CN115936421A - Evaluation system for IT asset network risk - Google Patents
Evaluation system for IT asset network riskDownload PDFInfo
- Publication number
- CN115936421A CN115936421ACN202111158310.2ACN202111158310ACN115936421ACN 115936421 ACN115936421 ACN 115936421ACN 202111158310 ACN202111158310 ACN 202111158310ACN 115936421 ACN115936421 ACN 115936421A
- Authority
- CN
- China
- Prior art keywords
- risk
- asset
- identification
- assessment
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本发明涉及网络安全领域,特别涉及一种用于IT资产网络风险的评价系统。The invention relates to the field of network security, in particular to an evaluation system for IT asset network risk.
背景技术Background technique
当前,国内外网络安全形势日趋严峻,电力作为关系国计民生的基础性行业遭受的网络安全威胁也越来越多。At present, the network security situation at home and abroad is becoming increasingly severe, and electric power, as a basic industry related to the national economy and people's livelihood, suffers more and more network security threats.
但是现有信息安全审计系统技术架构不成熟,应用和数据库集成部署导致系统不流畅,且网级平台模块繁琐、模块使用率低,与外部数据集成接口、报表等功能不完善,无法适应一体化应用架构;单机设备类和综合平台类两种形态的网络安全监测类产品对电力行业专业外部威胁情报融合能力不足,不具备有流量安全、未知威胁检测、攻击溯源取证等高级功能;对跨区互联、网络非法接入、移动介质非法接入等典型安全问题缺乏自动发现与管控手段;现有信息安全审计系统无法对全网网络安全态势进行监测与准确分析预警,距离全网全天候全方位安全监测态势感知的要求存在显著差距。However, the technical architecture of the existing information security audit system is immature, the integrated deployment of applications and databases leads to unsmooth systems, and the network-level platform modules are cumbersome, the module usage rate is low, and the functions of external data integration interfaces and reports are not perfect, which cannot adapt to integration. Application architecture; network security monitoring products in the form of stand-alone equipment and integrated platforms are insufficient for the integration of professional external threat intelligence in the power industry, and do not have advanced functions such as traffic security, unknown threat detection, and attack source tracing and evidence collection; Typical security issues such as Internet access, illegal network access, and mobile media access lack automatic discovery and control methods; the existing information security audit system cannot monitor and accurately analyze and warn the network security situation of the entire network, and it is far from the 24/7 all-weather security of the entire network. Significant gaps exist in monitoring situational awareness requirements.
因此有必要设计出一种结构紧凑,便于实现的风险评价系统。Therefore, it is necessary to design a risk assessment system with compact structure and easy implementation.
发明内容Contents of the invention
本发明的目的在于提供一种用于IT资产网络风险的评价系统,其实施较为简便,能够解决现有系统缺失的问题。The purpose of the present invention is to provide an evaluation system for IT asset network risk, which is relatively simple to implement and can solve the problem of lack of existing systems.
本发明的目的是通过以下技术方案实现的:The purpose of the present invention is achieved by the following technical solutions:
该种用于IT资产网络风险的评价系统,包括:This evaluation system for IT asset network risk includes:
控制中心;control center;
资产识别及评估子系统,与控制中心通信联接,用于对IT资产进行资产识别标记,同时根据IT资产的机密性、完整性和可用性进行评估并给予分级;The asset identification and evaluation subsystem is connected with the control center for asset identification and marking of IT assets, and at the same time evaluates and grades IT assets according to their confidentiality, integrity and availability;
风险识别及评估子系统,与控制中心通信联接,用于对每一项可能对关键IT资产造成损害的风险进行风险识别和标记,并针对风险发生的可能性和风险发生对资产机密性、可用性和完整性造成损害的严重程度进行风险评估分级;The risk identification and assessment subsystem is connected with the control center for risk identification and marking of each risk that may cause damage to key IT assets, and to ensure the confidentiality and availability of assets according to the possibility of risk occurrence and risk occurrence Carry out risk assessment and classification according to the severity of the damage caused by the system and integrity;
脆弱性识别及评估子系统,与控制中心通信联接,用于识别每个资产存在的弱点并根据对已识别的脆弱性的严重程度进行评估分级;Vulnerability identification and assessment subsystem, which communicates with the control center, is used to identify the weaknesses of each asset and evaluate and grade the identified vulnerabilities according to their severity;
判断及评估子系统,与控制中心通信联接,用于根据所述风险评估和所述脆弱性评估来判断安全事件发生的可能性,并生成评估报告。The judging and evaluating subsystem is communicated with the control center, and is used to judge the possibility of security incidents according to the risk assessment and the vulnerability assessment, and generate an assessment report.
特别地,所述系统还包括In particular, the system also includes
整体风险计算模块,与控制中心通信联接,用于根据资产等级、脆弱性等级和风险等级代入安全风险计算算公式算出风险值并根据所述风险值确定资产整体风险等级,整体风险等级包括整体风险值范围、整体风险等级值和严重程度等级。The overall risk calculation module is communicated with the control center, and is used to substitute the asset level, vulnerability level and risk level into the safety risk calculation formula to calculate the risk value and determine the overall risk level of the asset according to the risk value. The overall risk level includes the overall risk value range, overall risk level value, and severity level.
特别地,所述资产识别及评估子系统包括资产识别模块和资产评估模块。In particular, the asset identification and evaluation subsystem includes an asset identification module and an asset evaluation module.
特别地,所述风险识别及评估子系统包括风险识别子模块和风险评估子模块。In particular, the risk identification and assessment subsystem includes a risk identification submodule and a risk assessment submodule.
特别地,所述脆弱性识别及评估子系统包括脆弱性识别子模块和脆弱性评估子模块。In particular, the vulnerability identification and assessment subsystem includes a vulnerability identification submodule and a vulnerability assessment submodule.
特别地,所述系统还包括In particular, the system also includes
损失计算模块,用于根据脆弱性等级及资产等级计算安全事件造成的损失。The loss calculation module is used to calculate the loss caused by security incidents according to the vulnerability level and asset level.
特别地,还包括历史风险查询模块,用于查询整体风险评估历史信息。In particular, it also includes a historical risk query module, which is used to query the historical information of the overall risk assessment.
本发明的有益效果是:本发明设计了一种用于IT资产的风险评价系统,能够对IT资产、风险和脆弱性进行评价分级,最终能够自动生成整体风险评估方案,方便使用人员设计风险应对方案,本系统结构紧凑,易于操作实现。The beneficial effects of the present invention are: the present invention designs a risk assessment system for IT assets, which can evaluate and grade IT assets, risks and vulnerabilities, and finally can automatically generate an overall risk assessment plan, which is convenient for users to design risk responses scheme, the system has a compact structure and is easy to operate and realize.
本发明的其他优点、目标和特征在某种程度上将在随后的说明书中进行阐述,并且在某种程度上,基于对下文的考察研究对本领域技术人员而言将是显而易见的,或者可以从本发明的实践中得到教导。本发明的目标和其他优点可以通过下面的说明书和前述的权利要求书来实现和获得。Other advantages, objects and features of the present invention will be set forth in the following description to some extent, and to some extent, will be obvious to those skilled in the art based on the investigation and research below, or can be obtained from Taught in the practice of the present invention. The objects and other advantages of the invention will be realized and attained by the following description and preceding claims.
附图说明Description of drawings
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步的详细描述,其中:In order to make the purpose, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with the accompanying drawings, wherein:
附图1为本发明的系统架构示意图。Accompanying drawing 1 is a schematic diagram of the system architecture of the present invention.
具体实施方式Detailed ways
以下将参照附图,对本发明的优选实施例进行详细的描述。应当理解,优选实施例仅为了说明本发明,而不是为了限制本发明的保护范围。Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. It should be understood that the preferred embodiments are only for illustrating the present invention, but not for limiting the protection scope of the present invention.
在本发明的描述中,需要理解的是,术语“纵向”、“长度”、“周向”、“前”、“后”、“左”、“右”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系,仅是为了便于描述本发明和简化描述,而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作,因此不能理解为对本发明的限制。In describing the present invention, it is to be understood that the terms "longitudinal", "length", "circumferential", "front", "rear", "left", "right", "top", "bottom", The orientation or positional relationship indicated by "inner", "outer", etc. is based on the orientation or positional relationship shown in the drawings, and is only for the convenience of describing the present invention and simplifying the description, rather than indicating or implying that the referred device or element must have Certain orientations, constructed and operative in certain orientations, therefore are not to be construed as limitations on the invention.
在本发明中,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”、“固定”等术语应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或成一体;可以是机械连接,也可以是电连接或可以互相通讯;可以是直接相连,也可以通过中间媒介间接相连,可以是两个元件内部的连通或两个元件的相互作用关系。对于本领域的普通技术人员而言,可以根据具体情况理解上述术语在本发明中的具体含义。In the present invention, unless otherwise clearly specified and limited, terms such as "installation", "connection", "connection" and "fixation" should be understood in a broad sense, for example, it can be a fixed connection or a detachable connection , or integrated; it can be mechanically connected, or electrically connected, or can communicate with each other; it can be directly connected, or indirectly connected through an intermediary, and it can be the internal communication of two components or the interaction relationship between two components. Those of ordinary skill in the art can understand the specific meanings of the above terms in the present invention according to specific situations.
此外,术语“第一”、“第二”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个该特征。在本发明的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, a feature defined as "first" and "second" may explicitly or implicitly include one or more of these features. In the description of the present invention, "plurality" means at least two, such as two, three, etc., unless otherwise specifically defined.
如图1所示,本发明的一种用于IT资产网络风险的评价系统,包括控制中心、资产识别及评估子系统、风险识别及评估子系统、脆弱性识别及评估子系统和判断及评估子系统;其中,As shown in Figure 1, an evaluation system for IT asset network risk of the present invention includes a control center, an asset identification and evaluation subsystem, a risk identification and evaluation subsystem, a vulnerability identification and evaluation subsystem, and judgment and evaluation subsystem; among them,
资产识别及评估子系统与控制中心通信联接,用于对IT资产进行资产识别标记,同时根据IT资产的机密性、完整性和可用性进行评估并给予分级;本实施例中,资产识别及评估子系统包括资产识别子模块和资产评估子模块,资产识别子模块可以对IT资产进行分类和标记,资产评估子模块用于根据IT资产的机密性、完整性和可用性进行评估并给予分级。The asset identification and evaluation subsystem communicates with the control center, and is used to carry out asset identification marks on IT assets, and at the same time evaluate and grade IT assets according to their confidentiality, integrity and usability; in this embodiment, the asset identification and evaluation sub-system The system includes an asset identification sub-module and an asset evaluation sub-module. The asset identification sub-module can classify and mark IT assets, and the asset evaluation sub-module is used to evaluate and grade IT assets according to their confidentiality, integrity and usability.
风险识别及评估子系统与控制中心通信联接,用于对每一项可能对关键IT资产造成损害的风险进行风险识别和标记,并针对风险发生的可能性和风险发生对资产机密性、可用性和完整性造成损害的严重程度进行风险评估分级;本实施例中,风险识别及评估子系统包括风险识别子模块和风险评估子模块,风险识别子模块用于对每一项可能对关键IT资产造成损害的风险进行风险识别和标记,而风险评估子模块用于对风险发生的可能性和风险发生对资产机密性、可用性和完整性造成损害的严重程度进行风险评估分级The risk identification and assessment subsystem communicates with the control center to identify and mark each risk that may cause damage to key IT assets, and to assess the confidentiality, availability and The severity of the damage caused by the integrity is graded for risk assessment; in this embodiment, the risk identification and assessment subsystem includes a risk identification sub-module and a risk assessment sub-module, and the risk identification sub-module is used for each item that may cause damage to key IT assets The risk of damage is identified and marked, and the risk assessment sub-module is used to perform risk assessment and classification on the possibility of risk occurrence and the severity of damage caused by risk occurrence to asset confidentiality, availability and integrity
脆弱性识别及评估子系统与控制中心通信联接,用于识别每个资产存在的弱点并根据对已识别的脆弱性的严重程度进行评估分级;本实施例中,脆弱性识别及评估子系统包括脆弱性识别子模块和脆弱性评估子模块。The vulnerability identification and assessment subsystem communicates with the control center to identify the weaknesses of each asset and evaluate and grade the identified vulnerabilities according to the severity; in this embodiment, the vulnerability identification and assessment subsystem includes Vulnerability identification sub-module and vulnerability assessment sub-module.
判断及评估子系统,与控制中心通信联接,用于根据所述风险评估和所述脆弱性评估来判断安全事件发生的可能性,并生成评估报告。The judging and evaluating subsystem is communicated with the control center, and is used to judge the possibility of security incidents according to the risk assessment and the vulnerability assessment, and generate an assessment report.
进一步的,本实施例还包括了整体风险计算模块,整体风险计算模块与控制中心通信联接,用于根据资产等级、脆弱性等级和风险等级代入安全风险计算算公式算出风险值并根据所述风险值确定资产整体风险等级,整体风险等级包括整体风险值范围、整体风险等级值和严重程度等级。Further, this embodiment also includes an overall risk calculation module, the overall risk calculation module communicates with the control center, and is used to calculate the risk value by substituting the asset level, vulnerability level and risk level into the safety risk calculation formula and according to the risk The value determines the overall risk level of the asset, and the overall risk level includes the overall risk value range, the overall risk level value, and the severity level.
进一步的,本实施例的系统还包括了损失计算模块,用于根据脆弱性等级及资产等级计算安全事件造成的损失。Further, the system of this embodiment also includes a loss calculation module, which is used to calculate the loss caused by the security incident according to the vulnerability level and the asset level.
进一步的,本实施例的系统还包括了历史风险查询模块,用于查询整体风险评估历史信息。Further, the system of this embodiment also includes a historical risk query module, which is used to query the historical information of the overall risk assessment.
本发明的评价系统能够对IT资产、风险和脆弱性进行评价分级,最终能够自动生成整体风险评估方案,方便使用人员设计风险应对方案,且易于操作实现。The evaluation system of the present invention can evaluate and classify IT assets, risks and vulnerabilities, and finally can automatically generate an overall risk evaluation plan, which is convenient for users to design risk response plans, and is easy to operate and implement.
最后说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管参照较佳实施例对本发明进行了详细说明,本领域的普通技术人员应当理解,可以对本发明的技术方案进行修改或者等同替换,而不脱离本技术方案的宗旨和范围,其均应涵盖在本发明的权利要求范围当中。Finally, it is noted that the above embodiments are only used to illustrate the technical solutions of the present invention without limitation. Although the present invention has been described in detail with reference to the preferred embodiments, those of ordinary skill in the art should understand that the technical solutions of the present invention can be carried out Modifications or equivalent replacements, without departing from the spirit and scope of the technical solution, should be included in the scope of the claims of the present invention.
Claims (7)
Translated fromChinesePriority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111158310.2ACN115936421A (en) | 2021-09-30 | 2021-09-30 | Evaluation system for IT asset network risk |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111158310.2ACN115936421A (en) | 2021-09-30 | 2021-09-30 | Evaluation system for IT asset network risk |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115936421Atrue CN115936421A (en) | 2023-04-07 |
Family
ID=86552741
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111158310.2APendingCN115936421A (en) | 2021-09-30 | 2021-09-30 | Evaluation system for IT asset network risk |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115936421A (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109146240A (en)* | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
| CN112351028A (en)* | 2020-11-04 | 2021-02-09 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network-based security risk assessment system |
- 2021
- 2021-09-30CNCN202111158310.2Apatent/CN115936421A/enactivePending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109146240A (en)* | 2018-07-03 | 2019-01-04 | 北京航空航天大学 | A kind of Information Security Risk Assessment Methods and system towards intelligent network connection vehicle |
| CN112351028A (en)* | 2020-11-04 | 2021-02-09 | 内蒙古电力(集团)有限责任公司内蒙古电力科学研究院分公司 | Network-based security risk assessment system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112491805B (en) | Network security equipment management system applied to cloud platform | |
| CN110868425A (en) | Industrial control information safety monitoring system adopting black and white list for analysis | |
| CN111726809B (en) | Network security auditing method and system under numerical control environment | |
| WO2017214867A1 (en) | Electric safety management service system | |
| CN112351028A (en) | Network-based security risk assessment system | |
| CN111726810A (en) | Wireless Signal Monitoring and Wireless Communication Behavior Audit System in NC Machining Environment | |
| CN117202131A (en) | Vehicle-mounted 5G communication system for rail transit equipment | |
| CN117251881A (en) | An intelligent database security management and control system | |
| CN115396885B (en) | Secret key security management method and device, electronic equipment and storage medium | |
| CN104601567B (en) | A kind of indexing security measure method excavated based on information network security of power system event | |
| CN116015725A (en) | Enterprise intranet violation external connection monitoring management system | |
| CN119011301B (en) | A real-time network security threat early warning analysis method and system | |
| CN115936421A (en) | Evaluation system for IT asset network risk | |
| CN115935339A (en) | Network security assessment early warning system | |
| CN112688929B (en) | Sharing system based on Internet threat information | |
| CN117811839B (en) | Network security monitoring device and method for monitoring Internet of things equipment | |
| CN113657624A (en) | An IoT terminal intelligent operation and maintenance management platform | |
| CN118821116A (en) | Data security monitoring method, device, equipment, system and medium | |
| CN117880155A (en) | Communication data tracking system | |
| CN117560196A (en) | Intelligent substation secondary system testing system and method | |
| CN117061372A (en) | Real-time processing platform for monitoring and analyzing network flow | |
| CN115361185A (en) | System and method for network security screening and judgment | |
| CN119484131B (en) | A visual data security analysis method and system based on big data | |
| CN111016720A (en) | Attack identification method and charging device based on K-nearest neighbor algorithm | |
| CN119561774B (en) | Remote monitoring system for motor vehicle detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | Country or region after:China Address after:No. 1 Yichuang Street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province, 510060 Applicant after:Southern Power Grid Digital Grid Research Institute Co.,Ltd. Applicant after:CHINA SOUTHERN POWER GRID Co.,Ltd. Address before:No. 1 Yichuang Street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province, 510060 Applicant before:Southern Power Grid Digital Grid Research Institute Co.,Ltd. Country or region before:China Applicant before:CHINA SOUTHERN POWER GRID Co.,Ltd. | |
| CB02 | Change of applicant information | ||
| TA01 | Transfer of patent application right | Effective date of registration:20241121 Address after:510000, Floor 12, Unit 3, Building 2, No. 11 Spectral Middle Road, Huangpu District, Guangzhou City, Guangdong Province Applicant after:China Southern Power Grid Digital Power Grid Group Information Communication Technology Co.,Ltd. Country or region after:China Applicant after:CHINA SOUTHERN POWER GRID Co.,Ltd. Address before:No. 1 Yichuang Street, Zhongxin Guangzhou Knowledge City, Huangpu District, Guangzhou City, Guangdong Province, 510060 Applicant before:Southern Power Grid Digital Grid Research Institute Co.,Ltd. Country or region before:China Applicant before:CHINA SOUTHERN POWER GRID Co.,Ltd. | |
| TA01 | Transfer of patent application right |