基于FTA-BN的云ERP不安全事件的人因失误分析

doi:10.16265/j.cnki.issn1003-3033.2023.02.0412

摘要/Abstract

摘要：

为明确云企业资源计划(ERP)不安全事件的人因失误因素,构建基于故障树分析-贝叶斯网络(FTA-BN)的人因失误分析模型,以避免单一方法的局限性。首先,对云ERP安全审计记录披露的不安全事件进行分类和追因分析,构建云ERP不安全事件故障树,并定量分析最小割集、结构重要度;然后,将故障树映射为BN结构,利用案例数据进行结构学习和参数学习得到最终的贝叶斯网络;最后,依托贝叶斯网络的敏感性分析辨识关键人因失误因素,凭借预测推理计算发生不安全事件的概率。研究结果表明:云ERP安全人因失误因素中工作不到位、培训不足、资源分配不足、管理流程存在问题、职责不清等因素在对应的事件域中应得到重点关注,以保障持续安全。

关键词: 云企业资源计划(ERP), 人因失误, 不安全事件, 故障树分析(FTA), 贝叶斯网络(BN)

Abstract:

In order to figure out the human error factors of unsafe events of cloud ERP, a human error analysis model based on FTA-BN was constructed, which could avoid the limitations of a single method. Firstly, the unsafe events which were disclosed by security audit records of cloud ERP were classified and the causes of these events were analyzed, then the fault tree of unsafe events of cloud ERP was constructed. Moreover, the quantitative analysis of the minimum cut and structure importance were carried on according to the fault tree. Then the fault tree was mapped to BN structure. Based on case data, the final BN was obtained by structure learning and parameter learning. Furthermore, the probability of unsafe events was predicted by predictive reasoning and the critical human error factors were identified by sensitivity analysis. The results show that the key human error factors include inadequate work, insufficient training, insufficient resource, unclear responsibility and problems in the management process, so major efforts should be made on them to ensure sustainable security.

Key words: cloud enterprise resource planning(ERP), human error, unsafe events, fault tree analysis(FTA), Bayesian network(BN)

张冰鉴, 苏秦, 刘海龙. 基于FTA-BN的云ERP不安全事件的人因失误分析[J]. 中国安全科学学报, 2023, 33(2): 38-47.

ZHANG Bingjian, SU Qin, LIU Hailong. Human error analysis for unsafe events of cloud ERP based on FTA-BN[J]. China Safety Science Journal, 2023, 33(2): 38-47.

图/表 13

表1

表2

云ERP不安全事件的分类

云ERP不安全事件分类	事件来源依据
基础设施、设备与虚拟化管理 $Q 1$	维护不当 $Q 5$ ^{[15⇓⇓⇓⇓-20]}
软件管理 $Q 2$	应用程序和终端不安全 $Q 6$ ^[15,18]、供应故障 $Q 7$ ^[15,19]、病毒感染 $Q 8$ ^[15,21]、系统崩溃 $Q 9$ ^[15,21]
数据资产管理 $Q 3$	数据加密不当 $Q 10$ ^[4,15-16]、数据存储不当 $Q 11$ ^[15,18,22]、数据泄露篡改 $Q 12$ ^[4,23]
人员管理 $Q 4$	没有尽责 $Q 13$ ^[15-16]、资质能力 $Q 14$ ^[15-16]

表2

表3

人因失误因素的名称及描述

名称		中文描述	文献来源
$安全意识浅薄 H 1$		缺乏责任心或对安全规程持有忽视、冷漠和抵抗的态度	[3-4][6] [24][25-26]
$职责不清 H 2$		缺少对特定岗位角色、权限、责任的认识	[8⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓][26]
$工作不到位 H 3$		没有严格按照安全规程执行操作,如配置监督、防御措施等	[6⇓][8] [24-25]
$培训和教育不足 O 1$		缺少员工安全实践的培训,导致“钓鱼攻击”等的发生	[4][8][27-28]
名称	中文描述		文献来源
$资源分配不足 O 2$	管理层支持不够,在安全上投入的人力、物力、财力不足		[8⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓][28]
$管理流程的问题 O 3$	工作、组织与管理流程中的问题,包括授权流程、终止权限、资产返还、人员调配、沟通协调等		[8⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓][27]
$任务复杂 W 1$	工作难度高、责任重、任务多导致人员身心疲劳、压力爆棚,人员能力有限,无法及时保障云安全		[8⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓⇓][28]
$技能、经验不足 T 1$	不具备岗位所需的技能和经验,无法应对系统故障或外部攻击		[6][8][28]
$安全文化环境匮乏 E 1$	缺少安全治理的措施、制度与政策;缺少对安全行为的奖励和对不安全行为的惩罚;没有安全氛围		[8][25-28]

表3

表4

一则不安全事件的追因分析

不安全事件描述	所属大类 (Q₁~Q₄)	事件到原因的分析
没有按规定提前部署抵制带宏病毒的文档的措施,导致下载文档的员工交叉感染	$Q 2$	$Q 2$ >> $Q 8$ >>无防御>> $Q 15$ >> $E 1 、 H 1 、 H 3$

表4

图1

图2

图3

图4

图5

图6

图7

表5

假设Q3发生不安全事件后各节点的敏感性

节点类型	假设数据资产管理 $Q 3$ 发生不安全事件
节点类型	先验概率/%	后验概率/ %	敏感性 (变化率)/%	排序
安全意识浅薄 $H 1$	40.95	47.69	16.46	3
职责不清 $H 2$	9.52	10.11	6.20	5
工作不到位 $H 3$	81.90	87.25	6.53	4
培训和教育不足 $O 1$	20.00	47.52	137.60	1
安全文化环境匮乏 $E 1$	10.48	22.32	112.98	2

表5

表6

设定人因失误因素各自状态后不安全事件发生的概率

不安全人因类型	不安全事件类型
不安全人因类型	基础设施、设备与虚拟化管理 $Q 1$	软件管理 $Q 2$	数据资产管理 $Q 3$	人员管理 $Q 4$
安全意识浅薄 $H 1$	8.57	47.26	26.21	11.46
职责不清 $H 2$	8.57	54.66	23.90	11.46
工作不到位 $H 3$	8.48	28.24	23.98	7.54
培训和教育不足 $O 1$	8.57	29.56	53.48	18.21
资源分配不足 $O 2$	75.02	28.52	22.51	11.46
管理流程的问题 $O 3$	8.57	28.52	22.51	41.04
任务复杂 $W 1$	8.57	28.52	22.51	68.66
技能、经验不足 $T 1$	11.14	36.30	25.84	21.85
安全文化环境匮乏 $E 1$	8.57	42.99	47.95	11.46
维护不当 $Q 5$	100	29.57	22.89	11.88
应用程序和终端不安全 $Q 6$	8.57	76.13	35.80	9.17
供应故障 $Q 7$	8.61	86.73	24.24	12.91
病毒感染 $Q 8$	8.82	81.81	26.23	11.62
系统崩溃 $Q 9$	9.31	79.37	37.62	11.18
数据加密不当 $Q 10$	8.48	29.72	88.75	14.81
数据存储不当 $Q 11$	8.57	44.75	85.17	11.29
数据泄露篡改 $Q 12$	9.29	50.09	80.25	10.62
没有尽责 $Q 13$	8.57	28.94	35.01	95.54
资质能力 $Q 14$	9.12	25.82	16.81	97.10
人员违规 $Q 15$	8.50	51.35	35.48	8.47
人员差错 $Q 16$	9.82	52.22	34.33	10.96

表6

参考文献 30

[1]	国务院. “十四五”数字经济发展规划[EB/OL].(2022-01-12). http://www.gov.cn/zhengce/content/2022-01/12/content_ 5667817.htm
[2]	工业和信息化部. 工业和信息化部关于印发《推动企业上云实施指南(2018—2020年)》的通知[EB/OL]. (2018-08-10). https://www.miit.gov.cn/jgsj/xxjsfzs/wjfb/art/2020/art_06a6a6a924ba46adb39735d90f61765d.html
[3]	曾忠平. 信息安全人因风险研究进展综述[J]. 情报杂志, 2014, 33(4) : 6-11.
	ZENG Zhongping. A comprehensive review of the theories and practices of human factor risk analysis in information security management[J]. Journal of Intelligence, 2014, 33(4):6-11.
[4]	Cloud Security Alliance. Top threats to cloud computing: egregious eleven[EB/OL].(2019-08-06). https://cloudsecurityalliance.org/artifacts/top-threats-to-cloud-computing-egregious-eleven/
[5]	RHEE H S, KIM C T, RYU Y. Self-efficacy in information security: its Influence on end users' information security practice behavior[J]. Computers & Security, 2009, 28(8): 816-826. doi: 10.1016/j.cose.2009.05.008
[6]	JOHN L. Improving user security behaviour[J]. Computers & Security, 2003, 20(8):685-692.
[7]	高原, 吴长安. 云计算下的信息安全问题研究[J]. 情报科学, 2015, 33(11):48-52.
	GAO Yuan, WU Chang'an. Study of informational security question under the cloud computing[J]. Information Science, 2015, 33(11):48-52.
[8]	SARA K, PASCALE C, JOHN C. Human and organizational factors in computer and information security: pathways to vulnerabilities[J]. Computer & Security, 2009, 28(7):509-520. doi: 10.1016/j.cose.2009.04.006
[9]	PEARL J. Probabilistic reasoning in intelligent systems: networks of plausible inference[J]. Computer Science Artificial Intelligence, 1988, 70(2):1022-1027.
[10]	王军武, 王梦雨, 刘登辉, 等. 基于HFACS-BN的地铁车站施工高处坠落可能性评价[J]. 中国安全科学学报, 2021, 31(6):90-98. doi: 10.16265/j.cnki.issn 1003-3033.2021.06.012
	WANG Junwu, WANG Mengyu, LIU Denghui, et al. Evaluation of falling possibility at height in subway station construction based on HFACS-BN[J]. China Safety Science Journal, 2021, 31(6):90-98. doi: 10.16265/j.cnki.issn 1003-3033.2021.06.012
[11]	许保光, 王蓓蓓, 池宏, 等. 基于贝叶斯网络的航空安全中不安全信息分析[J]. 中国管理科学, 2020, 28(12):118-128.
	XU Baoguang, WANG Beibei, CHI Hong, et al. Insecurity information analysis in civil aviation safety based on Bayesian network[J]. Chinese Journal of Management Science, 2020, 28(12):118-128.
[12]	潘丹, 李永周, 罗帆, 等. 飞行区外来物入侵安全风险致因FTA-BN模型[J]. 中国安全科学学报, 2021, 31(6):7-13. doi: 10.16265/j.cnki.issn 1003-3033.2021.06.002
	PAN Dan, LI Yongzhou, LUO Fan, et al. FTA-BN model of risk causation for FOD intrusion in flight area[J]. China Safety Science Journal, 2021, 31(6):7-13. doi: 10.16265/j.cnki.issn 1003-3033.2021.06.002
[13]	KHAKZAD N, KHA F, AMYOTTE P. Safety analysis in process facilities: comparison of fault tree and Bayesian network approaches[J]. Reliability Engineering and System Safety, 2011, 96(8):925-932. doi: 10.1016/j.ress.2011.03.012
[14]	周志华. 机器学习[M]. 北京: 清华大学出版社, 2016:156-157.
[15]	Cloud Security Alliance. CCM v4.0 implementation guidelines[EB/OL]. [2021-12-03]. https://cloudsecurityalliance.org/artifacts/ccm-v4-0-implementation-guidelines/
[16]	ENISA. Cloud computing benefits, risks and recommendations for information security: cloud computing security risk assessment[EB/OL]. (2022-05-24). https://www.enisa.europa.eu/publications/cloud-computing-risk-assessment
[17]	ZISSIS D, LEKKAS D. Addressing cloud computing security issues[J]. Future Generation Computer Systems, 2012, 28(3):583-592. doi: 10.1016/j.future.2010.12.006
[18]	SINGH A, CHATTERJEE K. Cloud security issues and challenges:a survey[J]. Journal of Network & Computer Applications, 2017, 79(2):88-115.
[19]	姜茸, 马自飞, 李彤, 等. 云计算安全风险因素挖掘及应对策略[J]. 现代情报, 2015, 35(1):85-90. doi: 10.3969/j.issn.1008-0821.2015.01.016
	JIANG Rong, MA Zifei, LI Tong, et al. The security risk factors mining of cloud computing and coping strategies[J]. Journal of Modern Information, 2015, 35(1):85-90. doi: 10.3969/j.issn.1008-0821.2015.01.016
[20]	COPPOLINO L, D'ANTONIO S, MAZZEO G, et al. Cloud security: emerging threats and current solutions[J]. Computers & Electrical Engineering, 2017, 59:126-140.
[21]	周知, 吕美娇. 云服务中的数字学术信息资源安全风险防范[J]. 数字图书馆论坛, 2017(7):14-19.
	ZHOU Zhi, LYU MeiJiao. Digital academic information resources security risk preven-tion in cloud services[J]. Digital Library Forum, 2017(7):14-19.
[22]	CHOI M, LEE C. Information security management as a bridge in cloud systems from private to public organizations[J]. Sustainability, 2015, 7(9):12032-12 051.
[23]	SHIRVANI M H, RAHMANI A M, SAHAFI A. An iterative mathematical decision model for cloud migration: a cost and security risk approach[J]. Software Practice & Experience, 2018, 48(6):449-485.
[24]	KRUGER H A. A prototype for assessing information security awareness[J]. Computer & Security, 2006, 25: 289-296. doi: 10.1016/j.cose.2006.02.008
[25]	EIRIK A. A qualitative study of users' view on information security[J]. Computer & Security, 2007, 26:276-289. doi: 10.1016/j.cose.2006.11.004
[26]	MICHAEL W. A test of interventions for security threats from social engineering[J]. Information Management & Computer Security, 2008, 16(5):463-483.
[27]	WEI SHE, BHAVANI T. Security for enterprise resource planning systems[J]. Information Systems Security, 2007, 16:152-163. doi: 10.1080/10658980701401959
[28]	RODRIGO W, KIRSTIE H, KONSTANTIN B. An integrated view of human, organizational and technological challenges of IT security management[J]. Information Management & Computer Security, 2009, 17(1):4-19.
[29]	SHAPPEL S A, WIEGMAN N D A. The human factors analysis and classification system--HFACS[J]. American Libraries, 2000, 1(1):20-46.
[30]	STECK H. Constraint-based structural learning in Bayesian networks using finite data sets[D]. Munich: Technical University of Munich, 2001.

类型	名称	含义
逻辑门	与门	所有输入事件都发生时,输出事件才发生
逻辑门	或门	只要有一个输入事件发生,输出事件就发生
事件	顶事件	在故障树中代表系统整体故障的事件
	中间事件	故障树中中间层级的事件
	基本事件	能够清晰掌握其发生规律,容易针对性改正的事件