise cluster distributed cooperative operation system |
| WO2014025809A1 (en) * | 2012-08-06 | 2014-02-13 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
| CN103699570A (en) * | 2013-11-22 | 2014-04-02 | 广东泛在无线射频识别公共技术支持有限公司 | Product supply chain information sharing realization method and product supply chain information sharing realization system |
| US20150242619A1 (en) * | 2014-02-24 | 2015-08-27 | Northcross Group | Security management system |
| CN104376430A (en) * | 2014-11-28 | 2015-02-25 | 东莞中国科学院云计算产业技术创新与育成中心 | Hidden risk management system based on cloud service platform and implementing method of hidden risk management system |
| CN106485396A (en) * | 2016-09-09 | 2017-03-08 | 北京科技大学 | A kind of safety in production hidden troubles removing system |
| CN107274075A (en) * | 2017-05-26 | 2017-10-20 | 陈曦 | A kind of HSE risk datas stage division |
| CN108920978A (en) * | 2018-06-26 | 2018-11-30 | 赛飞特工程技术集团有限公司 | Block chain technology-based safe production information sharing method |
| CN110046827A (en) * | 2019-04-23 | 2019-07-23 | 发贵科技(贵州)有限公司 | A kind of quality risk management network data base for information sharing |
| CN110135724A (en) * | 2019-05-10 | 2019-08-16 | 苏州睿沃信息科技有限公司 | Enterprise-Wide Total Risk Management System and method for based on COSO internal control framework |
| CN111062850A (en) * | 2019-12-19 | 2020-04-24 | 贵州惠智电子技术有限责任公司 | Government affair integration management system for solving interconnection and intercommunication of multi-platform services |
| CN111176680A (en) * | 2019-12-25 | 2020-05-19 | 远光软件股份有限公司 | Enterprise terminal management method, system, equipment and medium based on Internet of things |
| CN112733147A (en) * | 2021-01-07 | 2021-04-30 | 中国工商银行股份有限公司 | Equipment safety management method and system |
| CN113160021A (en) * | 2021-03-18 | 2021-07-23 | 天津中科物联科技有限公司 | Safe production early warning system based on multi-source heterogeneous data federal learning |
| CN113157980A (en) * | 2021-03-24 | 2021-07-23 | 浙江数链科技有限公司 | Data synchronization method, device, equipment and storage medium |
| CN113988670A (en) * | 2021-11-02 | 2022-01-28 | 城云科技(中国)有限公司 | Comprehensive enterprise credit risk early warning method and system |
| CN114021967A (en) * | 2021-11-04 | 2022-02-08 | 中国安全生产科学研究院 | Safe production risk pre-control evaluation method for village and town government departments |
| CN114140094A (en) * | 2021-12-13 | 2022-03-04 | 成都市食品检验研究院 | Intelligent risk monitoring and early warning system for food enterprises |
| CN114553599A (en) * | 2022-04-22 | 2022-05-27 | 北京思路智园科技有限公司 | Garden monitoring system and method based on edge calculation |
| CN114826874A (en) * | 2022-04-24 | 2022-07-29 | 上海碳泽信息科技有限公司 | Automatic processing method, system and storage medium for safety alarm log |
| CN114881498A (en) * | 2022-05-18 | 2022-08-09 | 电子科技大学长三角研究院(湖州) | Enterprise production safety comprehensive evaluation method of coupled space-time elements |
| CN115062006A (en) * | 2022-06-16 | 2022-09-16 | 平安银行股份有限公司 | Risk assessment method and system based on associated enterprises |
| CN115222513A (en) * | 2022-07-19 | 2022-10-21 | 深圳市银雁金融服务有限公司 | Cross-bank account risk sharing oriented configuration method and system |
| CN115409375A (en) * | 2022-08-31 | 2022-11-29 | 海南锦赟安全技术服务有限公司 | Security accident monitoring method, device, equipment and readable storage medium |
| CN115801828A (en) * | 2022-11-08 | 2023-03-14 | 国网浙江省电力有限公司湖州供电公司 | Intelligent substation secondary data analysis system based on platform and terminal |
| CN116050836A (en) * | 2023-01-03 | 2023-05-02 | 清华大学 | Accident prevention service datamation construction method and system based on double prevention mechanism |
Non-Patent Citations (3)
| Title |
|---|
| YU WANG: "Safety Production Supervision of Industrial Enterprises Based on Deep Learning and Artificial Intelligence", STATE-OF-THE-ART WIRELESS EMERGING TECHNOLOGIES FOR BEYOND 5G/B5G COMMUNICATION, 21 September 2022 (2022-09-21), pages 1 - 9 * |
| 史武: "浅谈企业生产现场安全风险分析及应对", 石化技术, vol. 25, no. 05, 28 May 2018 (2018-05-28), pages 214 - 215 * |
| 王宏朝; 李魏琦; 郭耀华; 刘瀛; 焦秀秀: "基于安全监测公共服务平台的企业供应链安全风险预控方法研究", 物流科技, vol. 45, no. 20, 20 December 2022 (2022-12-20), pages 28 - 32 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8229999B2 (en) | Analyzing anticipated value and effort in using cloud computing to process a specified workload | |
| CN110929799B (en) | Method, electronic device, and computer-readable medium for detecting abnormal user | |
| CN109543891B (en) | Method and apparatus for establishing capacity prediction model, and computer-readable storage medium | |
| CN110647523B (en) | Data quality analysis method and device, storage medium and electronic equipment | |
| CN113837596B (en) | Fault determination method and device, electronic equipment and storage medium | |
| CN110674009A (en) | Application server performance monitoring method and device, storage medium and electronic equipment | |
| CN111475372A (en) | Method, device, equipment and storage medium for monitoring service instance of microservice | |
| CN111241043A (en) | Multimedia file sharing method, terminal and storage medium | |
| CN112887355B (en) | Service processing method and device for abnormal server | |
| CN116562627A (en) | Security risk management method, system, equipment, medium and product | |
| CN116701123A (en) | Task early warning method, device, equipment, medium and program product | |
| US20140189849A1 (en) | Inferring Security Decisions From Trusted Users | |
| CN110033242B (en) | Working time determining method, device, equipment and medium | |
| CN115858378A (en) | Test system and method | |
| CN111427878B (en) | Data monitoring alarm method, device, server and storage medium | |
| CN114968696A (en) | Index monitoring method, electronic equipment and chip system | |
| CN113570083A (en) | Operation and maintenance flow determination method and device for equipment, electronic equipment and storage medium | |
| CN110888770B (en) | Method and device for transmitting information | |
| CN111400156A (en) | Log analysis method and device | |
| CN114024867B (en) | Network anomaly detection method and device | |
| US20180232673A1 (en) | Lab quality management system | |
| CN115499292B (en) | Alarm method, device, equipment and storage medium | |
| CN115412346B (en) | Message detection method and device, electronic equipment and storage medium | |
| CN114022123A (en) | Information prompting method, device, equipment, storage medium and program product | |
| CN113942548A (en) | Method and device for realizing standardized maintenance terminal of temporary speed limiting server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |