CN116861446A - Data security assessment method and system - Google Patents

Abstract

The invention relates to the technical field of data security assessment methods, in particular to a data security assessment method and a data security assessment system, which comprise the following steps: and establishing a vulnerability management platform, and integrating the detected system into the vulnerability management platform. According to the invention, the vulnerability management platform and the automation tool are used, the evaluation efficiency can be greatly improved, the vulnerability prediction and self-adaptive security evaluation technology is adopted, potential security vulnerabilities and risks can be found in advance, preventive measures are taken, the probability of potential data leakage and threat occurrence is reduced, the integrity and the credibility of data are ensured through the autonomous data audit and blockchain technology, reliable data audit evidence is provided, the risks of data tampering and deception are reduced, the appropriate security protection measures can be ensured to be adopted for data of different levels through data classification, marking and privacy analysis, and accurate and timely data security risk evaluation can be provided through the automatic risk quantification and real-time monitoring technology.

Description

Data security assessment method and system

Technical Field

The invention relates to the technical field of data security assessment methods, in particular to a data security assessment method and system.

Background

Data security assessment is a process for determining whether data security measures are adequate, complete, and ensuring confidentiality, integrity, and availability of data. The data security assessment method is to discover potential risks and vulnerabilities in data storage, transmission and processing processes, and to identify weaknesses and challenges to improve data security. Common data security evaluation methods comprise security vulnerability scanning, vulnerability evaluation, security risk evaluation, penetration test, integrity check, data classification and privacy evaluation and compliance evaluation, and the comprehensive application of the methods can comprehensively evaluate and improve the security of data and adopt corresponding security measures and risk management strategies according to evaluation results so as to ensure the confidentiality, integrity and usability of the data.

In the existing data security assessment method, the existing method has problems in the aspect of vulnerability management, and organizations lack effective tools and platforms for centralized management and tracking when processing security vulnerabilities, so that the efficiency is low and the vulnerability is easy to leak. Secondly, the utilization degree of the existing method on big data and data analysis technology is low, and the lack of real-time monitoring and analysis on data access and use modes possibly causes the failure to discover security risks such as abnormal operation or data leakage in time. In addition, the traditional safety evaluation relies on manual subjective judgment, is easily influenced by personal experience and bias, and has limited consistency and objectivity of evaluation results. In addition, the existing method is not complete enough in terms of data audit and verification, cannot provide an untampered audit chain, and cannot effectively prevent risks of data tampering and deception. Furthermore, existing methods have shortcomings in terms of privacy analysis and protection, and difficulties in identifying and assessing the degree of data privacy and security protection required. Finally, the existing method has limited capability of monitoring and quantifying the data security risk, lacks real-time and accurate risk monitoring, causes lag of evaluation results of the data security state and risk, and needs to be improved.

Disclosure of Invention

The invention aims to solve the defects in the prior art, and provides a data security assessment method and system.

In order to achieve the above purpose, the present invention adopts the following technical scheme: a method of evaluating data security, comprising the steps of:

establishing a vulnerability management platform, and integrating the detected system into the vulnerability management platform;

safety testing is carried out on the detected system by using an automatic tool, the existence of the loophole is searched and confirmed, and a test result is generated;

based on the test result, analyzing historical vulnerability data and trends by utilizing a machine learning and statistical analysis technology to generate a vulnerability prediction result;

introducing a blockchain technology, recording the test result and the vulnerability prediction result, and creating an untampered audit chain;

classifying and labeling the data in the audit chain, identifying the privacy information in the data, processing the privacy information to obtain the processed privacy information, and carrying out data privacy analysis to generate a privacy analysis result;

and automatically collecting and integrating key risk indexes through a security risk rating system based on the test result, the vulnerability prediction result and the privacy analysis result, and carrying out real-time monitoring and quantification on the data security risk.

As a further scheme of the invention, the step of establishing the vulnerability management platform and integrating the detected system in the vulnerability management platform comprises the following steps:

acquiring system information of the detected system including version information, a component list, a dependency relationship and source codes by using an automatic acquisition tool;

analyzing and standardizing the system information by adopting a natural language processing technology and a regular expression to obtain the processed system information;

and importing the system information into a database of a vulnerability management platform.

As a further scheme of the present invention, the step of using an automation tool to perform security test on the detected system, searching and confirming the existence of a vulnerability, and generating a test result specifically includes:

establishing a communication connection between the automation tool and the detected system;

the automated tool performs scanning and attack simulation to discover vulnerabilities in the detected system;

based on the loopholes, the automation tool confirms the type and severity of the loopholes by using an internal loophole database, a feature matching algorithm and a loophole mode identification;

and confirming the authenticity and availability of the vulnerability based on vulnerability exploitation and simulated attack technology, and generating the test result, wherein the test result comprises vulnerability description, hazard level, influence range and repair suggestion.

As a further scheme of the invention, the steps of analyzing historical vulnerability data and trends by utilizing machine learning and statistical analysis technology and generating a vulnerability prediction result are specifically as follows:

collecting historical vulnerability data of the detected system;

performing data cleaning, missing value processing, feature selection and conversion on the historical vulnerability data, and extracting feature source data;

based on the feature source data, performing feature engineering, extracting meaningful features, coding or converting the features, and selecting features related to vulnerability prediction, including vulnerability types and system configuration;

dividing a training set and a testing set according to the ratio of 7:3 by using the features related to the vulnerability prediction, training a classification model by using the training set aiming at the vulnerability prediction task, evaluating by using the testing set, and calculating the prediction accuracy and recall rate to obtain an evaluation result;

based on the evaluation result, optimizing the classification model, adjusting model parameters and performing feature screening;

predicting the test result based on a trained and parameter-optimized classification model, predicting whether a vulnerability exists based on the classification model, analyzing the trend of historical vulnerability data by using a time sequence analysis method, predicting the trend of future vulnerability occurrence, and generating the vulnerability prediction result;

and explaining the vulnerability prediction result to obtain prediction accuracy, predicted vulnerability category and potential influence information.

As a further scheme of the invention, the step of introducing the blockchain technology, recording the test result and the vulnerability prediction result and creating an untampereable audit chain is specifically as follows:

determining basic structure and constituent elements of a blockchain, including blocks, block heads, transactions and participants, defining the structure and format of stored data, and formulating storage and transmission rules thereof in the blockchain;

based on the basic structure and the constituent elements, a blockchain network is built, and a communication and data synchronization mechanism between nodes is built;

recording and storing the test results and the vulnerability prediction results, and recording each group of the test results and the vulnerability prediction results in the blockchain network as a transaction;

encrypting and hashing algorithm processing is carried out on the test result and the vulnerability prediction result, so that privacy and integrity are ensured;

packaging the data operation as blocks, including data operation information, a time stamp and a hash value, linking each new block to the previous block to form a continuously-growing chain structure, and creating a tamper-proof audit chain;

and ensuring the consistency and the safety of the data on the blockchain network through a consensus algorithm.

As a further scheme of the invention, the steps of classifying and labeling the data in the audit chain and identifying the privacy information therein are specifically as follows:

classifying and labeling according to the data types and contents in the audit chain, and dividing the data into different categories including historical vulnerability data, test result data and prediction result data;

adding labels and metadata to each of the historical vulnerability data, the test result data and the prediction result data to generate marked data;

based on the noted data, analyzing by using a regular expression, and identifying privacy information in the noted data, wherein the privacy information comprises personal identity information and privacy service data;

based on the privacy information, the privacy information is processed by adopting desensitization and encryption technology, based on anonymization, generalization, shielding and desensitization algorithms, the privacy and the safety of the privacy information are protected, and the encryption algorithm is used for encrypting the privacy information to obtain the processed privacy information.

As a further aspect of the present invention, the step of performing the data privacy analysis and generating the privacy analysis result specifically includes:

based on the processed privacy information, adopting information entropy and mutual information as indexes to perform data privacy analysis;

carrying out data privacy assessment and verification on the processed privacy information by means of simulated attack and data authentication to obtain a privacy analysis result;

based on the privacy analysis results, a specific privacy analysis report is generated, wherein the privacy analysis report comprises the privacy risk level of the evaluation data, the position and the type of the privacy information and the effectiveness of the privacy protection measures.

As a further scheme of the invention, the steps of automatically collecting and integrating key risk indexes through a security risk rating system based on the test result, the vulnerability prediction result and the privacy analysis result, and performing real-time monitoring and quantification on the data security risk are specifically as follows:

determining key risk indexes including vulnerability quantity, severity, repair time and exposure condition of private information;

automatically integrating the test result, the vulnerability prediction result and the privacy analysis result into the security risk rating system;

the security risk rating system automatically calculates and updates risk ratings based on key risk indexes, the test results, the vulnerability prediction results and the privacy analysis results;

according to the key risk index, converting related data comprising vulnerability quantity, severity, repair time and privacy information into a quantifiable form;

defining the weight and the threshold value of the key risk indexes, determining the contribution of each index to the overall risk, and comprehensively calculating the final risk rating;

integrating the security risk rating system with the vulnerability management platform, monitoring the security risk of the data on a real-time basis, and setting a threshold value and an alarm rule.

The data security assessment system based on the data security assessment method comprises a data recording and storing module, a privacy information identification and protection module, a data privacy analysis module and a data security risk assessment module.

As a further aspect of the present invention, the data recording and storing module includes a transaction recording sub-module, a encryption and hash processing sub-module, a blockchain management sub-module, and a consensus algorithm sub-module;

the privacy information identification and protection module comprises a data classification sub-module, a data labeling sub-module, a privacy information identification sub-module and a privacy information protection sub-module;

the data privacy analysis module comprises a privacy analysis index sub-module, a privacy evaluation and verification sub-module and a privacy analysis report sub-module;

the data security risk assessment module comprises a key risk indication definition sub-module, a data integration and calculation sub-module, a data quantification and conversion sub-module, a risk rating calculation sub-module and a real-time monitoring alarm sub-module.

Compared with the prior art, the invention has the advantages and positive effects that:

according to the invention, by using the vulnerability management platform and the automation tool, the evaluation efficiency can be greatly improved, and the manual workload and the time cost are reduced. By adopting vulnerability prediction and self-adaptive security assessment technology, potential security vulnerabilities and risks can be found in advance, and preventive measures are taken to reduce the probability of potential data leakage and threat occurrence. The integrity and the credibility of the data are ensured through autonomous data audit and a blockchain technology, reliable data audit and verification is provided, and the risks of data tampering and deception are reduced. Through data classification, marking and privacy analysis, proper security protection measures can be ensured to be adopted for data with different levels, and the protection level of data privacy and confidentiality is improved. By means of automatic risk quantification and real-time monitoring technology, accurate and timely data security risk assessment can be provided, and organization rapid response and risk coping strategies can be helped.

Drawings

FIG. 1 is a schematic diagram of a workflow of a data security assessment method and system according to the present invention;

FIG. 2 is a detailed flowchart of step 1 of a method and system for evaluating data security according to the present invention;

FIG. 3 is a detailed flowchart of step 2 of a method and system for evaluating data security according to the present invention;

FIG. 4 is a detailed flowchart of step 3 of a method and system for evaluating data security according to the present invention;

FIG. 5 is a detailed flowchart of step 4 of a method and system for evaluating data security according to the present invention;

FIG. 6 is a detailed flowchart of step 5 of a method and system for evaluating data security according to the present invention;

FIG. 7 is a detailed flowchart of step 6 of a method and system for evaluating data security according to the present invention;

fig. 8 is a schematic diagram of a system framework of a data security evaluation method and system according to the present invention.

Detailed Description

The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.

In the description of the present invention, it should be understood that the terms "length," "width," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like indicate orientations or positional relationships based on the orientation or positional relationships shown in the drawings, merely to facilitate describing the present invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the present invention. Furthermore, in the description of the present invention, the meaning of "a plurality" is two or more, unless explicitly defined otherwise.

Example 1

Referring to fig. 1, the present invention provides a technical solution: a method of evaluating data security, comprising the steps of:

establishing a vulnerability management platform, and integrating the detected system into the vulnerability management platform;

safety testing is carried out on the detected system by utilizing an automatic tool, the existence of the loophole is searched and confirmed, and a test result is generated;

based on the test result, analyzing historical vulnerability data and trends by utilizing machine learning and statistical analysis technology to generate a vulnerability prediction result;

introducing a blockchain technology, recording test results and vulnerability prediction results, and creating an untampered audit chain;

classifying and labeling data in an audit chain, identifying privacy information in the data, processing the privacy information to obtain processed privacy information, and carrying out data privacy analysis to generate a privacy analysis result;

based on the test result, the vulnerability prediction result and the privacy analysis result, automatically collecting and integrating key risk indexes through a security risk rating system, and carrying out real-time monitoring and quantification on the data security risk.

Firstly, a vulnerability management platform is established, and a system to be detected is integrated in the vulnerability management platform to realize unified vulnerability management and tracking.

Secondly, the security test is carried out on the system to be detected by using an automatic tool, and the vulnerability in the system is quickly found and confirmed by using the high efficiency and the accuracy of the security test and a detailed test result is generated.

Then, based on the test result, the historical vulnerability data and trend are analyzed by utilizing a machine learning and statistical analysis technology, a vulnerability prediction result is generated, possible vulnerabilities are predicted in advance, and corresponding safety protection measures are taken, so that potential risks are reduced.

In order to ensure the integrity and traceability of data operation, a blockchain technology is introduced, each data operation is recorded in a blockchain to form an untampered audit chain, and the safety and transparency of the data are enhanced.

And then classifying and labeling the data in the audit chain, identifying potential privacy information, and processing the potential privacy information to obtain the processed privacy information. The processed privacy information is used for carrying out data privacy analysis, evaluating the privacy protection degree of the data, and timely discovering and repairing potential privacy disclosure risks.

And finally, automatically collecting and integrating key risk indexes of the test result, the vulnerability prediction result and the privacy analysis result by means of a security risk rating system, and monitoring and quantifying the data security risk in real time. By the comprehensive evaluation and monitoring mechanism, the safety risk of the data can be evaluated rapidly and accurately, and measures can be taken timely to conduct risk management and protection.

Referring to fig. 2, the step of establishing a vulnerability management platform and integrating the detected system in the vulnerability management platform specifically includes:

acquiring system information of a detected system including version information, a component list, a dependency relationship and source codes by using an automatic acquisition tool;

analyzing and standardizing the system information by adopting a natural language processing technology and a regular expression to acquire the processed system information;

and importing the system information into a database of the vulnerability management platform.

And the vulnerability information is managed in a centralized way, and convenient vulnerability maintenance and tracking are provided through unified vulnerability management interfaces and functions, so that risks of information dispersion and omission are reduced. And secondly, the automatic information processing saves the workload and error rate of manual operation, rapidly and accurately extracts and standardizes the system information, and improves the quality and consistency of the data. In addition, the information of the detected system is integrated, so that the vulnerability management efficiency is improved, the system information is conveniently and rapidly imported and updated, and the response speed of vulnerability management is enhanced. Meanwhile, system information and vulnerability information are associated, consistency and visual analysis of data are achieved, vulnerability conditions of the system are better known, and decision making and priority ordering are assisted. In summary, a vulnerability management platform is established and the detected system is integrated therein, which is helpful for improving vulnerability management efficiency, reducing errors, facilitating data maintenance and analysis, and enhancing the management and control of system vulnerabilities.

Referring to fig. 3, the security test is performed on the detected system by using an automation tool, and the steps of searching and confirming the existence of the vulnerability and generating the test result are specifically as follows:

establishing a communication connection between the automation tool and the detected system;

the automated tool performs scanning and attack simulation to discover vulnerabilities in the detected system;

based on the loopholes, the automation tool confirms the type and severity of the loopholes by using an internal loophole database, a feature matching algorithm and a loophole mode identification;

based on the vulnerability exploitation and the simulated attack technology, the authenticity and the availability of the vulnerability are confirmed, and a test result is generated, wherein the test result comprises vulnerability description, hazard level, influence range and repair suggestion.

The steps of security testing, finding and confirming the existence of vulnerabilities on a detection system by utilizing an automated tool include establishing a communication connection, performing scanning and attack simulation, confirming the type and severity of vulnerabilities, confirming the authenticity and availability of vulnerabilities, and generating detailed test result reports. From an implementation perspective, this automated safety testing scheme provides several benefits. Firstly, the testing efficiency is improved, and the time and the workload required by manual testing are reduced. Secondly, human errors are reduced, and the accuracy and consistency of the test are improved. In addition, accurate vulnerability information is provided, based on an internal vulnerability database and an identification technology, vulnerabilities can be accurately identified and classified, and accurate information is provided for vulnerability repair and risk management. And the severity and availability of the vulnerability are rapidly evaluated, so that the emergency degree of vulnerability restoration is judged. And finally, generating a detailed test result report, including vulnerability descriptions, hazard levels, repair suggestions and the like, and providing accurate information for security teams and developers to guide vulnerability repair and risk management. In conclusion, the automation tool is utilized to carry out security test and generate detailed test results, so that the efficiency can be improved, errors can be reduced, accurate vulnerability information and suggestions can be provided, and vulnerability response and processing of security teams and developers are supported.

Referring to fig. 4, by using machine learning and statistical analysis technology, the steps of analyzing historical vulnerability data and trends and generating a vulnerability prediction result are specifically as follows:

collecting historical vulnerability data of the detected system;

performing data cleaning, missing value processing, feature selection and conversion on the historical vulnerability data, and extracting feature source data;

based on the feature source data, performing feature engineering, extracting meaningful features, coding or converting the features, and selecting features related to vulnerability prediction, including vulnerability types and system configuration;

dividing a training set and a testing set according to the ratio of 7:3 by using the features related to the vulnerability prediction, training a classification model by using the training set aiming at the vulnerability prediction task, evaluating by using the testing set, and calculating the prediction accuracy and recall rate to obtain an evaluation result;

based on the evaluation result, optimizing the classification model, adjusting model parameters and screening features;

predicting a test result by adopting a trained classification model, predicting whether a vulnerability exists based on the classification model, analyzing the trend of historical vulnerability data by using a time sequence analysis method, predicting the trend of future vulnerability occurrence, and generating a vulnerability prediction result;

and explaining the vulnerability prediction result to obtain prediction accuracy, predicted vulnerability category and potential influence information.

Through a machine learning algorithm and a statistical analysis technology, historical vulnerability data and related features can be utilized to build a prediction model, so that accuracy and reliability of vulnerability prediction are improved. The vulnerability prediction can assist a security team in discovering potential vulnerabilities in advance in the software development and system operation processes, and corresponding measures are taken to repair and alleviate the vulnerabilities, so that potential risks are reduced. Based on the vulnerability prediction result and trend analysis, the security team can reasonably allocate security resources, formulate protection strategies and make corresponding security decisions according to the prediction result, and optimize the priorities of vulnerability restoration and management. By means of vulnerability prediction, vulnerability restoration preparation can be made in advance, safety protection and coping capacity of the system are enhanced, and timeliness and initiative of safety are improved.

Referring to fig. 5, the steps of introducing a blockchain technique, recording a test result and a vulnerability prediction result, and creating a tamper-proof audit chain are specifically as follows:

determining basic structure and constituent elements of a blockchain, including blocks, block heads, transactions and participants, defining the structure and format of stored data, and formulating storage and transmission rules thereof in the blockchain;

based on the basic structure and the constituent elements, a block chain network is built, and a communication and data synchronization mechanism between nodes is built;

recording and storing the test results and the vulnerability prediction results, and recording each group of test results and vulnerability prediction results in the blockchain network as a transaction;

the data operation is encrypted and subjected to hash algorithm processing, so that privacy and integrity are ensured;

packaging data operation as blocks, including data operation information, a time stamp and a hash value, linking each new block to the previous block to form a continuously-growing chain structure, and creating a tamper-proof audit chain;

and through a consensus algorithm, the consistency and the safety of data on the blockchain network are ensured.

First, the basic structure and components of the blockchain are determined, and a blockchain network is established to ensure communication and data synchronization between nodes. And then, recording and storing the test result and the vulnerability prediction result, and encrypting and hashing the test result and the vulnerability prediction result to ensure the privacy and the integrity of the data. And then, packaging the recorded test result and vulnerability prediction result into blocks, and linking each new block to the last block to form a tamper-proof audit chain. Meanwhile, the consistency and the safety of data on the block chain network are ensured by adopting a consensus algorithm. The implementation of the scheme can bring various beneficial effects, including tamper resistance, traceability and security improvement of data, decentralization of trusted data storage and improvement of data credibility and credibility. The blockchain technology is introduced to provide higher credibility and guarantee for test results and vulnerability prediction results, so that the whole process is safer and more reliable.

Referring to fig. 6, the steps of classifying and labeling data in an audit chain and identifying privacy information therein are specifically as follows:

classifying and labeling according to the data types and contents in an audit chain, and dividing the data into different categories including historical vulnerability data, test result data and prediction result data;

adding labels and metadata to each piece of historical vulnerability data, each piece of test result data and each piece of forecast result data to generate marked data;

based on the marked data, analyzing by using a regular expression, and identifying privacy information in the marked data, wherein the privacy information comprises personal identity information and privacy service data;

based on the privacy information, the privacy information is processed by adopting desensitization and encryption technology, based on anonymization, generalization, shielding and desensitization algorithms, the privacy and the safety of the privacy information are protected, and the privacy information is encrypted by using an encryption algorithm, so that the processed privacy information is obtained.

The step of carrying out data privacy analysis and generating a privacy analysis result specifically comprises the following steps:

based on the processed privacy information, adopting information entropy and mutual information as indexes to perform data privacy analysis;

carrying out data privacy assessment and verification on the processed privacy information by means of simulated attack and data authentication to obtain a privacy analysis result;

based on the privacy analysis results, a specific privacy analysis report is generated, wherein the privacy analysis report comprises the privacy risk level of the evaluation data, the position and the type of the privacy information and the effectiveness of the privacy protection measures.

The step of classifying and labeling the data in the audit chain comprises determining the class and content of the data, classifying and labeling the data, and adding tags and metadata. Then, the method such as regular expression is used for identifying the privacy information therein, and the desensitization and encryption technology is adopted for privacy information protection. The process of data privacy analysis covers the use of information entropy, mutual information and other indexes, means for simulating attacks and data authentication, and generating a privacy analysis report. Through classification and labeling, data can be better organized and managed, and the efficiency of data operation is improved. The data security can be enhanced by identifying and protecting the privacy information, and the risk of revealing the user privacy is avoided. Implementation of privacy analysis and safeguards on data may ensure that organizations meet relevant privacy regulations and compliance requirements. Through effective data privacy protection, users can more trust organizations to process data, and the satisfaction degree of the users is improved.

Referring to fig. 7, based on the test result, the vulnerability prediction result, and the privacy analysis result, the steps of automatically collecting and integrating the key risk indexes through the security risk rating system to perform real-time monitoring and quantification on the data security risk are specifically as follows:

determining key risk indexes including vulnerability quantity, severity, repair time and exposure condition of private information;

automatically integrating the security risk rating system based on the test result, the vulnerability prediction result and the privacy analysis result;

the security risk rating system automatically calculates and updates risk ratings based on key risk indexes, test results, vulnerability prediction results and privacy analysis results;

according to the key risk indexes, converting related data containing vulnerability quantity, severity, repair time and privacy information into a quantifiable form;

defining weights and thresholds of key risk indexes, determining contribution of each index to overall risk, and comprehensively calculating a final risk rating;

integrating the security risk rating system with the vulnerability management platform, monitoring the security risk of the data on a real-time basis, and setting a threshold value and an alarm rule.

By means of the security risk rating system, real-time monitoring and quantification of data security risks can be implemented. The specific steps include determining key risk indicators, integrating test results, vulnerability prediction results, and privacy analysis results into a system, and calculating and updating risk ratings based on these information. Key risk indicators may include vulnerability number, severity, repair time, and exposure to private information, among others. In addition, the system will convert the relevant data into a quantifiable form and define weights and thresholds to comprehensively calculate the final risk rating. Integrating the security risk rating system with the vulnerability management platform can realize real-time monitoring and set threshold values and alarm rules so as to trigger corresponding alarms when the risk rating exceeds the threshold values. And the real-time monitoring of the data security risk is realized by automatically integrating and quantifying key risk indexes. This allows organizations to quickly discover and address potential security risks. The safety risk rating system automatically calculates and updates the risk rating according to the key risk indexes, reduces factors of subjective judgment, and improves the accuracy and consistency of evaluation. By quantifying the risk index and defining the weight, the system can provide clear risk rating results for the decision maker, and help the decision maker to quickly make corresponding security decisions. By setting the threshold value and the alarm rule, the system can send out an alarm in time, so that related personnel can take timely preventive measures aiming at high risk conditions, and potential safety risks and losses are reduced.

Referring to fig. 8, a data security evaluation system, based on the above-mentioned data security evaluation method, is composed of a data recording and storing module, a privacy information identifying and protecting module, a data privacy analysis module, and a data security risk evaluation module.

The data recording and storing module comprises a transaction recording sub-module, an encryption and hash processing sub-module, a block chain management sub-module and a consensus algorithm sub-module;

the privacy information identification and protection module comprises a data classification sub-module, a data labeling sub-module, a privacy information identification sub-module and a privacy information protection sub-module;

the data privacy analysis module comprises a privacy analysis index sub-module, a privacy evaluation and verification sub-module and a privacy analysis report sub-module;

the data security risk assessment module comprises a key risk indication definition sub-module, a data integration and calculation sub-module, a data quantification and conversion sub-module, a risk rating calculation sub-module and a real-time monitoring alarm sub-module.

The data security assessment system consists of a data recording and storing module, a privacy information identification and protection module, a data privacy analysis module and a data security risk assessment module. The data recording and storing module ensures the integrity, confidentiality and traceability of the data, and the security and the credibility of the data are ensured by adopting the technologies such as encryption, hash processing, blockchain management and the like. The privacy information recognition and protection module provides comprehensive privacy protection measures through sub-modules such as data classification, labeling, recognition and protection. The data privacy analysis module helps the organization to identify and solve the data privacy risks through index evaluation, verification and reporting. The data security risk assessment module defines key risk indexes, integrates, calculates and quantitatively converts data, comprehensively calculates final risk ratings, and provides real-time monitoring and alarming functions.

Working principle: firstly, establishing a vulnerability management platform, and integrating a system to be detected on the platform to realize unified vulnerability management and tracking. And then, carrying out security test on the system to be detected by using an automation tool, searching and confirming the existence of the loophole, and generating a detailed test result. And then, analyzing historical vulnerability data and trends based on the test results by utilizing machine learning and statistical analysis technology to generate vulnerability prediction results, so that possible vulnerabilities are predicted in advance, and corresponding safety protection measures are adopted to reduce potential risks. In order to ensure the integrity and traceability of the test results and the vulnerability prediction results, a blockchain technology is introduced to record all the test results and the vulnerability prediction results, and an untampereable audit chain is created. Classifying and labeling the data in the audit chain, identifying potential privacy information, and processing the potential privacy information to obtain the processed privacy information. And then, carrying out data privacy analysis, evaluating the privacy protection degree of the data, and timely finding and repairing potential privacy disclosure risks. And finally, automatically collecting and integrating the test result, the vulnerability prediction result and the key risk index of the privacy analysis result through a security risk rating system, and monitoring and quantifying the data security risk in real time. Through the comprehensive evaluation and monitoring mechanism, the safety risk of the data can be evaluated rapidly and accurately, and measures can be taken in time to perform risk management and protection. By integrating the steps, the data security assessment method can comprehensively assess the security of the data system and provide effective protection measures.

The present invention is not limited to the above embodiments, and any equivalent embodiments which can be changed or modified by the technical disclosure described above can be applied to other fields, but any simple modification, equivalent changes and modification made to the above embodiments according to the technical matter of the present invention will still fall within the scope of the technical disclosure.

Claims (10)

1. A method of evaluating data security, comprising the steps of:

establishing a vulnerability management platform, and integrating the detected system into the vulnerability management platform;

safety testing is carried out on the detected system by using an automatic tool, the existence of the loophole is searched and confirmed, and a test result is generated;

based on the test result, analyzing historical vulnerability data and trends by utilizing a machine learning and statistical analysis technology to generate a vulnerability prediction result;

introducing a blockchain technology, recording the test result and the vulnerability prediction result, and creating an untampered audit chain;

classifying and labeling the data in the audit chain, identifying the privacy information in the data, processing the privacy information to obtain the processed privacy information, and carrying out data privacy analysis to generate a privacy analysis result;

and automatically collecting and integrating key risk indexes through a security risk rating system based on the test result, the vulnerability prediction result and the privacy analysis result, and carrying out real-time monitoring and quantification on the data security risk.

2. The method for evaluating data security according to claim 1, wherein the step of establishing a vulnerability management platform and integrating the detected system in the vulnerability management platform comprises:

acquiring system information of the detected system including version information, a component list, a dependency relationship and source codes by using an automatic acquisition tool;

analyzing and standardizing the system information by adopting a natural language processing technology and a regular expression to obtain the processed system information;

and importing the system information into a database of a vulnerability management platform.

3. The method for evaluating data security according to claim 1, wherein the step of using an automation tool to perform security test on the detected system, and searching for and confirming the presence of a vulnerability, and generating a test result specifically comprises:

establishing a communication connection between the automation tool and the detected system;

the automated tool performs scanning and attack simulation to discover vulnerabilities in the detected system;

based on the loopholes, the automation tool confirms the type and severity of the loopholes by using an internal loophole database, a feature matching algorithm and a loophole mode identification;

and confirming the authenticity and availability of the vulnerability based on vulnerability exploitation and simulated attack technology, and generating the test result, wherein the test result comprises vulnerability description, hazard level, influence range and repair suggestion.

4. The method for evaluating data security according to claim 1, wherein the step of analyzing historical vulnerability data and trends using machine learning and statistical analysis techniques to generate vulnerability prediction results specifically comprises:

collecting historical vulnerability data of the detected system;

performing data cleaning, missing value processing, feature selection and conversion on the historical vulnerability data, and extracting feature source data;

based on the feature source data, performing feature engineering, extracting meaningful features, coding or converting the features, and selecting features related to vulnerability prediction, including vulnerability types and system configuration;

dividing a training set and a testing set according to the ratio of 7:3 by using the features related to the vulnerability prediction, training a classification model by using the training set aiming at the vulnerability prediction task, evaluating by using the testing set, and calculating the prediction accuracy and recall rate to obtain an evaluation result;

based on the evaluation result, optimizing the classification model, adjusting model parameters and performing feature screening;

predicting the test result based on a trained and parameter-optimized classification model, predicting whether a vulnerability exists based on the classification model, analyzing the trend of historical vulnerability data by using a time sequence analysis method, predicting the trend of future vulnerability occurrence, and generating the vulnerability prediction result;

and explaining the vulnerability prediction result to obtain prediction accuracy, predicted vulnerability category and potential influence information.

5. The method for evaluating data security according to claim 1, wherein the step of introducing a blockchain technique, recording the test result and the vulnerability prediction result, and creating a tamper-proof audit chain comprises the steps of:

determining basic structure and constituent elements of a blockchain, including blocks, block heads, transactions and participants, defining the structure and format of stored data, and formulating storage and transmission rules thereof in the blockchain;

based on the basic structure and the constituent elements, a blockchain network is built, and a communication and data synchronization mechanism between nodes is built;

recording and storing the test results and the vulnerability prediction results, and recording each group of the test results and the vulnerability prediction results in the blockchain network as a transaction;

encrypting and hashing algorithm processing is carried out on the test result and the vulnerability prediction result, so that privacy and integrity are ensured;

packaging the data operation as blocks, including data operation information, a time stamp and a hash value, linking each new block to the previous block to form a continuously-growing chain structure, and creating a tamper-proof audit chain;

and ensuring the consistency and the safety of the data on the blockchain network through a consensus algorithm.

6. The method for evaluating data security according to claim 1, wherein the step of classifying and labeling the data in the audit chain and identifying the privacy information therein specifically comprises:

classifying and labeling according to the data types and contents in the audit chain, and dividing the data into different categories including historical vulnerability data, test result data and prediction result data;

adding labels and metadata to each of the historical vulnerability data, the test result data and the prediction result data to generate marked data;

based on the noted data, analyzing by using a regular expression, and identifying privacy information in the noted data, wherein the privacy information comprises personal identity information and privacy service data;

based on the privacy information, the privacy information is processed by adopting desensitization and encryption technology, based on anonymization, generalization, shielding and desensitization algorithms, the privacy and the safety of the privacy information are protected, and the encryption algorithm is used for encrypting the privacy information to obtain the processed privacy information.

7. The method for evaluating data security according to claim 1, wherein the step of performing data privacy analysis and generating a privacy analysis result specifically comprises:

based on the processed privacy information, adopting information entropy and mutual information as indexes to perform data privacy analysis;

carrying out data privacy assessment and verification on the processed privacy information by means of simulated attack and data authentication to obtain a privacy analysis result;

based on the privacy analysis results, a specific privacy analysis report is generated, wherein the privacy analysis report comprises the privacy risk level of the evaluation data, the position and the type of the privacy information and the effectiveness of the privacy protection measures.

8. The method for evaluating data security according to claim 1, wherein the step of automatically collecting and integrating key risk indicators through a security risk rating system based on the test result, the vulnerability prediction result and the privacy analysis result is specifically:

determining key risk indexes including vulnerability quantity, severity, repair time and exposure condition of private information;

automatically integrating the test result, the vulnerability prediction result and the privacy analysis result into the security risk rating system;

the security risk rating system automatically calculates and updates risk ratings based on key risk indexes, the test results, the vulnerability prediction results and the privacy analysis results;

according to the key risk index, converting related data comprising vulnerability quantity, severity, repair time and privacy information into a quantifiable form;

defining the weight and the threshold value of the key risk indexes, determining the contribution of each index to the overall risk, and comprehensively calculating the final risk rating;

integrating the security risk rating system with the vulnerability management platform, monitoring the security risk of the data on a real-time basis, and setting a threshold value and an alarm rule.

9. A data security assessment system based on the data security assessment method according to any one of claims 1 to 8, characterized in that the data security assessment system is composed of a data recording and storage module, a privacy information identification and protection module, a data privacy analysis module, and a data security risk assessment module, and the data security assessment system is used for executing the data security assessment method according to claims 1 to 8.

10. The system for evaluating data security of claim 9, wherein the data record and storage module comprises a transaction record sub-module, a encryption and hash processing sub-module, a blockchain management sub-module, a consensus algorithm sub-module;

the privacy information identification and protection module comprises a data classification sub-module, a data labeling sub-module, a privacy information identification sub-module and a privacy information protection sub-module;

the data privacy analysis module comprises a privacy analysis index sub-module, a privacy evaluation and verification sub-module and a privacy analysis report sub-module;

the data security risk assessment module comprises a key risk indication definition sub-module, a data integration and calculation sub-module, a data quantification and conversion sub-module, a risk rating calculation sub-module and a real-time monitoring alarm sub-module.