Safety margin risk quantification method

A quantitative method and security domain technology, applied in the fields of platform integrity maintenance, transmission system, electrical components, etc., can solve problems such as inconvenient risk level division, inaccurate risk quantification results, and limit of risk quantification value, so as to achieve convenient risk assessment results The effect of contrast

Inactive Publication Date: 2013-04-03
STATE GRID CORP OF CHINA +2
View PDF7 Cites 22 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This risk quantification method has the following limitations: it does not consider the relationship between attack behavior, vulnerability and protection measures
This risk quantification method first does not consider the impact of existing protection measures on attack events, resulting in inaccurate risk quantification results; secondly, the patent calculates the risk quantification value of the system by weighted summation, which will cause the risk value of the system to decrease. As the scale of the system increases, it is difficult to limit the risk quantification value to a fixed interval, which brings inconvenience to the division of risk levels
For example, suppose there are two security domains, System 1 and System 2. System 1 contains 10 hosts, and System 2 contains 100 hosts. The asset value, vulnerability, received attacks, and security measures taken by each host are The protection measures are the same, and it is obvious that the security risks of System 1 and System 2 are roughly the same, but if calculated by weighted summation, it will be concluded that the security risk of System 2 is 10 times higher than that of System 1, which is in line with the actual situation There is a big difference

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Safety margin risk quantification method
  • Safety margin risk quantification method
  • Safety margin risk quantification method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0027] This embodiment is a security domain risk quantification process, such as figure 1 shown, including the following steps:

[0028] Step 101: Quantify the value of the asset into a specific value between 0-100 according to the confidentiality, integrity, and usability scores of the asset. (For the definition and calculation method of the confidentiality, integrity and availability of assets, please refer to the National Standard of the People's Republic of China "GBT 20984-2007 Information Security Technology Information Security Risk Assessment Specification").

[0029] Step 102: Obtain vulnerability information on assets by means of vulnerability scanning or by importing detection results from other vulnerability scanning devices.

[0030] Step 103: Obtain attack alarm events for assets through intrusion detection or by importing detection results from other intrusion detection devices.

[0031] Step 104: According to the configuration of the existing security equipme...

Embodiment 2

[0035] This embodiment is a specific method for asset value quantification, including the following process:

[0036] (1) Rating asset confidentiality C, integrity I and availability A respectively, and each attribute is divided into 5 grades: irrelevant, ordinary, medium, high, and extremely high; each grade uses a score of 1-5 express.

[0037] (2) Use the following methods to quantify the asset value:

[0038]

[0039] Among them: M - quantitative value of asset value;

[0040] round()——a rounding rounding function;

[0041] C, I, A - asset confidentiality, integrity, availability scores.

Embodiment 3

[0043] This embodiment is a calculation method for the possibility of asset security damage, and the calculation process is:

[0044]

[0045] Among them: T——possibility of damage to asset security;

[0046] Evt——quantified value of attack behavior threat level;

[0047] f()——attack-asset correlation judgment function;

[0048] s()——The protection factor of existing security measures against vulnerabilities.

[0049] The calculation process of each factor in the calculation formula is described below.

[0050] First, according to the degree of harm caused by the attack behavior and the difficulty of implementing the attack behavior, the threat level of the attack behavior is divided into five levels, as shown in Table 1:

[0051] ,

[0052] Then use the following method to quantify the threat level of attack behavior:

[0053]

[0054] Among them: Evt——quantified value of attack behavior threat level;

[0055] level——The attack behavior threat level....

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a safety margin risk quantification method. The risk value of the safety margin is quantified by acquiring the assets, threat, vulnerability and the existing safety protection measure information of the safety margin. The method comprises the following steps of: quantifying the asset value through the confidentiality, integrity and available evaluation value of specified assets in the safety margin; quantifying the asset damage possibility by acquiring an attack alarm event suffered by the assets in unit time, the asset vulnerability scanning result and the protection degree of the existing safety protection measures on the assets; calculating the risk quantification value of the assets through the asset value and damage possibility; and calculating the risk quantification value of the safety margin through the calculated risk quantification value of all the assets in the safety margin in the unit time. The system comprises an asset value definition module, a threat detection module, a vulnerability detection module, a safety protection measure definition module, an asset risk quantification module and a safety margin risk quantification module.

Description

technical field [0001] The invention relates to the field of information security, in particular to a method and system for quantifying risks in a security domain. Background technique [0002] When assessing the risk of a security domain, it is often necessary to quantify the risk of the security domain in order to compare the risks of different security domains and the same security domain at different time points. [0003] After searching the literature of the prior art, it is found that the Chinese patent application number CN201110292996, the patent name "Computer Security Risk Assessment Method and Equipment", proposes a security risk assessment method: obtain one or more security vulnerabilities existing in the computer, according to The degree of danger of the security hole assigns a risk level to each security hole, and calculates the security risk assessment value of each risk level one by one until the highest risk level of the security hole in the computer is cal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/57
Inventor 高飞杨杉曹波
Owner STATE GRID CORP OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap