Method and system for automated information security evaluation

An information security and safety technology, applied in special data processing applications, instruments, electrical digital data processing, etc., can solve problems such as error-prone, aggravating the workload of staff, and comprehensive, objective, and complete data analysis of difficult scanning results. Achieve the effect of reducing labor costs, improving work efficiency and ensuring accuracy

Active Publication Date: 2013-06-12
GUANGDONG POWER GRID CO LTD INFORMATION CENT
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] 1. Scanning tools can reduce manual identification of system and network vulnerabilities, but analysts still need to analyze a large amount of scanning result data to analyze and evaluate various vulnerabilities and risks in the information system; Increased the workload of staff like this, can't improve work efficiency;
[0006] 2. It is difficult for analysts to rate the risks of scan results, which also increases the workload of assessment work;
[0007] 3. Due to various reasons, it is difficult for the analysts to ensure a comprehensive, objective and complete analysis of the scanning result data, which is prone to errors

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for automated information security evaluation
  • Method and system for automated information security evaluation
  • Method and system for automated information security evaluation

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In order to make the object, technical solution and advantages of the present invention more clear and definite, the present invention will be further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0040] Such as figure 1 As shown, a method for automatic information security assessment provided by the present invention includes the following steps:

[0041] Step S110, using scanning tools to automatically identify security vulnerabilities in multiple systems, and collecting risk vulnerabilities of each system, using CVE (English full name is "Common Vulnerabilities & Exposures", that is, public vulnerabilities and exposures) code and key identification feature content In this way, the collected vulnerability information is uniquely identified and marked to establish a risk vulnera...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a system for automated information security evaluation. The method includes the following steps: creating a risky leak library; creating the risk levels of the risky leak library; utilizing an interface call-scanning tool to scan an evaluated system, and acquiring and storing scanning result data; comparing the acquired scanning result data with the leak data in the risky leak library for judgement, and identifying security leaks and risk levels thereof existing in the evaluated system. Since the method and the system for automated information security evaluation provided by the invention adopt the scanning tool to directly carry out interface analysis and read the scanning result data of the scanning tool, the invention can carry out complete, objective and intelligent data analysis on scanning results by means of a security mapping identification mechanism of the evaluation system, thus guaranteeing accuracy, increasing the working efficiency andreducing the manpower cost.

Description

technical field [0001] The invention relates to the technical field of system automatic assessment, in particular to a method and device for automatic information security assessment of system risks. Background technique [0002] Risk assessment is a time-consuming, labor-intensive task that requires a lot of relevant professional or business knowledge support. Usually, this work is done by professional consultants. These consultants can come from the assessed organization or consulting firm. These professional consultants play an important role in risk assessment. In order to enable risk assessment work to be widely carried out in various industries, risk assessment tools have become an indispensable means of technical support. At present, many organizations have developed risk assessment tools based on some safety management guidelines and annotations, which provide convenience for risk assessment. As the risk assessment process gradually turns to automation and standard...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F17/30G06Q10/00
Inventor 徐晖王甜魏理豪陈军朱奕李一兵黄敬志
Owner GUANGDONG POWER GRID CO LTD INFORMATION CENT
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products