发明名称 |
DEVICE FOR QUANTIFYING VULNERABILITY OF SYSTEM AND METHOD THEREFOR |
摘要 |
A method and apparatus for quantifying the vulnerability of a system. The apparatus includes a vulnerability calculation unit, a target organization security level calculation unit, a network separation status calculation unit, an interim calculation unit, and a final score calculation unit. The vulnerability calculation unit converts each of the vulnerability identification results of the system into a vulnerability score. The target organization security level calculation unit calculates a target organization security level score based on a technology-field security level score and a management-field security level score. The network separation status calculation unit converts the status of the separation of the local network of the system into a network separation score. The interim calculation unit calculates an interim score. The final score calculation unit quantifies the vulnerability of the system by finally calculating a composite score using the interim score and a simulated intrusion success level. |
申请公布号 |
US2016057164(A1) |
申请公布日期 |
2016.02.25 |
申请号 |
US201314779435 |
申请日期 |
2013.10.21 |
申请人 |
(ELECTRONICS AND TELECOMMUNICATIONS RESEARCH INSTITUE) |
发明人 |
MAENG Young-Jae;LEE Jong-Hu;PARK Hyun-Dong;PARK Sang-Woo;PARK Eung-Ki |
分类号 |
H04L29/06;G06F17/50 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A method of quantifying vulnerability of a system, comprising:
converting each of the vulnerability identification results of the system into a vulnerability score so that the corresponding vulnerability identification results of the system can be applied to calculation of scores; calculating a target organization security level score corresponding to the system based on a technology-field security level score and a management-field security level score among the vulnerability scores; converting status of a local network of the system being separated from an external network into a network separation score; calculating an interim score based on the target organization security level score and the network separation score; and quantifying the vulnerability of the system by finally calculating a composite score of the system using the interim score and a simulated intrusion success level. |
地址 |
Daejeon-city KR |