CN107689954A - Power information system monitoring method and device - Google Patents
Power information system monitoring method and device Download PDFInfo
- Publication number
- CN107689954A CN107689954A CN201710721249.5A CN201710721249A CN107689954A CN 107689954 A CN107689954 A CN 107689954A CN 201710721249 A CN201710721249 A CN 201710721249A CN 107689954 A CN107689954 A CN 107689954A
- Authority
- CN
- China
- Prior art keywords
- security
- configuration information
- security configuration
- information
- information system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of power information system monitoring method and device.Wherein, this method includes:Obtain the security baseline requirement of target information system;The security configuration information of target information system is gathered, wherein, security configuration information includes at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration information of main frame, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th security configuration information of application system;According to security baseline requirement and security configuration information, the SAR of target information system is generated.The present invention solves and causes the not high technical problem of security without the platform being monitored for power information system in the prior art.
Description
Technical field
The present invention relates to software technology field, in particular to a kind of power information system monitoring method and device.
Background technology
Security baseline is that the minimum safe of an information system ensures, i.e., the safety that information system basic need meets will
Ask.Information system security is generally required to pay in safety and is balanced between cost and the security risk that can be born, and is pacified
Full baseline is the rational line of demarcation of this balance.
With the all-round popularization of informatization, electric power information O&M degree is improved constantly, and information system is pacified
Full protection demand increasingly strengthens.It is bright meanwhile country has formulated the basic demand of information system hierarchical protection and relevant criterion and specification
The information security strategy target in China is really defined, and hierarchical protection is confirmed as by national information peace by the form of official document
Full primary institution and basic method, hierarchical protection are not only detection, assessment and deciding grade and level to safety information product or system,
More importantly surround a basic work of security assurance information overall process.By by hierarchical method and security system side
Method effectively combines, and designs a set of hierarchical Information Security System, forms the software production that security baseline closes rule management system
Product, be suitable system solve a very effective method of large organization information security issue.
Cause security not high without for the platform that power information system is monitored in the prior art for above-mentioned
Problem, effective solution is not yet proposed at present.
The content of the invention
The embodiments of the invention provide a kind of power information system monitoring method and device, at least to solve in the prior art
The not high technical problem of security is not caused for the platform that power information system is monitored.
One side according to embodiments of the present invention, there is provided a kind of power information system monitoring method, including:Obtain mesh
Mark the security baseline requirement of information system;The security configuration information of target information system is gathered, wherein, security configuration information includes
It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the
Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the
Security configuration information;According to security baseline requirement and security configuration information, the SAR of target information system is generated.
Another aspect according to embodiments of the present invention, a kind of power information system supervising device is additionally provided, including:Obtain
Module, for obtaining the security baseline requirement of target information system;Acquisition module, the safety for gathering target information system are matched somebody with somebody
Confidence ceases, wherein, security configuration information includes at least one following:First security configuration information of the network equipment, safety means
The second security configuration information, the 3rd security configuration information of main frame, the 4th security configuration information of database, the of middleware
Five security configuration informations, the 6th security configuration information of application system;Generation module, for according to security baseline requirement and safety
Configuration information, generate the SAR of target information system.
In embodiments of the present invention, by obtaining the security baseline requirement of target information system;Gather target information system
Security configuration information, wherein, security configuration information includes at least one following:First security configuration information of the network equipment,
Second security configuration information of safety means, the 3rd security configuration information of main frame, the 4th security configuration information of database, in
Between part the 5th security configuration information, the 6th security configuration information of application system;According to security baseline requirement and security configuration
Information, the SAR of target information system is generated, reached automatic monitoring information system security configuration information and basis
The purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring efficiency
Technique effect, and then solve and cause security not without the platform being monitored for power information system in the prior art
High technical problem.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, forms the part of the application, this hair
Bright schematic description and description is used to explain the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is a kind of power information system monitoring method flow chart according to embodiments of the present invention;
Fig. 2 is a kind of optional power information system monitoring method flow chart according to embodiments of the present invention;
Fig. 3 is a kind of power information system monitoring system schematic diagram according to embodiments of the present invention;
Fig. 4 is that reason system schematic is regulated in a kind of security baseline conjunction according to embodiments of the present invention;And
Fig. 5 is a kind of power information system supervising device schematic diagram according to embodiments of the present invention.
Embodiment
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, it should all belong to the model that the present invention protects
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so use
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Cover it is non-exclusive include, be not necessarily limited to for example, containing the process of series of steps or unit, method, system, product or equipment
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
Embodiment 1
According to embodiments of the present invention, there is provided a kind of power information system monitoring method embodiment, it is necessary to explanation,
The step of flow of accompanying drawing illustrates can perform in the computer system of such as one group computer executable instructions, also,
, in some cases, can be with different from shown in order execution herein although showing logical order in flow charts
The step of going out or describing.
Fig. 1 is a kind of power information system monitoring method flow chart according to embodiments of the present invention, as shown in figure 1, the party
Method comprises the following steps:
Step S102, obtain the security baseline requirement of target information system.
As a kind of optional embodiment, above-mentioned target information system can be power information system, above-mentioned security baseline
It is required that can be the minimum security requirement of information system security protection, namely the safety requirements must being fulfilled for.
Alternatively, when above-mentioned security baseline requirement can be required with presetting according to the current security protection of target information system
Between established based on the security event data of the target information system in section.
Step S104, the security configuration information of target information system is gathered, wherein, security configuration information is included as follows at least
One of:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration of main frame
Information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th security configuration of application system
Information.
Specifically, in above-mentioned steps, in real time or timing detects the network equipment, safety means, main frame, database, centre
The security configuration of six big class object of part and application system, analyzed by online acquisition and automatic chemical combination rule, realize security configuration
On-line monitoring, the basic data provided for Information Security Construction.Basic data is the non-traffic data needed for system-based function,
Mainly include rights management data, systematic parameter configuration data etc..Wherein, rights management data can include user profile, account
Number information, agency information, authority information etc., what systematic parameter configuration data can include system operational parameters match somebody with somebody confidence
Breath, system log message, system Self management information etc., they are stored with database or file mode.
It should be noted that the dynamic data source of rule management system is closed in base-line data collection as security baseline, quilt is completed
Concentration, active collection and the pretreatment of supervised entities' layer data;Acquisition target includes host computer system, Database Systems, network and set
Standby, safety means, middleware, application system etc., gathered data type include status information, performance information and configuration information.And
The security factor data interacted with external systems such as IMS, Anti-Virus, hole scanners.
Step S106, according to security baseline requirement and security configuration information, generate the safety analysis report of target information system
Accuse.
Specifically, in above-mentioned steps, after the security configuration information of collection target information system, with the target information system
The security baseline of system requires contrast, and according to comparing result, generates the SAR of the target information system.
As a kind of optional embodiment, while the security configuration information of target information system is gathered, can combine
The information such as the computer room of the target information system, management system, according to security baseline requirement and security configuration information, generation target letter
The SAR of breath system.
As an alternative embodiment, according to security baseline requirement and security configuration information, target information is generated
Before the SAR of system, the above method also includes:Show the security configuration letter of the target information system collected
Breath.It is alternatively possible to the security configuration information of the target information system collected is shown from business system perspective.
It should be noted that business datum includes resources-type data, baseline management class data, security management and control class data, peace
Full monitoring class data, safety close rule class data, the major class of statistical analysis class data six.
Wherein, resources-type data are the bases that security baseline closes rule each service implementation of management system, including from automatic hair
Existing data, pass through the data of manual maintenance, the data obtained by external system.Resources-type data are according to resource object types
It is divided into host resource, database resource, network equipment resource, safety means resource, middleware resource, application system resource, thing
Manage machine room resource, security system resource, Security Officer's resource etc..
Safety standard class data are that security baseline closes the guidance data for advising each service implementation of management system, including baseline library
Data, security knowledge base data.Baseline library data refer to security baseline standard and baseline index collection technical tactic, the safety of landing
Close rule decision technology strategy and corresponding safety recommendation;Security knowledge base data refer to the country such as hierarchical protection, risk assessment and public affairs
Take charge of every security system, the codes and standards issued.
Security management and control class data are that security baseline closes the business datum for advising management system security management and control class business, including safety
Issue management data, risk management data, safety examination data and advertisement data, to every trouble free service flow carry out record and
Safeguard.
Safety monitoring class data are that security baseline closes the business datum for advising management system safety monitoring class business, including safety
Alarm data, security event data, safety supervise and examine data, security breaches data, penetration testing data etc., reflect each business in real time
The safe condition of system, also provide safety monitoring basic data for upper strata statistical analysis.
It is that security baseline closes the business datum that rule management system closes safely rule class business, including grade that safety, which closes rule class data,
Data, risk assessment data, baseline assessment data etc. are protected, reflects the result that safety evaluation is carried out according to every safety standard,
Safety, which is provided, for upper strata statistical analysis closes rule basic data.
Statistical data analysis closes the statistical data analysis of rule class data based on security management and control, safety monitoring, safety, is safety
Baseline closes rule management system visual key data source, including association analysis data, report data, etc. guarantor close rule number of views
According to, risk assessment viewdata, alarm view data, track problems viewdata, push achievement data etc..
From the foregoing, it will be observed that in the above embodiments of the present application, by obtaining target information system (for example, power information system)
Security baseline requirement, and the security configuration information obtained with the real-time or periodic monitor target information system running is carried out
Contrast, the SAR of the target information system is generated, reached automatic monitoring information system security configuration information and root
According to the purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring effect
The technique effect of rate, and then solve and cause security without the platform being monitored for power information system in the prior art
Not high technical problem.
In a kind of optional embodiment, above-mentioned security baseline requires to include at least one following:Security configuration requirement, peace
Total state requirement, security breaches requirement, wherein, security configuration includes:Operating system configuration, application system configuration, the network equipment
Configuration and safety means configuration, safe condition require to include:Port status, process status, server state, network topology shape
State, vital document change state, security breaches include:Loopholes of OS, database leak, application system leak and network are set
Standby leak.
Specifically, in the above-described embodiments, security configuration can be the safety defect as caused by artificial carelessness, main bag
Account number, password, mandate, daily record, IP communications etc. are included, reflects the fragility of system configuration;Safe condition can be by system O&M
The safety defect of the improper initiation of personal management, mainly including system running state, network port state, process, audit etc., reflection
System is presently in the safe condition of environment;Security breaches can be the safety defect triggered by the problem of system itself, main
To include login leak, refusal service leak, buffer overflow, worm back door, fortuitous event disposal mistake etc., reflection system is certainly
The Security Vulnerability of body.
In a kind of optional embodiment, as shown in Fig. 2 after the security configuration information of collection target information system,
The above method can also include:
Step S202, the security configuration information of real-time monitoring objective information system;
Step S204, in the case where exception occurs for security configuration information, target letter is repaired by third party software instrument
The security configuration information of breath system.
Specifically, in the above-described embodiments, (network equipment, safety means, master are included but is not limited to for different objects
Machine, database, middleware and application system) security configuration information, can use different third party software instrument inspection or
Repair its security configuration information.
Can be Electricity Information Network according to above-mentioned any one optional or preferred embodiment, above-mentioned target information system
System.
As a kind of preferred embodiment, implemented based on the optional power information system monitoring method of above-mentioned any one
Example, Fig. 3 is a kind of power information system monitoring system schematic diagram according to embodiments of the present invention, as shown in figure 3, the system bag
Include:Security baseline closes scale block, the network equipment, safety means, main frame, database, middleware and application system.
Alternatively, above-mentioned power information system monitoring system can include following three kinds of users:System user, management user
With security audit user, wherein, system user is responsible for the normal operation of platform, according to system security protection Life cycle safeguard
The safety of various information system, the problem of each information system is present is found in time and is handled.With reference to platform operation information, peace is submitted
Full construction plan, perform Security Construction work;It is the keeper that security baseline closes scale block to manage user, to system related information
Be managed and configure, system mode is safeguarded, including user management, user role distribution, data backup restoration,
Data import and export, and the maintenance of basic data, security baseline storehouse and criterion rule base;Security audit user is to system user
Operation behavior, data access behavior carry out security audit.
It should be noted that it is software systems that security baseline, which closes scale block, carrier is server, and security baseline closes scale block
Include application and database.
Following technique effect can be reached by above-described embodiment:
(1) security protection detection automation.
The automation collection of safety index is realized, strong technological means is provided for Risk of Information System management.From longitudinal direction
Two aspects of (between each information system) and laterally (between constituent parts) carry out exhibition directly perceived in real time to information system security protective capacities
It is existing, provide administration base for Information System Security Construction, problem rectification, work supervision, realize inter-system data interact close friendization,
Information security work progress is changed online, safety supervision management automates, system O&M situation is intuitively changed.
(2) test and evaluation report is precisely and improving suggestions are specialized.
Based on unified security baseline storehouse and criterion is judged, realizes evaluating information system risk, hierarchical protection test and appraisal, baseline
The accurate and objectivity of compliance report, with reference to evaluating result and safety prevention measure, there is provided specialized improving suggestions.
(3) it is horizontal to improve O&M.
Scale block is closed by security baseline, strengthens the specialized management of information security, lifts the intelligence of information system security state
Energy analysis level, improves the control ability to information system security risk and potential safety hazard;Specification information system security O&M work
Make flow, improve maintenance work efficiency;Information security events judgement and disposal ability are improved, reduces business interruption time, is improved
Service quality.
(4) data sharing and accurate.
The effective mechanism and Technical Architecture of data sharing are established, realizes the longitudinally through and horizontal integrating of data, solves letter
Cease the uniformity and integrity issue of data in system administration and operational management, constantly authority data quality management and control flow, lifting
The accuracy of data.
(5) protecting information safety system is built.
Design information system overall safety protectiving scheme;Improve safety protection technique means;The safety management system of establishing and improve
Degree, simultaneously perfect information security management processes and rules and regulations are designed, form protecting information safety system.According to the actual safety in three ground
Demand and information security protective overall scheme, complete the buying and deployment of the hardware such as security infrastructure.Pass through information security wind
Danger is assessed and hierarchical protection assessment approach, finds and rectifies and improves Information Security Risk, improves the robustness of information system.
Based on above-described embodiment, as a preferred embodiment, Fig. 4 is one kind safety according to embodiments of the present invention
Baseline closes and regulates reason system schematic, as shown in figure 4, the security baseline, which closes rule management system, is divided into eight big functional modules, including
Security postures view, security management and control, safety monitoring, safety close rule, asset management, baseline management, system administration and baseline acquisition.
Security baseline closes the secure data collection that rule management system is completed safety monitoring object by baseline acquisition;Asset management, baseline pipe
Reason and system administration complete the maintenance of system-based data;Security management and control, safety monitoring, safety close rule and complete safe operation state
Monitoring and trouble free service flow management and control;Security postures view completes each side security postures data statistic analysis and displaying.
Security baseline close rule management system baseline acquisition to the network equipment, safety means, main frame, database, in
Between on the basis of part, application system acquisition function, add third party's instrument acquisition interface, including IMS, Anti-Virus, leak are swept
Retouch instrument, penetration testing instrument etc..The interaction of security baseline data or trouble free service state of progress is realized, is provided for upper layer application
Comprehensive data are supported.
Safety monitoring is based on the function such as third party's instrument gathered data, addition vulnerability scanning, penetration testing, safety supervise and examine,
Realize to system vulnerability, using the monitoring of leak, and the association analysis of monitoring result is provided, to find potential safety problem.
Security management and control carries out safety problem disposition tracking by workflow management, so as to provide to safety problem management and control.Security postures
View is newly-increased to provide service security view and track problems view, and the angle different from two carries out visualization exhibition to security postures
It is existing.
Security baseline closes rule management system and mainly realized to IT Asset Allocations, leak, the collection of risk and automatic chemical combination rule,
Potential safety hazard and risk existing for IT assets objects are found in time, there is provided improving suggestions.With reference to《Information system hierarchical protection is defined the level
Guide》, system deciding grade and level is level two.Protecting information safety demand is as follows:
(1) interacted using https, it is ensured that the confidentiality of data transmission procedure, using user name+password+dynamically test
The mode of card code prevents password violence from guessing solution;Automatic checking user password complexity, force user first log into must system repair
Change initial challenge, prevent the presence of default password and weak passwurd;
(2) limiting uploading executable file, program, picture, code equivalent risk data, to ";、/、、‘、<、>" etc. it is special
Character is filtered or changed, and prevents the malicious attacks such as SQL injection, cross site scripting.
(3) according to business demand and minimum right principle, different roles and authority are set, prevents secrecy or restricted data
Unauthorized access.
(4) in sensitive data (such as password, key service system data) storing process, it is encrypted using encryption technology,
Ensure data storage security.
(5) the security audit function of covering each user is provided, the user's login, user to application system are exited, operated
Audited Deng safety significant incident, configure independent audit progress, ensure that audit can not be deleted, change or covered to record of the audit
Record, safeguard the integrality of audit activities.
(6) the automatic schedule backup data of system, and storage is encrypted using encryption technology.
(7) security baseline compliance system is equipped with independent acquisition engine, only reads assets object configuration information, does not install and appoints
What program and do not produce Stub File.
(8) to avoid influenceing other operation system normal operations, system provides scan period and threshold values setting function, user
Can be according to own net bandwidth and operation system busy extent custom scan cycle and threshold values.
(9) source code test, performance test and safety test are carried out before online implementing, it is ensured that system safety and stability is reached the standard grade.
It should be noted that existing test technique automatic is confined to the methods of script command, log truncation, acquisition
Information is not comprehensive, and specific aim is not strong, it is necessary to substantial amounts of later stage parsing work.Novel automatic detection technique, such as main frame need to be developed
Based on operating system APT bottom calling technologies etc. in detection.And the above-mentioned each embodiment of the application, based on security baseline thought,
With reference to《The security setup control message standards of ISO/IEC 27001》, research safety construction overall process, realize that power information system is pacified
Full protection design, construction, O&M, assessment, emergency event disposal, the management and control of supervision overall process, build up the information peace for meeting PDCA
Closed-loop management system, solves the workflow management of information security work shortage closed loop, safety problem has no data available, showed without what track can chase after
Shape, realize the management and control of power information system security protection overall process, it is ensured that every safety management system is entered by way of technology
Row management and control, while corresponding safety management standard is formulated for security baseline, realize information security closed loop from technology and management
Management.
Embodiment 2
According to embodiments of the present invention, additionally provide a kind of for realizing power information system monitoring side in above-described embodiment 1
The device embodiment of method, Fig. 5 is a kind of power information system supervising device schematic diagram according to embodiments of the present invention, such as Fig. 5 institutes
Show, the device includes:Acquisition module 501, acquisition module 503 and generation module 505.
Wherein, acquisition module 501, for obtaining the security baseline requirement of target information system;
Acquisition module 503, for gathering the security configuration information of target information system, wherein, security configuration information includes
It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the
Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the
Security configuration information;
Generation module 505, for according to security baseline requirement and security configuration information, generating the safety of target information system
Analysis report.
Herein it should be noted that above-mentioned acquisition module 501, acquisition module 503 and generation module 505 correspond to embodiment
Step S102 to S106 in 1, above-mentioned module is identical with example and application scenarios that corresponding step is realized, but is not limited to
State the disclosure of that of embodiment 1.It should be noted that above-mentioned module can be in such as one group of calculating as a part of of device
Performed in the computer system of machine executable instruction.
From the foregoing, it will be observed that in the above embodiments of the present application, target information system is obtained (for example, electricity by acquisition module 501
Force information system) security baseline requirement, and by acquisition module 503 in real time or the periodic monitor target information system was run
The security configuration information that journey obtains, security baseline requirement and the security configuration information collected are carried out by generation module 505
Contrast, the SAR of the target information system is generated, reached automatic monitoring information system security configuration information and root
According to the purpose of the security configuration information generation SAR monitored, it is achieved thereby that improving power information system monitoring effect
The technique effect of rate, and then solve and cause security without the platform being monitored for power information system in the prior art
Not high technical problem.
In a kind of optional embodiment, above-mentioned security baseline requires to include at least one following:Security configuration requirement, peace
Total state requirement, security breaches requirement, wherein, security configuration includes:Operating system configuration, application system configuration, the network equipment
Configuration and safety means configuration, safe condition require to include:Port status, process status, server state, network topology shape
State, vital document change state, security breaches include:Loopholes of OS, database leak, application system leak and network are set
Standby leak.
In a kind of optional embodiment, said apparatus also includes:Monitoring module, for real-time monitoring objective information system
Security configuration information;Repair module, in the case of exception occurs in security configuration information, by third party software instrument
Repair the security configuration information of target information system.
Herein it should be noted that step S202 that above-mentioned monitoring module and repair module correspond in embodiment 1 and
S204, above-mentioned module is identical with example and application scenarios that corresponding step is realized, but is not limited to disclosed in above-described embodiment 1
Content.It should be noted that above-mentioned module can be in such as one group of computer executable instructions as a part of of device
Performed in computer system.
In a kind of optional embodiment, above-mentioned target information system is Electricity Information Network system.
Embodiment 3
According to embodiments of the present invention, a kind of storage medium is additionally provided, storage medium includes the program of storage, wherein, journey
Sequence performs the optional power information system monitoring method of any one in embodiment 1.
Embodiment 4
According to embodiments of the present invention, a kind of processor is additionally provided, it is characterised in that processor is used for operation program, its
In, the optional power information system monitoring method of any one in embodiment 1 is performed when program is run.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
In the above embodiment of the present invention, the description to each embodiment all emphasizes particularly on different fields, and does not have in some embodiment
The part of detailed description, it may refer to the associated description of other embodiment.
In several embodiments provided herein, it should be understood that disclosed technology contents, others can be passed through
Mode is realized.Wherein, device embodiment described above is only schematical, such as the division of the unit, Ke Yiwei
A kind of division of logic function, can there is an other dividing mode when actually realizing, for example, multiple units or component can combine or
Person is desirably integrated into another system, or some features can be ignored, or does not perform.Another, shown or discussed is mutual
Between coupling or direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some interfaces, unit or module
Connect, can be electrical or other forms.
The unit illustrated as separating component can be or may not be physically separate, show as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On unit.Some or all of unit therein can be selected to realize the purpose of this embodiment scheme according to the actual needs.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, can also
That unit is individually physically present, can also two or more units it is integrated in a unit.Above-mentioned integrated list
Member can both be realized in the form of hardware, can also be realized in the form of SFU software functional unit.
If the integrated unit is realized in the form of SFU software functional unit and is used as independent production marketing or use
When, it can be stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially
The part to be contributed in other words to prior art or all or part of the technical scheme can be in the form of software products
Embody, the computer software product is stored in a storage medium, including some instructions are causing a computer
Equipment (can be personal computer, server or network equipment etc.) perform each embodiment methods described of the present invention whole or
Part steps.And foregoing storage medium includes:USB flash disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic disc or CD etc. are various can be with store program codes
Medium.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (10)
- A kind of 1. power information system monitoring method, it is characterised in that including:Obtain the security baseline requirement of target information system;The security configuration information of the target information system is gathered, wherein, the security configuration information includes at least one following: First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd security configuration information of main frame, The 4th security configuration information, the 5th security configuration information of middleware, the 6th security configuration information of application system of database;According to security baseline requirement and the security configuration information, the safety analysis report of the target information system is generated Accuse.
- 2. according to the method for claim 1, it is characterised in that the security baseline requires to include at least one following:Peace Full configuration requirement, safe condition requirement, security breaches requirement, wherein, the security configuration includes:Operating system configuration, application System configuration, network equipments configuration and safety means configuration, the safe condition require to include:Port status, process status, clothes Business device state, network topology state, vital document change state, the security breaches include:Loopholes of OS, database leakage Hole, application system leak and network equipment leak.
- 3. according to the method for claim 1, it is characterised in that gathering the security configuration information of the target information system Afterwards, methods described also includes:The security configuration information of the target information system is monitored in real time;In the case where exception occurs for the security configuration information, the target information system is repaired by third party software instrument Security configuration information.
- 4. method as claimed in any of claims 1 to 3, it is characterised in that the target information system is electric power Information network system.
- A kind of 5. power information system supervising device, it is characterised in that including:Acquisition module, for obtaining the security baseline requirement of target information system;Acquisition module, for gathering the security configuration information of the target information system, wherein, the security configuration information includes It is at least one following:First security configuration information of the network equipment, the second security configuration information of safety means, the 3rd of main frame the Security configuration information, the 4th security configuration information of database, the 5th security configuration information of middleware, the 6th of application system the Security configuration information;Generation module, for according to security baseline requirement and the security configuration information, generating the target information system SAR.
- 6. device according to claim 5, it is characterised in that the security baseline requires to include at least one following:Peace Full configuration requirement, safe condition requirement, security breaches requirement, wherein, the security configuration includes:Operating system configuration, application System configuration, network equipments configuration and safety means configuration, the safe condition require to include:Port status, process status, clothes Business device state, network topology state, vital document change state, the security breaches include:Loopholes of OS, database leakage Hole, application system leak and network equipment leak.
- 7. device according to claim 5, it is characterised in that described device also includes:Monitoring module, for monitoring the security configuration information of the target information system in real time;Repair module, in the case of exception occurs in the security configuration information, institute is repaired by third party software instrument State the security configuration information of target information system.
- 8. the device according to any one in claim 5 to 7, it is characterised in that the target information system is electric power Information network system.
- A kind of 9. storage medium, it is characterised in that the storage medium includes the program of storage, wherein, described program right of execution Profit requires the power information system monitoring method described in any one in 1 to 4.
- A kind of 10. processor, it is characterised in that the processor is used for operation program, wherein, right of execution when described program is run Profit requires the power information system monitoring method described in any one in 1 to 4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710721249.5A CN107689954A (en) | 2017-08-21 | 2017-08-21 | Power information system monitoring method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710721249.5A CN107689954A (en) | 2017-08-21 | 2017-08-21 | Power information system monitoring method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107689954A true CN107689954A (en) | 2018-02-13 |
Family
ID=61153586
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710721249.5A Pending CN107689954A (en) | 2017-08-21 | 2017-08-21 | Power information system monitoring method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107689954A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361650A (en) * | 2018-09-06 | 2019-02-19 | 国网山东省电力公司菏泽供电公司 | A kind of power information system monitoring method |
CN110222525A (en) * | 2019-05-14 | 2019-09-10 | 新华三大数据技术有限公司 | Database manipulation auditing method, device, electronic equipment and storage medium |
CN110381090A (en) * | 2019-08-23 | 2019-10-25 | 新华三信息安全技术有限公司 | Terminal abnormal detection method, device, detection device and machine readable storage medium |
CN110414266A (en) * | 2019-07-17 | 2019-11-05 | 中科恒运股份有限公司 | A kind of application method about establishment officer's information management |
CN111818027A (en) * | 2020-06-28 | 2020-10-23 | 云南电网有限责任公司电力科学研究院 | Method for quickly checking and configuring network security baseline of power monitoring host operating system |
CN112733147A (en) * | 2021-01-07 | 2021-04-30 | 中国工商银行股份有限公司 | Equipment safety management method and system |
CN113656122A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Information screening method, device and system for equal protection evaluation |
CN113672479A (en) * | 2021-04-27 | 2021-11-19 | 全球能源互联网研究院有限公司 | Data sharing method and device and computer equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238038A (en) * | 2011-07-26 | 2011-11-09 | 北京神州绿盟信息安全科技股份有限公司 | Network equipment security evaluation method and device |
CN102546296A (en) * | 2011-12-31 | 2012-07-04 | 广东电网公司信息中心 | Automatic detecting method and device for electric power industry information system networking safety evaluation |
US20150358218A1 (en) * | 2014-06-04 | 2015-12-10 | Verizon Patent And Licensing Inc. | Statistical monitoring of customer devices |
-
2017
- 2017-08-21 CN CN201710721249.5A patent/CN107689954A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102238038A (en) * | 2011-07-26 | 2011-11-09 | 北京神州绿盟信息安全科技股份有限公司 | Network equipment security evaluation method and device |
CN102546296A (en) * | 2011-12-31 | 2012-07-04 | 广东电网公司信息中心 | Automatic detecting method and device for electric power industry information system networking safety evaluation |
US20150358218A1 (en) * | 2014-06-04 | 2015-12-10 | Verizon Patent And Licensing Inc. | Statistical monitoring of customer devices |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109361650A (en) * | 2018-09-06 | 2019-02-19 | 国网山东省电力公司菏泽供电公司 | A kind of power information system monitoring method |
CN110222525A (en) * | 2019-05-14 | 2019-09-10 | 新华三大数据技术有限公司 | Database manipulation auditing method, device, electronic equipment and storage medium |
CN110222525B (en) * | 2019-05-14 | 2021-08-06 | 新华三大数据技术有限公司 | Database operation auditing method and device, electronic equipment and storage medium |
CN110414266A (en) * | 2019-07-17 | 2019-11-05 | 中科恒运股份有限公司 | A kind of application method about establishment officer's information management |
CN110381090A (en) * | 2019-08-23 | 2019-10-25 | 新华三信息安全技术有限公司 | Terminal abnormal detection method, device, detection device and machine readable storage medium |
CN111818027A (en) * | 2020-06-28 | 2020-10-23 | 云南电网有限责任公司电力科学研究院 | Method for quickly checking and configuring network security baseline of power monitoring host operating system |
CN112733147A (en) * | 2021-01-07 | 2021-04-30 | 中国工商银行股份有限公司 | Equipment safety management method and system |
CN112733147B (en) * | 2021-01-07 | 2024-05-17 | 中国工商银行股份有限公司 | Equipment security management method and system |
CN113672479A (en) * | 2021-04-27 | 2021-11-19 | 全球能源互联网研究院有限公司 | Data sharing method and device and computer equipment |
CN113656122A (en) * | 2021-07-28 | 2021-11-16 | 上海纽盾科技股份有限公司 | Information screening method, device and system for equal protection evaluation |
CN113656122B (en) * | 2021-07-28 | 2023-05-16 | 上海纽盾科技股份有限公司 | Information screening method, device and system for equal-protection assessment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107689954A (en) | Power information system monitoring method and device | |
Gunes et al. | Cyber security risk assessment for seaports: A case study of a container port | |
Rajan et al. | Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management | |
CN104283889B (en) | APT attack detectings and early warning system inside electric system based on the network architecture | |
CN106411578A (en) | Website monitoring system and method applicable to power industry | |
Bugeja et al. | IoTSM: an end-to-end security model for IoT ecosystems | |
CN107835982A (en) | Method and apparatus for management security in a computer network | |
Kure et al. | Assets focus risk management framework for critical infrastructure cybersecurity risk management | |
CN107015895A (en) | Data-centered monitoring to the conjunction rule of Distributed Application | |
CN106383768A (en) | Mobile device operation behavior-based supervision analysis system and method | |
CN109583711A (en) | A kind of security risk assessment whole process management system | |
Park et al. | Analysis of information security management systems at 5 domestic hospitals with more than 500 beds | |
CN113114647A (en) | Network security risk detection method and device, electronic equipment and storage medium | |
Baig et al. | Cyber-security risk assessment framework for critical infrastructures | |
CN110033174A (en) | A kind of industrial information efficient public security system building method | |
CN116050840B (en) | Information security risk discovery method and discovery system | |
Ahammed | Modern-Day Asset Security and Management Methodology | |
CN107644165A (en) | Security protection platform and safety protecting method and device | |
You et al. | Advanced approach to information security management system utilizing maturity models in critical infrastructure | |
Akbarzadeh | Dependency based risk analysis in Cyber-Physical Systems | |
CN110516441A (en) | A kind of intelligence safety protection detection for adopting terminal | |
CN115600189A (en) | Commercial password application security evaluation system | |
Kizza | Security Assessment, Analysis, and Assurance | |
Chehida et al. | Risk assessment in iot case study: Collaborative robots system | |
Yan et al. | Research on key technologies of industrial internet data security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180213 |