CN112351028A - Network-based security risk assessment system - Google Patents
Network-based security risk assessment systemDownload PDFInfo
- Publication number
- CN112351028A CN112351028ACN202011216833.3ACN202011216833ACN112351028ACN 112351028 ACN112351028 ACN 112351028ACN 202011216833 ACN202011216833 ACN 202011216833ACN 112351028 ACN112351028 ACN 112351028A
- Authority
- CN
- China
- Prior art keywords
- unit
- vulnerability
- asset
- risk
- assignment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Technical Field
The invention relates to the field of network security, in particular to a risk assessment system based on network security.
Background
The network security refers to that the hardware, software and data in the system of the network system are protected and are not damaged, changed and leaked due to accidental or malicious reasons, the system continuously, reliably and normally operates, and the network service is not interrupted.
In order to improve the national information security guarantee capability, in 2015, 1 month, the public security department promulgates a 'notice on accelerating the construction of a propulsion network and an information security reporting mechanism' (No. 2015 21 public letter-security). The file requires to establish a network and information safety information reporting mechanism, actively promotes the construction of special mechanisms, establishes a network safety monitoring reporting means and an information reporting early warning and emergency disposal system, definitely requires to establish a network safety monitoring reporting platform, realizes the functions of safety monitoring of important websites and online important information systems, online computer virus trojan propagation monitoring, reporting early warning, emergency disposal, situation analysis, safety event (accident) management, supervision and improvement, and the like, and provides technical support for developing related work.
The security assessment is divided into a narrow sense and a broad sense. The narrow meaning refers to the analysis and evaluation of inherent or potential danger and its severity in a working system with specific function, and the quantitative representation is made by the established index, grade or probability value, and finally the prevention or protection countermeasure is decided according to the quantitative value. The method is characterized in that the method utilizes the system engineering principle and method to comprehensively evaluate and predict the possible dangerousness and possible consequences of proposed or existing engineering and systems, and provides corresponding safety countermeasure measures according to the possible accident risk so as to achieve the process of engineering and system safety. The prior art lacks a risk assessment system which is simple in structure and convenient to implement, and has improvement.
Disclosure of Invention
The present invention is directed to solving at least one of the problems of the prior art. Therefore, the first purpose of the invention is to provide a network-based security risk assessment system.
The technical scheme of the invention is as follows: a network-based security risk assessment system, comprising:
a control unit;
an asset identification unit connected to the control unit, the asset identification unit configured for asset classification and tagging of constituent elements of a system;
an asset valuation unit connected to the control unit, the asset valuation unit configured to assign confidentiality, integrity and availability of the constituent elements and to compute asset valuations;
a threat identification unit connected to the control unit, the threat identification unit configured to identify and tag threats to each key asset that needs to be protected;
a threat assignment unit coupled to the control unit, the threat assignment unit configured to assign a threat based on a likelihood of the threat occurrence and a severity of the threat occurrence that causes damage to the confidentiality, availability, and integrity of the asset;
a vulnerability identification unit connected to the control unit, the vulnerability identification unit being configured to identify vulnerabilities present for each asset and to evaluate the vulnerability of the asset based on the identified vulnerabilities;
a vulnerability assigning unit connected to the control unit, the vulnerability assigning unit configured to assign a vulnerability to the identified severity of the vulnerability in a hierarchical manner;
a validation unit connected to the control unit, the validation unit configured to identify and validate the validity of the security measures that have been taken.
A judging unit connected to the control unit, the judging unit configured to judge a possibility of occurrence of a security event according to the threat assignment and the vulnerability assignment;
a loss calculation unit coupled to the control unit, the calculation unit configured to calculate a loss due to a security event based on the vulnerability assignments and the asset assignments;
a risk calculation unit connected to the control unit, the risk calculation unit configured to calculate a risk value by substituting the asset assignment, the vulnerability assignment, and the threat assignment into a security risk calculation formula and to look up a risk level according to the risk value.
An evaluation unit coupled to the control unit, the evaluation unit configured to generate a risk assessment report.
Further, the likelihood of the security event occurring is the threat valuation and the vulnerability valuation;
the loss due to the security event is the vulnerability assignment or the asset assignment;
the risk value is a value of a likelihood of occurrence of the security event.
Further, the vulnerability assignment includes a vulnerability name, a vulnerability classification, and a vulnerability severity assignment.
And the historical risk inquiry unit is connected with the control unit and is used for inquiring the historical risk evaluation information.
Further, the risk level includes a range of risk values, a risk level value, and a severity.
Compared with the prior art, the invention has the following beneficial effects:
the invention establishes a risk evaluation system, mainly relates to three basic elements of assets, threats and vulnerabilities in risk analysis, and finally automatically generates a risk evaluation scheme according to a risk value, thereby providing a basis for safety evaluation personnel to design a risk coping scheme.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts:
FIG. 1 is a block diagram of a network security risk assessment system according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. In the description of the present invention, it is to be understood that the terms "upper", "lower", "front", "rear", "left", "right", "inner", "outer", "vertical", "circumferential", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing the present invention and simplifying the description, and do not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus, should not be construed as limiting the present invention.
In the description of the present invention, "the first feature" and "the second feature" may include one or more of the features. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature.
In the present invention, unless otherwise expressly stated or limited, the terms "mounted," "connected," "secured," and the like are to be construed broadly and can, for example, be fixedly connected, detachably connected, or integrally formed; can be mechanically connected, electrically connected or can communicate with each other; either directly or indirectly through intervening media, either internally or in any other relationship. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
The following describes a network-based security risk assessment system according to an embodiment of the present invention with reference to fig. 1, where the system includes a control unit, an asset identification unit, an asset assignment unit, a threat identification unit, a threat assignment unit, a vulnerability identification unit, a vulnerability assignment unit, a confirmation unit, a judgment unit, a loss calculation unit, a risk calculation unit, and an assessment unit.
The asset identification unit is connected with the control unit and is configured to classify and mark the assets of the constituent elements of the system; the asset assignment unit is connected with the control unit and is configured to assign confidentiality, integrity and availability of the constituent elements and calculate asset assignments;
the threat identification unit is connected with the control unit and is configured to identify and mark threats to each key asset needing to be protected; the threat assignment unit is connected with the control unit and is configured to carry out threat assignment according to the possibility of threat occurrence and the severity of damage to the confidentiality, the availability and the integrity of the asset caused by the threat occurrence;
the vulnerability identification unit is connected with the control unit and is configured to identify the existing vulnerability of each asset and evaluate the vulnerability of the asset according to the identified vulnerability; the vulnerability assigning unit is connected with the control unit and is configured to assign the vulnerability to the severity of the identified vulnerability in a hierarchical manner;
the confirmation unit is connected with the control unit and is configured to identify and confirm the effectiveness of the adopted safety measures; the judging unit is connected with the control unit and is configured to judge the possibility of occurrence of the security event according to the threat assignment and the vulnerability assignment; the loss calculation unit is connected with the control unit and is configured to calculate loss caused by the security event according to the vulnerability assignment and the asset assignment;
the risk calculation unit is connected with the control unit and is configured to calculate a risk value by substituting the asset assignment, the vulnerability assignment and the threat assignment into a safety risk calculation formula and search a risk level according to the risk value. The evaluation unit is connected with the control unit and is configured to generate a risk evaluation report.
The invention establishes a risk evaluation system, mainly relates to three basic elements of assets, threats and vulnerabilities in risk analysis, and finally automatically generates a risk evaluation scheme according to a risk value, thereby providing a basis for safety evaluation personnel to design a risk coping scheme.
In particular, a likelihood of a security event occurring is a threat assignment and a vulnerability assignment; loss due to security events-asset valuation; the risk value is the probability value of the occurrence of the safety event and the loss value caused by the safety event, so that the probability of the occurrence of the safety event, the loss and the risk value caused by the safety event can be quantitatively calculated, and an accurate and intuitive result is obtained.
In this embodiment, the vulnerability assignment includes a vulnerability name, a vulnerability classification, and a vulnerability severity assignment.
In this embodiment, the system further includes a historical risk query unit, the historical risk query unit is connected to the control unit, and the historical risk query unit is used for searching the historical risk assessment information.
In this embodiment, the risk level includes a risk value range, a risk level value, and a severity.
While embodiments of the invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
Claims (5)
1. A network-based security risk assessment system, comprising:
a control unit;
an asset identification unit connected to the control unit, the asset identification unit configured for asset classification and tagging of constituent elements of a system;
an asset valuation unit connected to the control unit, the asset valuation unit configured to assign confidentiality, integrity and availability of the constituent elements and to compute asset valuations;
a threat identification unit connected to the control unit, the threat identification unit configured to identify and tag threats to each key asset that needs to be protected;
a threat assignment unit coupled to the control unit, the threat assignment unit configured to assign a threat based on a likelihood of the threat occurrence and a severity of the threat occurrence that causes damage to the confidentiality, availability, and integrity of the asset;
a vulnerability identification unit connected to the control unit, the vulnerability identification unit being configured to identify vulnerabilities present for each asset and to evaluate the vulnerability of the asset based on the identified vulnerabilities;
a vulnerability assigning unit connected to the control unit, the vulnerability assigning unit configured to assign a vulnerability to the identified severity of the vulnerability in a hierarchical manner;
a validation unit connected to the control unit, the validation unit configured to identify and validate the validity of the security measures that have been taken;
a judging unit connected to the control unit, the judging unit configured to judge a possibility of occurrence of a security event according to the threat assignment and the vulnerability assignment;
a loss calculation unit coupled to the control unit, the loss calculation unit configured to calculate a loss due to a security event based on the vulnerability assignments and the asset assignments;
a risk calculation unit connected to the control unit, the risk calculation unit configured to calculate a risk value by substituting the asset assignment, the vulnerability assignment, and the threat assignment into a security risk calculation formula and to look up a risk level according to the risk value.
An evaluation unit coupled to the control unit, the evaluation unit configured to generate a risk assessment report.
2. The cyber-based security risk assessment system according to claim 1,
the likelihood of the security event occurring is the threat valuation and the vulnerability valuation;
the loss due to the security event is the vulnerability assignment or the asset assignment;
the risk value is a value of a likelihood of occurrence of the security event.
3. The cyber-based security risk assessment system according to claim 1, wherein said vulnerability assignment includes a vulnerability name, a vulnerability classification and a vulnerability severity assignment.
4. The network-based security risk assessment system according to claim 1, further comprising a historical risk query unit, wherein the historical risk query unit is connected to the control unit, and the historical risk query unit is used for searching the historical risk assessment information.
5. The cyber-based security risk assessment system according to claim 1, wherein said risk level includes a risk value range, a risk level value and a severity level.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011216833.3ACN112351028A (en) | 2020-11-04 | 2020-11-04 | Network-based security risk assessment system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011216833.3ACN112351028A (en) | 2020-11-04 | 2020-11-04 | Network-based security risk assessment system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112351028Atrue CN112351028A (en) | 2021-02-09 |
Family
ID=74429653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011216833.3APendingCN112351028A (en) | 2020-11-04 | 2020-11-04 | Network-based security risk assessment system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112351028A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112800437A (en)* | 2021-04-08 | 2021-05-14 | 国家信息中心 | Information security risk evaluation system |
| CN113449328A (en)* | 2021-08-31 | 2021-09-28 | 深圳市深航华创汽车科技有限公司 | Financial internet user data security processing method and system |
| CN114021154A (en)* | 2021-11-24 | 2022-02-08 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network security risk assessment system |
| CN114186861A (en)* | 2021-12-13 | 2022-03-15 | 奇安信科技集团股份有限公司 | Method, device, storage medium and electronic equipment for evaluating asset risk value |
| CN115936421A (en)* | 2021-09-30 | 2023-04-07 | 南方电网数字电网研究院有限公司 | Evaluation system for IT asset network risk |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090024663A1 (en)* | 2007-07-19 | 2009-01-22 | Mcgovern Mark D | Techniques for Information Security Assessment |
| CN106790198A (en)* | 2016-12-30 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method for evaluating information system risk and system |
| CN110213236A (en)* | 2019-05-05 | 2019-09-06 | 深圳市腾讯计算机系统有限公司 | Determine method, electronic equipment and the computer storage medium of service security risk |
- 2020
- 2020-11-04CNCN202011216833.3Apatent/CN112351028A/enactivePending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090024663A1 (en)* | 2007-07-19 | 2009-01-22 | Mcgovern Mark D | Techniques for Information Security Assessment |
| CN106790198A (en)* | 2016-12-30 | 2017-05-31 | 北京神州绿盟信息安全科技股份有限公司 | A kind of method for evaluating information system risk and system |
| CN110213236A (en)* | 2019-05-05 | 2019-09-06 | 深圳市腾讯计算机系统有限公司 | Determine method, electronic equipment and the computer storage medium of service security risk |
Non-Patent Citations (8)
| Title |
|---|
| 中国国家标准委员会: "《GB/T 20984-2007信息安全技术信息安全风险评估规范》", 14 June 2007* |
| 史敏锐等: "软交换量化风险评估的研究", 《电信科学》* |
| 姜峰: "有线电视网络风险评估研究", 《有线电视技术》* |
| 季国新等: "浅谈对信息安全风险评估的认识", 《信息安全与通信保密》* |
| 张泽虹: "基于评估流程的信息安全风险的综合评估", 《计算机工程与应用》* |
| 朱信铭: "信息安全风险评估风险分析方法浅谈", 《信息安全与技术》* |
| 李智勇等: "信息安全风险评估中的风险计算", 《无线电通信技术》* |
| 王奕等: "基于SSE-CMM的信息系统风险分析方法的研究", 《湖南城市学院学报(自然科学版)》* |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112800437A (en)* | 2021-04-08 | 2021-05-14 | 国家信息中心 | Information security risk evaluation system |
| CN112800437B (en)* | 2021-04-08 | 2021-07-27 | 国家信息中心 | Information security risk evaluation system |
| CN113449328A (en)* | 2021-08-31 | 2021-09-28 | 深圳市深航华创汽车科技有限公司 | Financial internet user data security processing method and system |
| CN115936421A (en)* | 2021-09-30 | 2023-04-07 | 南方电网数字电网研究院有限公司 | Evaluation system for IT asset network risk |
| CN114021154A (en)* | 2021-11-24 | 2022-02-08 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network security risk assessment system |
| CN114021154B (en)* | 2021-11-24 | 2024-08-27 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network security risk assessment system |
| CN114186861A (en)* | 2021-12-13 | 2022-03-15 | 奇安信科技集团股份有限公司 | Method, device, storage medium and electronic equipment for evaluating asset risk value |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112351028A (en) | Network-based security risk assessment system | |
| KR100838799B1 (en) | Comprehensive security management system and operation method for detecting hacking phenomenon | |
| CN105516130B (en) | Data processing method and device | |
| CN117478433B (en) | Network and information security dynamic early warning system | |
| CN112737101B (en) | Network security risk assessment method and system for multiple monitoring domains | |
| CN112560046B (en) | Assessment method and device for business data security index | |
| KR102433928B1 (en) | System for Managing Cyber Security of Autonomous Ship | |
| US20140172495A1 (en) | System and method for automated brand protection | |
| US20090070880A1 (en) | Methods and apparatus for validating network alarms | |
| CN111126836A (en) | Security vulnerability risk assessment method and device for high-speed train operation control system | |
| CN119675895A (en) | A network security risk assessment system and method | |
| CN115277490A (en) | Network target range evaluation method, system, equipment and storage medium | |
| CN118573476B (en) | Data security risk assessment method based on inspection assessment table | |
| KR101646329B1 (en) | Cyber attack response and analysis system and method thereof | |
| KR20220117187A (en) | Security compliance automation method | |
| CN118295765B (en) | Cloud security monitoring method and system based on virtual environment situation assessment | |
| CN114490259A (en) | Supervision-oriented global event element extraction method | |
| CN119172118A (en) | A network security early warning isolation system based on cloud computing | |
| KR20240104059A (en) | Network apparatus of cyber security for ship and method for performing thereof | |
| WO2024018747A1 (en) | Information processing device | |
| CN112887288B (en) | Internet-based E-commerce platform intrusion detection front-end computer scanning system | |
| Zhou et al. | A network risk assessment method based on attack-defense graph model | |
| CN115150202B (en) | Internet IT information asset collection and attack detection method | |
| CN118677648B (en) | An integrated platform zero-trust security protection system | |
| CN119922014B (en) | Private cloud security management method based on multidimensional feature data analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20210209 | |
| RJ01 | Rejection of invention patent application after publication |