CN116405240A - Industrial information network security test evaluation system - Google Patents

Industrial information network security test evaluation system Download PDF

Info

Publication number
CN116405240A
CN116405240A CN202310059348.7A CN202310059348A CN116405240A CN 116405240 A CN116405240 A CN 116405240A CN 202310059348 A CN202310059348 A CN 202310059348A CN 116405240 A CN116405240 A CN 116405240A
Authority
CN
China
Prior art keywords
evaluation
user
information
test
scheme
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310059348.7A
Other languages
Chinese (zh)
Inventor
郭苗
孟邹清
张鑫
刘瑶
赵志强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Instrumentation Technology And Economy Institute P R China
Original Assignee
Instrumentation Technology And Economy Institute P R China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Instrumentation Technology And Economy Institute P R China filed Critical Instrumentation Technology And Economy Institute P R China
Priority to CN202310059348.7A priority Critical patent/CN116405240A/en
Publication of CN116405240A publication Critical patent/CN116405240A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0631Resource planning, allocation, distributing or scheduling for enterprises or organisations
    • G06Q10/06311Scheduling, planning or task assignment for a person or group
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Marketing (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Development Economics (AREA)
  • Data Mining & Analysis (AREA)
  • Game Theory and Decision Science (AREA)
  • Educational Administration (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an industrial information network security test evaluation system, which is based on a browser/server architecture and comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module; integrating different types of industrial information network security test evaluation schemes and tools to form a top-level comprehensive public service capability, and constructing an independently-innovated industrial control information network security test evaluation system; the evaluation scheme library module comprises a plurality of types of industrial control information network safety standard compliance test evaluation schemes and professional test evaluation schemes, personalized customization can be realized through the evaluation scheme customization module, and the test evaluation schemes are more flexible and have pertinence; and the method supports the expansion of various testing tools and comprehensively improves the comprehensive service capability of the industrial information network security test evaluation.

Description

Industrial information network security test evaluation system
Technical Field
The invention relates to the technical field of industrial control information network security assessment, in particular to an industrial information network security test assessment system.
Background
The industrial control system belongs to a core system in a national key infrastructure, and once the industrial control system is subjected to network security attack, the industrial control system is easy to fail or be controlled, and directly influences normal business production, so that security accidents occur, and serious economic loss, casualties, serious social influence and the like are caused.
At present, the top-level comprehensive industrial information network security test evaluation service system is still blank, and the industrial information network security test evaluation resources are in a fragmented island mode, so that the problems of solidification of a test evaluation scheme, complex test evaluation application procedure, time and labor waste in off-line cross-region evaluation and the like exist.
Disclosure of Invention
The invention aims to provide an industrial information network security test evaluation system, which integrates different types of industrial information network security test evaluation schemes and test evaluation tools based on a browser/server architecture to form a top-level comprehensive public service capability and construct an independently innovative industrial control information network security test evaluation system; the evaluation scheme library module comprises a plurality of types of industrial control information network safety standard compliance test evaluation schemes and professional test evaluation schemes, personalized customization can be realized through the evaluation scheme customization module, and the test evaluation schemes are more flexible and have pertinence; the evaluation tool integration module provides an integration interface of the industrial information network security test evaluation tool to the outside, supports flexible expansion of different types of online/offline evaluation tools and the system, and comprehensively improves comprehensive service capability of industrial information network security test evaluation.
In order to solve the technical problems, the invention adopts the following technical scheme: the system comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module;
the portal display module is used for displaying the industrial information network security test evaluation system; the evaluation application module is user-oriented and is used for submitting an industrial information network security test evaluation application; the evaluation execution module is used for evaluating applied industrial information network security test evaluation; the evaluation scheme library module is used for storing an industrial information network security test evaluation scheme; the system administrator-oriented module is used for dynamically managing and customizing the industrial control information network security assessment scheme in the assessment scheme according to the actual requirements of industrial control industry network security test assessment; the assessment tool integration module is used for providing a tool integration interface for other external industrial control information network security assessment tools of the management system; the personal information management module is user-oriented and is used for managing the registration information of the user and managing the proposed industrial information network security test evaluation application; the system management module is oriented to a system administrator and is used for managing users, evaluation personnel and system logs.
The industrial control safety test evaluation system comprises a portal display module, a service management module and a service management module, wherein the portal display module comprises a system overall introduction function unit, a test evaluation service introduction function unit, a served enterprise introduction function unit, a consultation function unit, a use description function unit and a contact us function unit;
the system integrally introduces a functional unit, and shows the construction background, purpose, professionality, authority, reliability, innovation, value and the like of the test evaluation system in a picture and text form, so that the user can conveniently inquire and know the system function;
the test evaluation service introduction function unit displays related introduction information of various types of test evaluation services which can be provided by the test evaluation system in a list form, and provides inquiry and selection for users;
the functional unit is introduced by the served enterprises, displays the information of the names, logo and the like of the enterprises served by the test evaluation system in the form of a dynamic rolling list, and provides related inquiry for users;
the consultation function unit specifically combines specific industrial information network security test evaluation requirements of users and provides consultation problems in a targeted manner; the proposed consultation questions are informed to the system administrator to answer in the form of system messages;
The usage instruction function unit is user-oriented, provides a system usage instruction manual downloading function, and helps a user to quickly master the operation method of the system;
the contact function unit is used for displaying the communication address, the postal code, the fixed telephone, the fax and the electronic mailbox information of the professional institution providing the industrial information network security test evaluation service, and is convenient for a user to contact the test evaluation service institution to feed back the information such as specific problems in the test evaluation process.
The industrial control safety test evaluation system comprises an evaluation application module, a control module and a control module, wherein the evaluation application module comprises a user registration function unit, a user login function unit and an evaluation application function unit;
the user registration function unit is user and is used for providing a user registration function;
the user login function unit is used for verifying user login information, and after verification is passed, a user can use related operation of the test evaluation system;
the evaluation application functional unit specifically introduces various test evaluation services displayed by the functional unit according to the test evaluation services of the portal display module, selects specific test evaluation services according to actual service requirements, fills out detailed evaluation requirements, submits test application, and starts the evaluation execution module after the test application is submitted.
The industrial control safety test evaluation system comprises an evaluation application auditing function unit, an evaluation order implementation function unit and an evaluation order statistics management function unit;
the evaluation application auditing function unit is oriented to an evaluation supervisor and is used for auditing the evaluation requirement according to the evaluation application submitted by the user and generating an evaluation order for the evaluation application passing the auditing; for the evaluation application which is not passed by the auditing, canceling the evaluation application or notifying the user to modify the evaluation application, and feeding the auditing result back to the user in the form of a message;
the evaluation order implementation functional unit specifically comprises: for the checking orders which pass the checking and are not subjected to the checking, the checking and evaluating supervisor sequentially distributes the checking and evaluating personnel according to the submitting time sequence and the checking and evaluating requirement information of each order, and by combining the professional direction of each checking and evaluating personnel, the number of the currently implemented orders and the experience value, the checking and evaluating personnel are comprehensively considered; after the allocation of the evaluation orders is completed, notifying the evaluation specialists in the form of messages; for the distributed to-be-evaluated orders, the evaluation personnel sequentially analyzes the evaluation requirements according to the submitting time sequence of each to-be-evaluated order, and invokes corresponding evaluation tools according to the specific evaluation flow and steps in the operation instruction of the corresponding evaluation scheme to implement the evaluation in an on-line or off-line mode;
The evaluation order statistics management function unit displays information of each evaluation order in a list form, wherein the evaluation order information comprises enterprise names, contacts, contact phones, order placing time, evaluation requirements and corresponding evaluation scheme names; counting and giving out the number of evaluation applications to be audited; counting and giving out the number of the evaluation orders to be evaluated; and displaying the number of the newly increased evaluation orders and the number of the completed evaluation orders in each month in the period of about 12 months in the form of a line diagram.
The industrial control safety test evaluation system comprises an evaluation scheme library module, a test and evaluation system module and a test and evaluation system module, wherein the evaluation scheme library module comprises a standard compliance evaluation scheme library functional unit and a professional evaluation scheme library functional unit;
the standard compliance assessment scheme library function unit is used for storing standard compliance assessment schemes, including standard compliance assessment schemes which are solidified into the system during system design, and standard compliance assessment schemes which can be customized through an assessment scheme customization module according to actual requirements of users;
the professional evaluation scheme library functional unit is used for storing professional evaluation schemes, including professional evaluation schemes which are solidified into the system during system design, and professional evaluation schemes customized by an evaluation scheme customization module according to actual demands of users; the professional evaluation scheme which has been solidified into the system at the time of system design includes: a communication robustness test scheme, a baseline checking evaluation scheme, a vulnerability scanning evaluation scheme, a source code security audit scheme and an industrial internet platform test scheme.
The industrial control safety test evaluation system comprises an evaluation scheme customization module, a test scheme verification module and a test scheme verification module, wherein the evaluation scheme customization module comprises a newly added evaluation scheme functional unit, a release evaluation scheme functional unit, a sequencing evaluation scheme functional unit and a deletion evaluation scheme functional unit;
the newly added evaluation scheme functional unit is used for creating an industrial control information network security evaluation scheme, inputting the name, the evaluation basis, the evaluation details, the evaluation flow and the evaluation operation instruction book of the evaluation scheme, adding an evaluation report template, and associating related evaluation tools by using an evaluation tool integration module; storing the newly added evaluation scheme into an evaluation scheme library;
the issuing evaluation scheme functional unit is used for issuing the names and evaluation bases of the established evaluation schemes in the evaluation scheme library to the test evaluation service introduction functional unit of the portal display module for the user to inquire and select; according to the requirement, canceling the testing and evaluating service of the portal display module to introduce the content of a certain published evaluating scheme in the functional unit.
The sequencing evaluation scheme functional unit is used for modifying the sequence of the established evaluation schemes in the evaluation scheme library according to the actual market demands of the industrial control industry and the business capacity of the evaluation mechanism, and automatically updating the sequence to the test evaluation service introduction functional unit of the portal display module for users to inquire and select; according to the requirement, canceling the testing evaluation service of the portal display module introduces a certain published testing scheme in the functional unit.
The test evaluation scheme deleting functional unit is used for deleting an established evaluation scheme in the evaluation scheme library according to the actual market demand of the industrial control industry and automatically updating the test evaluation service introduction functional unit of the portal display module.
The industrial control safety test evaluation system comprises an evaluation tool integration module, a test tool management module and a test tool management module, wherein the evaluation tool integration module comprises an on-line evaluation tool integration function unit and an off-line evaluation tool integration function unit;
the on-line evaluation tool integration functional unit provides integration interfaces of different types of industrial control information network security evaluation tools capable of carrying out on-line evaluation, and provides corresponding on-line evaluation tool integration for the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module;
the off-line evaluation tool integration functional unit provides an integration interface for other industrial control information network safety evaluation tools which cannot carry out on-line evaluation, and provides corresponding off-line evaluation tool integration for the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module.
The industrial control safety test evaluation system comprises a personal information management module, a personal information management module and an evaluation application management module, wherein the personal information management module comprises a registration information management function unit and an evaluation application management function unit;
The registration information management function unit displays basic information of registered users in the form of a table, wherein the basic information comprises enterprise names, areas, industries, enterprise business licenses and contact ways; the user can change the login password, so that the security of the account is improved;
the evaluation application management functional unit comprises an evaluation application checking sub-functional unit, an evaluation application canceling sub-functional unit, an evaluation information supplementing sub-functional unit and an evaluation report management sub-functional unit; the evaluation application checking sub-function unit displays the submitted evaluation application information of the user in the form of a table, wherein the evaluation application information comprises: an evaluation application name, an evaluation requirement and an evaluation contact phone; and for each evaluation application, displaying the current progress condition in a flow chart form, and providing real-time inquiry for a user. The specific stages of the progress flow comprise: application submission, application audit, order testing and order completion; the evaluation application cancellation sub-functional unit specifically comprises: the user can cancel the submitted evaluation application according to the requirement; the evaluation information supplementing sub-functional unit specifically comprises: the user perfects the related information required by the submitted evaluation application according to the feedback information of the evaluation application auditing function unit; and the evaluation report management sub-functional unit is used for checking or downloading an evaluation report corresponding to the evaluation application of which the test is completed by the user.
The industrial control safety test evaluation system comprises a system management module, a test personnel management module and a log management module, wherein the system management module comprises a user management function unit, an evaluation personnel management function unit and a log management function unit;
the user management function unit is used for auditing the user registration information of the system for registering and using, and notifying the user registration result in the form of a message; presenting user information registered for use of the system in the form of a list, the user information including: enterprise name, contact, and registration time; managing users registered to use the system, wherein specific operations include deletion, deactivation and activation; counting the number of newly registered users; in the form of a bar graph, the statistics of the number of users logging in the system and the statistics of the number of newly added users in a period of about 12 months are shown; displaying untreated and treated user consultation information in a list form;
the evaluation personnel management function unit displays the existing evaluation personnel information in a list form; the system is used for managing the evaluation personnel with different roles; the roles of the evaluation personnel include: the specific management operations comprise: new creation, modification and deletion;
The log management function unit displays the operation log and the login log of the system in a list form for a system administrator to inquire, so as to realize the event recording and tracing functions of the system.
Compared with the prior art, the invention has the advantages that the invention is based on browser/server architecture, and provides online/offline combined industrial information network security test evaluation service for distributed multi-users positioned at different geographic positions; the portal display module and the evaluation application module are arranged, so that a user can more intuitively know the service provided by the system and can conveniently and rapidly apply for evaluation; the system integrates different types of industrial information network security test evaluation schemes and tools to form a top-level comprehensive public service capability, and an autonomous innovative industrial control information network security test evaluation system is constructed; the evaluation execution module is used for sequentially distributing the evaluation personnel by the evaluation supervisor according to the submitting time sequence and the evaluation demand information of each order and combining the professional direction of each evaluation personnel, the number of the currently implemented orders and the experience value; the evaluation scheme library module comprises a plurality of types of industrial control information network safety standard compliance test evaluation schemes and professional test evaluation schemes, personalized customization can be realized through the evaluation scheme customization module, and the test evaluation schemes are more flexible and have pertinence; the evaluation tool integration module provides an integration interface of the industrial information network security test evaluation tool to the outside, supports flexible expansion of different types of evaluation tools and the system, and comprehensively improves comprehensive service capability of industrial information network security test evaluation.
Drawings
FIG. 1 is a schematic block diagram of the present invention;
FIG. 2 is a schematic workflow diagram of the present invention;
FIG. 3 is a schematic diagram of a standard compliance assessment process in accordance with the present invention;
FIG. 4 is a schematic diagram of a communication robustness test flow in the present invention;
FIG. 5 is a schematic diagram of a baseline audit assessment flow scheme in accordance with the present invention;
FIG. 6 is a schematic diagram of a vulnerability scanning and evaluating flow according to the present invention;
FIG. 7 is a schematic diagram of a source code security audit process in accordance with the present invention;
FIG. 8 is a schematic diagram of an industrial Internet platform test in accordance with the present invention; the invention is further described below with reference to the drawings and the detailed description.
Detailed Description
Example 1 of the present invention: the system comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module;
the portal display module is used for displaying the industrial information network security test evaluation system; the evaluation application module is user-oriented and is used for submitting an industrial information network security test evaluation application; the evaluation execution module is used for auditing and evaluating the submitted industrial information network security test evaluation application and providing an evaluation report; the evaluation scheme library module is used for storing an industrial information network security test evaluation scheme; the system administrator-oriented evaluation scheme customizing module is used for dynamically managing and customizing the industrial control information network security evaluation scheme in the evaluation scheme according to the actual requirements of industrial control industry network security test evaluation; the module is used for providing an integrated interface for other external industrial control information network security assessment tools of the management system; the personal information management module is user-oriented and is used for managing the registered information of the user and managing the proposed industrial information network security test evaluation application; the system management module is oriented to a system administrator and is used for managing users, evaluation personnel and system logs.
Example 2 of the present invention: the system comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module;
the portal display module comprises a system integral introduction function unit, a test evaluation service introduction function unit, a served enterprise introduction function unit, a consultation function unit, a use description function unit and a contact us function unit;
the system integrally introduces a functional unit, and shows the construction background, purpose, specialty, authority, reliability, innovation, value provided for a user and the like of the test evaluation system in a graphic form, so that the user can conveniently inquire and know the system function;
the test evaluation service introduction function unit displays related introduction information of various types of test evaluation services which can be provided by the test evaluation system in a list form and provides inquiry and selection for users;
the functional unit is introduced by the served enterprises, and information such as enterprise names, logo and the like which are served by the test evaluation system is displayed in the form of a dynamic rolling list, so that relevant inquiry is provided for users;
The consultation function unit specifically provides consultation questions in a targeted manner by combining specific industrial information network security test evaluation requirements of users, and the proposed questions are informed to a system administrator to answer in a message form;
the module is user-oriented, provides a system instruction manual downloading function, and helps a user to quickly master the operation method of the system;
the contact function unit is used for displaying the communication address, the postal code, the fixed telephone, the fax and the electronic mailbox information of a professional institution providing the industrial information network security test evaluation service, so that a user can contact the test evaluation service institution to feed back the information such as specific problems in the test evaluation process;
the evaluation application module comprises a user registration function unit, a user login function unit and an evaluation application function unit;
a user registration function unit, the unit being user, for providing a user registration function;
the user login function unit is used for verifying user login information, and after verification is passed, the user can use the relevant operation of the test evaluation system;
the evaluation application functional unit is used for specifically introducing various test evaluation services displayed by the functional unit according to the test evaluation service of the portal display module, selecting specific test evaluation services according to actual service requirements, filling in detailed evaluation requirements, submitting a test application, and starting an evaluation execution module after submitting the test application;
The evaluation execution module comprises an evaluation application auditing function unit, an evaluation order implementation function unit and an evaluation order statistics management function unit;
the evaluation application auditing function unit is oriented to an evaluation supervisor and is used for auditing the evaluation requirement according to the evaluation application submitted by the user and generating an evaluation order for the evaluation application passing the auditing; for the evaluation application which is not passed by the auditing, canceling the evaluation application or notifying the user to modify the evaluation application, and feeding the auditing result back to the user in the form of a message;
the test order implementation functional unit specifically comprises: for the checking orders which pass the checking and are not subjected to the checking, the checking and evaluating supervisor sequentially distributes the checking and evaluating personnel according to the submitting time sequence and the checking and evaluating requirement information of each order, and by combining the professional direction of each checking and evaluating personnel, the number of the currently implemented orders and the experience value, the checking and evaluating personnel are comprehensively considered; after the allocation of the evaluation orders is completed, notifying the evaluation specialists in the form of messages; for the distributed to-be-evaluated orders, the evaluation personnel sequentially analyzes the evaluation requirements according to the submitting time sequence of each to-be-evaluated order, and invokes corresponding evaluation tools according to the specific evaluation flow and steps in the operation instruction of the corresponding evaluation scheme to implement the evaluation in an on-line or off-line mode;
The evaluation order statistics management function unit displays the information of each evaluation order in a list form, wherein the evaluation order information comprises enterprise names, contacts, contact phones, order placing time, evaluation requirements and corresponding evaluation scheme names; counting and giving out the number of evaluation applications to be audited; counting and giving out the number of the evaluation orders to be evaluated; displaying the number of newly increased evaluation orders and the number of completed evaluation orders in each month in a period of about 12 months in a form of a line diagram;
the evaluation scheme library module comprises a standard compliance evaluation scheme library functional unit and a professional evaluation scheme library functional unit;
the standard compliance assessment scheme library function unit is used for storing standard compliance assessment schemes, including standard compliance assessment schemes which are solidified into the system during system design, and standard compliance assessment schemes which can be customized through an assessment scheme customization module according to actual demands of users;
the professional evaluation scheme library functional unit is used for storing professional evaluation schemes, including professional evaluation schemes which are solidified into the system during system design, and professional evaluation schemes customized by an evaluation scheme customization module according to actual demands of users;
The evaluation scheme customization module comprises a new evaluation scheme functional unit, a release evaluation scheme functional unit, a sequencing evaluation scheme functional unit and a deletion evaluation scheme functional unit;
the new evaluation scheme functional unit is used for creating an industrial control information network security evaluation scheme, inputting the name, evaluation basis, evaluation details, evaluation flow and evaluation operation instruction of the evaluation scheme, adding an evaluation report template, and associating related evaluation tools by using an evaluation tool integration module; storing the newly added evaluation scheme into an evaluation scheme library;
the issuing evaluation scheme functional unit is used for issuing the names and evaluation bases of the established evaluation schemes in the evaluation scheme library to the test evaluation service introduction functional unit of the portal display module for the user to inquire and select; according to the requirement, canceling the testing and evaluating service of the portal display module to introduce the content of a certain published evaluating scheme in the functional unit.
The sequencing evaluation scheme functional unit is used for modifying the sequence of the established evaluation schemes in the evaluation scheme library according to the actual market demands of the industrial control industry and the business capacity of the evaluation mechanism, and automatically updating the sequence to the test evaluation service introduction functional unit of the portal display module for users to inquire and select for use;
The test evaluation scheme deleting functional unit is used for deleting an established evaluation scheme in the evaluation scheme library according to the actual market demand of the industrial control industry and automatically updating the test evaluation service introduction functional unit of the portal display module;
the evaluation tool integration module comprises an on-line evaluation tool integration functional unit and an off-line evaluation tool integration functional unit;
the on-line evaluation tool integration function unit provides an integration interface of the on-line evaluation tool for the industrial control information network security of different types, and provides corresponding on-line evaluation tool integration for the evaluation scheme in the evaluation scheme library module and the evaluation scheme customization module;
the off-line evaluation tool integration function unit provides an integration interface for other industrial control information network safety evaluation tools which cannot carry out on-line evaluation, and provides corresponding off-line evaluation tool integration for the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module;
the personal information management module comprises a registration information management function unit and an evaluation application management function unit;
the registration information management function unit displays basic information of registered users in the form of a table, wherein the basic information comprises enterprise names, areas, industries, enterprise business licenses and contact ways; the user can change the login password, so that the security of the account is improved;
The evaluation application management functional unit comprises an evaluation application checking sub-functional unit, an evaluation application canceling sub-functional unit, an evaluation information supplementing sub-functional unit and an evaluation report management sub-functional unit; the evaluation application checking sub-function unit displays the submitted evaluation application information of the user in the form of a table, wherein the evaluation application information comprises: an evaluation application name, an evaluation requirement and an evaluation contact phone; and for each evaluation application, displaying the current progress condition in a flow chart form, and providing real-time inquiry for a user. The specific stages of the progress flow comprise: application submission, application audit, order testing and order completion; the evaluation application cancellation sub-functional unit specifically comprises: the user can cancel the submitted evaluation application according to the requirement; the evaluation information supplementing sub-functional unit specifically comprises: the user perfects the related information required by the submitted evaluation application according to the feedback information of the evaluation application auditing function unit; the evaluation report management sub-functional unit is used for a user to check or download an evaluation report corresponding to the evaluation application of which the test is completed;
the system management module comprises a user management function unit, an evaluation personnel management function unit and a log management function unit;
A user management function unit for auditing the user information registered to use the system; presenting user information registered for use of the system in the form of a list, the user information including: enterprise name, contact, and registration time; managing users registered to use the system, wherein specific operations include deletion, deactivation and activation; counting the number of newly registered users; in the form of a bar graph, the statistics of the number of users logging in the system and the statistics of the number of newly added users in a period of about 12 months are shown; displaying untreated and treated user consultation information in a list form;
the evaluation personnel management function unit displays the existing evaluation personnel information in a list form; the system is used for managing the evaluation personnel with different roles; the roles of the evaluation personnel include: the specific management operations comprise: new creation, modification and deletion;
the log management function unit displays the operation log and the login log of the system in a list form for a system administrator to inquire, so as to realize the event recording and tracing functions of the system.
Example 3 of the present invention: the system comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module;
The portal display module comprises a system integral introduction function unit, a test evaluation service introduction function unit, a served enterprise introduction function unit, a consultation function unit, a use description function unit and a contact us function unit;
the system integrally introduces a functional unit, and shows the construction background, purpose, specialty, authority, reliability, innovation, value provided for a user and the like of the test evaluation system in a graphic form, so that the user can conveniently inquire and know the system function;
the test evaluation service introduction function unit displays related introduction information of various types of test evaluation services which can be provided by the test evaluation system in a list form and provides inquiry and selection for users;
the functional unit is introduced by the served enterprises, and information such as enterprise names, logo and the like which are served by the test evaluation system is displayed in the form of a dynamic rolling list, so that relevant inquiry is provided for users;
the consultation function unit specifically provides a consultation problem in a targeted manner by combining a user with a specific industrial information network security test evaluation requirement, and the provided consultation problem is informed to a system administrator to answer in a message form;
the module is user-oriented, provides a system instruction manual downloading function, and helps a user to quickly master the operation method of the system;
The contact function unit is used for displaying the communication address, the postal code, the fixed telephone, the fax and the electronic mailbox information of a professional institution providing the industrial information network security test evaluation service, so that a user can contact the test evaluation service institution to feed back the information such as specific problems in the test evaluation process;
the evaluation application module comprises a user registration function unit, a user login function unit and an evaluation application function unit;
a user registration function unit, the unit being user-oriented and configured to provide a user registration function;
the user login function unit is used for verifying user login information and verifying related operation of the test evaluation system after passing through a user;
the evaluation application functional unit is used for specifically introducing various test evaluation services displayed by the functional unit according to the test evaluation service of the portal display module, selecting specific test evaluation services according to actual service requirements, filling in detailed evaluation requirements, submitting a test application, and starting an evaluation execution module after submitting the test application;
the evaluation execution module comprises an evaluation application auditing function unit, an evaluation order implementation function unit and an evaluation order statistics management function unit;
The evaluation application auditing function unit is oriented to an evaluation supervisor and is used for auditing the evaluation requirement according to the evaluation application submitted by the user and generating an evaluation order for the evaluation application passing the auditing; for the evaluation application which is not passed by the auditing, canceling the evaluation application or notifying the user to modify the evaluation application, and feeding the auditing result back to the user in the form of a message;
the test order implementation functional unit specifically comprises: notifying an evaluation specialist in the form of a message for an evaluation order to be evaluated; and the evaluation staff implements each evaluation task in the evaluation order in an on-line or off-line mode according to the specific evaluation flow and steps and the operation instruction of the corresponding evaluation scheme in the evaluation order. It should be noted that, each standard compliance assessment scheme and standard compliance judgment criterion are independently developed by the assessment organization by referring to the international advanced industrial safety test method and combining with the national engineering practice experience, and meet the requirements of the ISO9001 quality management system, and are constantly optimized and adjusted.
If the evaluation order is an IEC 62443-2-4 standard compliance evaluation, the evaluation personnel develop an evaluation on the basis of specific information of an object to be tested in a user evaluation application according to an IEC 62443-2-4 standard compliance evaluation operation instruction book which is related in an evaluation scheme, is independently developed by an evaluation mechanism based on engineering practice experience and meets the requirements of an ISO9001 quality management system, and the specific evaluation steps are as follows:
1) "solution personnel configuration" evaluation. According to the research table of 'solution personnel configuration' in IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the compliance of an industrial automation control system service provider in terms of distributing personnel to relevant activities of an automation solution by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, collecting compliance proving materials in terms of 'solution personnel configuration', and giving evaluation results (compliance, non-compliance and inapplicability) in terms of 'solution personnel configuration';
2) "warranty" assessment. According to the 'guarantee' investigation table in the 'IEC 62443-2-4 standard compliance assessment operation instruction book', based on the information in the user evaluation application, the actual current situation and the compliance situation of the 'guarantee automation solution security policy forced implementation' aspect are evaluated by the on-line/off-line combination mode of document auditing, personnel interviewing, on-site checking and the like, compliance proving materials in the 'guarantee' aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) in the 'guarantee' aspect is given;
3) "architecture" assessment. According to the ' architecture ' investigation form in the ' IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual situation and the compliance of the ' automated solution design ' aspect are evaluated by means of online/offline combination of document auditing, personnel interviews, site checking and the like, compliance proving materials in the ' architecture ' aspect are collected, and the evaluation results (compliance, non-compliance and inapplicability) in the ' architecture ' aspect are given;
4) "wireless" assessment. According to the ' wireless ' investigation table in the ' IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of the ' wireless ' aspect are evaluated by the combination of online/offline mode such as document auditing, personnel interviews and field checking, and the ' wireless ' aspect compliance proving materials are collected, and the ' wireless ' aspect evaluation results (compliance, non-compliance and inapplicability) are given;
5) "SIS evaluation". According to an ' SIS ' investigation form in an ' IEC 62443-2-4 standard compliance assessment operation instruction, based on information in user evaluation application, evaluating the actual current situation and compliance of an ' integrated SIS (safety instrument system) aspect in an automatic solution ' through an on-line/off-line combination mode of document auditing, personnel interviewing, site checking and the like, collecting compliance proving materials in the ' SIS ' aspect, and giving an evaluation result (compliance, non-compliance and inapplicability) in the ' SIS ' aspect;
6) "configuration management" evaluation. According to the ' configuration management ' investigation form in the ' IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of the ' automatic solution configuration control ' aspect are evaluated by the on-line/off-line combination mode of document auditing, personnel interviewing, site checking and the like, compliance proving materials of the ' configuration management ' aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) of the ' configuration management ' aspect is given;
7) "remote access" assessment. According to the remote access investigation table in IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of the remote access aspect of the automated solution are evaluated by the on-line/off-line combination mode of document auditing, personnel interviewing, site checking and the like, compliance proving materials of the remote access aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) of the remote access aspect is given;
8) "event management" evaluation. According to an ' event management ' investigation table in an ' IEC 62443-2-4 standard compliance assessment operation instruction, based on information in user evaluation application, evaluating the actual current situation and compliance situation of an ' event processing ' aspect in an automatic solution by means of online/offline combination of document auditing, personnel interviews, field checking and the like, collecting compliance proving materials of the ' event management ' aspect, and giving evaluation results (compliance, non-compliance and inapplicability) of the ' event management ' aspect;
9) An "account management" assessment. According to an ' account management ' investigation table in an ' IEC 62443-2-4 standard compliance assessment operation instruction, based on information in user evaluation application, evaluating actual current situation and compliance situation of personnel account management in an ' automatic solution ' through an online/offline combination mode of document auditing, personnel interviewing, field checking and the like, collecting compliance proving materials in the ' account management ' aspect, and giving evaluation results (compliance, non-compliance and inapplicability) in the ' account management ' aspect;
10 A) "malware protection" evaluation. According to the research table of 'malicious software protection' in the IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of 'using malicious software in an automatic solution' aspect are evaluated by combining online/offline modes of document auditing, personnel interviewing, field checking and the like, compliance proving materials of 'malicious software protection' aspect are collected, and the evaluation results (compliance, non-compliance and inapplicability) of 'malicious software protection' aspect are given;
11 A) patch management evaluation. According to the ' patch management ' investigation form in the ' IEC 62443-2-4 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of the ' safety of approval and installation of the software patch ' aspect are evaluated by the on-line/off-line combination mode of document auditing, personnel interviewing, site checking and the like, compliance proving materials of the ' patch management ' aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) of the ' patch management ' aspect is given;
12 A) backup/restore assessment. According to the research table of backup/recovery in the IEC 62443-2-4 standard compliance assessment operation instruction, based on the information of the user in the evaluation application, the actual current situation and the compliance situation of the backup and recovery safety aspect are evaluated by the combination of online/offline mode of document auditing, personnel interviewing, site checking and the like, compliance proving materials of the backup/recovery aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) of the backup/recovery aspect is given;
13 Based on the evaluation results of the above items, summarizing and sorting to obtain the overall compliance evaluation of IEC 62443-2-4 standard;
14 Generating an assessment report;
15 In the form of a message informing the user to view the assessment report.
If the evaluation order is an IEC 62443-3-3 standard compliance evaluation, the evaluation personnel develop an evaluation on the basis of specific information of an object to be tested in a user evaluation application according to an IEC 62443-3-3 standard compliance evaluation operation instruction book which is related in an evaluation scheme, is independently developed by an evaluation mechanism based on engineering practice experience and meets the requirement of an ISO9001 quality management system, and the specific evaluation steps are as follows:
1) "identification and authentication control" evaluation. According to the research table of identification and authentication control in IEC 62443-3 standard compliance assessment operation instruction, based on the information in user evaluation application, the actual status quo and compliance of all users are evaluated by means of online/offline combination of document auditing, personnel interviewing, site checking and the like before the access control system is allowed, compliance proving materials in identification and authentication control are collected, and the evaluation results (compliance, non-compliance and inapplicability) in identification and authentication control are given;
2) "usage control" assessment. According to the ' use control ' investigation form in the ' IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in the user evaluation application, evaluating the ' to the authenticated user by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, forcibly assigning rights to execute required actions in an industrial automation control system, monitoring the actual status and compliance of the use aspects of the rights ', collecting compliance proving materials in the ' use control ' aspect, and giving evaluation results (compliance, non-compliance and inapplicability) in the ' use control ' aspect;
3) "System integrity" assessment. According to the system integrity investigation table in IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the actual status quo and compliance conditions in terms of ensuring the integrity of an industrial control system and preventing unauthorized operation by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, collecting compliance proving materials in terms of system integrity and giving evaluation results (compliance, non-compliance and inapplicability) in terms of system integrity;
4) "data confidentiality" evaluation. According to the data confidentiality investigation form in IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the information confidentiality of a communication channel and a data warehouse in a mode of combining online/offline document auditing, personnel interviewing, field checking and the like, preventing the actual current situation and compliance of unauthorized disclosure, collecting compliance proving materials in the aspect of data confidentiality, and giving the evaluation result (compliance, non-compliance and inapplicability) in the aspect of data confidentiality;
5) "restricted data flow" evaluation. According to the research table of limited data flow in IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in user assessment application, the actual situation and the compliance situation of limiting unnecessary data flow by dividing a control system through areas and pipelines are assessed by combining on-line/off-line modes such as document auditing, personnel interviewing and on-site checking, and compliance proving materials of limited data flow are collected to give assessment results (compliance, non-compliance and inapplicability) of limited data flow;
6) "timely response to event" evaluation. According to the research table of 'timely response to an event' in the IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in the user evaluation application, the on-line/off-line combination mode of document auditing, personnel interviewing, site checking and the like is used for evaluating 'when an accident is found, the response to the security violation comprises informing a right department, reporting the required security violation, timely taking the actual current situation and the coincidence condition of the correction measure' aspect, collecting the compliance proving material of the 'timely response to the event' aspect, and giving the evaluation result (coincidence, non-coincidence and inapplicability) of the 'timely response to the event' aspect;
7) "resource availability" assessment. According to the resource availability research table in IEC 62443-3-3 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the availability of a control system by means of online/offline combination of document auditing, personnel interviewing, site checking and the like so as to cope with the actual current situation and compliance situation of basic service degradation or refused, collecting compliance proving materials in the aspect of resource availability, and giving evaluation results (compliance, non-compliance and inapplicability) in the aspect of resource availability;
8) The information security level SL is evaluated. Based on the evaluation results of the above items, statistics and summarization are carried out to obtain an evaluation conclusion of the information security level SL;
9) Generating an evaluation report;
10 In the form of a message informing the user to view the assessment report.
If the evaluation order is an IEC 62443-4-1 standard compliance evaluation, the evaluation personnel evaluates the Maturity Level (ML) of the safety development life cycle of the industrial control product in an on-line/off-line combined mode based on specific objects to be tested in a user evaluation application according to an IEC 62443-4-1 standard compliance evaluation operation instruction book which is related in an evaluation scheme and is independently researched and developed by an evaluation mechanism based on engineering practice experience and meets the requirement of an ISO9001 quality management system, wherein the specific evaluation steps are as follows:
1) "Security management" assessment. According to the ' safety management ' investigation form in the ' IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual situation and the compliance situation of ' ensuring that the activities related to the information safety are fully planned, documented and executed ' in the life cycle of the whole product are evaluated by combining the online/offline mode of document auditing, personnel interview, site checking and the like, and the compliance proving material in the ' safety management ' aspect is collected to give the evaluation result (compliance, non-compliance and inapplicability) in the ' safety management ' aspect;
2) "safety requirement Specification" assessment. According to the research table of 'safety requirement specification' in IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in user evaluation application, the actual situation and compliance of 'information safety capability required by documented products and expected product safety context' are evaluated by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, compliance proving materials of 'safety requirement specification' are collected, and evaluation results (compliance, non-compliance and inapplicability) of 'safety requirement specification' are given;
3) "safety design" evaluation. According to the 'safety design' investigation form in the 'IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual situation and the compliance of the' safety design 'aspect of ensuring that a product adopts the safety design comprising deep protection' are evaluated by combining the on-line/off-line modes of document auditing, personnel interviewing, site checking and the like, and compliance proving materials in the 'safety design' aspect are collected to give the evaluation results (compliance, non-compliance and inapplicability) in the 'safety design' aspect;
4) "safe enforcement" evaluation. According to the research table of safety requirement specification in IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in user evaluation application, the actual current situation and compliance of the aspect of ensuring the safe implementation of the product function are evaluated by combining on-line/off-line modes of document auditing, personnel interviewing, site checking and the like, compliance proving materials of the aspect of safety implementation are collected, and the evaluation result (compliance, non-compliance and inapplicability) of the aspect of safety implementation is given;
5) Information security verification and validation test evaluation. According to an information security verification and confirmation test investigation table in IEC 62443-4-1 standard compliance assessment operation instruction, based on information in user evaluation application, evaluating a security test required by documentation in an on-line/off-line combined mode such as document auditing, personnel interviewing and on-site checking so as to ensure that all security requirements of a product are met, collecting compliance proving materials in the aspect of information security verification and confirmation test, and giving an evaluation result (compliance, non-compliance and inapplicability) in the aspect of information security verification and confirmation test;
6) "safety-related problem management" evaluation. According to the research table of safety related problems in IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in user evaluation application, the actual situation and compliance of safety related problems of products which are configured to adopt deep defense strategies in the safety context of the processed products are evaluated in an online/offline combined mode of document auditing, personnel interviewing, site checking and the like, and compliance proving materials of safety related problems are collected to give evaluation results (compliance, non-compliance and inapplicability) of safety related problems management;
7) "secure update management" evaluation. According to the research table of 'safe update management' in the IEC 62443-4-1 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance situation of 'ensuring that the safe update related to the product passes the regression test and is timely provided for the user of the product' are evaluated by combining the online/offline mode of document auditing, personnel interview, site checking and the like, and the compliance proving material of 'safe update management' is collected to give the evaluation result (compliance, non-compliance and inapplicability) of 'safe update management';
8) "Security guidelines" evaluate. According to the research table of the safety guide in the IEC 62443-4-1 standard compliance assessment operation instruction, based on the information of the user in the evaluation application, the user document is assessed by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, and the document describes how to integrate, configure and maintain the actual current situation and the compliance situation of the aspect of the product's depth defense strategy ' according to the product's safety context, collect the compliance proving material of the aspect of the safety guide, and give the assessment result (compliance, non-compliance and inapplicability) of the aspect of the safety guide;
9) Based on the evaluation results of the above items, summarizing and sorting to give an overall compliance evaluation result of IEC 62443-4-1 standard;
10 Generating an assessment report;
11 In the form of a message informing the user to view the assessment report.
If the evaluation order is an IEC 62443-4-2 standard compliance evaluation, the evaluation personnel automatically develops the evaluation order according to the IEC 62443-4-2 standard compliance evaluation operation instruction book required by the ISO9001 quality management system according to engineering practice experience, which is related in the evaluation scheme, and performs evaluation on the basis of specific information of an object to be tested in a user evaluation application, and the information Security Level (SL) of the industrial control product is evaluated in an on-line/off-line combination mode. The specific evaluation steps are as follows:
1) "identification and authentication control" evaluation. According to the research table of identification and authentication control in IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in user evaluation application, the actual status quo and compliance of all users are evaluated in the aspects of identification and authentication before access is allowed by means of online/offline combination of document auditing, personnel interviews, site checking and the like, compliance proving materials in the aspects of identification and authentication control are collected, and the evaluation results (compliance, non-compliance and inapplicability) in the aspects of identification and authentication control are given;
2) "usage control" evaluation. According to the 'use control' investigation form in the 'IEC 62443-4-2 standard compliance assessment operation instruction, based on the information of the user in the evaluation application, the' authenticated user implements the assigned rights on the component in a combined mode of online/offline document auditing, personnel interviewing, site checking and the like, performs the required actions on the component and monitors the actual situation and compliance of the use aspects of the rights, collects the compliance proving material in the 'use control' aspect, and gives the evaluation result (compliance, non-compliance and inapplicability) in the 'use control' aspect; 2) System integrity evaluation. According to the system integrity investigation table in IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the actual status quo and compliance condition in terms of ensuring the integrity of the component to prevent unauthorized manipulation or modification by means of online/offline combination of document auditing, personnel interviewing, field checking and the like, collecting compliance proving materials in terms of system integrity, and giving evaluation results (compliance, non-compliance and inapplicability) in terms of system integrity;
3) "data confidentiality" evaluation. According to the data confidentiality investigation form in IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the actual current situation and compliance condition in terms of ensuring confidentiality of information in a communication channel and a database to prevent unauthorized leakage by means of online/offline combination of document auditing, personnel interviews, site checking and the like, collecting compliance proving materials in terms of data confidentiality, and giving evaluation results (compliance, non-compliance and inapplicability) in terms of data confidentiality;
4) "restricted data flow" evaluation. According to the research table of limited data flow in IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in user assessment application, the actual status and compliance of the aspects of 'partitioning a control system by areas and pipelines to prevent unnecessary data flow' are assessed by means of online/offline combination of document auditing, personnel interviews, site checking and the like, compliance proving materials in the aspect of limited data flow are collected, and assessment results (compliance, non-compliance and inapplicability) in the aspect of limited data flow are given;
5) A "timely response to event" evaluation. According to the research table of ' timely response to an event ' in the IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual situation and the compliance situation of the aspect of ' coping with the security violation by informing proper authorities, reporting evidence required by the violation and timely taking corrective measures when the event is found are assessed by means of online/offline combination of document auditing, personnel interviewing, site auditing and the like, compliance proving materials of ' timely response to the event ' are collected, and assessment results (compliance, non-compliance and inapplicability) of ' timely response to the event ' are given;
6) "resource availability" evaluation. According to the resource availability research table in IEC 62443-4-2 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the actual current situation and the compliance situation of the component in terms of preventing the degradation or refusing of key service by means of online/offline combination of document auditing, personnel interviewing, site checking and the like, collecting the compliance proving material in terms of resource availability, and giving the evaluation result (compliance, non-compliance and inapplicability) in terms of resource availability;
7) "software application requirements" evaluation. If the object to be tested is a software application, the software application shall provide the implementation of a security policy related to the application of the mobile code technology under the condition of the software application using the mobile code technology according to the research table of "software application requirement" in the IEC62443-4-2 standard compliance assessment operation instruction, based on the information of the user in the evaluation application, through the on-line/off-line combination mode of document auditing, personnel interviewing, on-site auditing, etc., and the software application shall provide the implementation of a security policy related to the application of the mobile code technology, the software application product provider shall identify and document which malicious code protection mechanisms are compatible with the application program, and the practical status and compliance condition of any special configuration requirement aspect shall be noted, the compliance proving material of the software application requirement aspect shall be collected, and the evaluation result (compliance, non-compliance and inapplicability) of the software application requirement aspect shall be given;
8) "embedded device requirements" evaluation. If the tested object is embedded equipment, the method also needs to evaluate the mobile code, use a physical diagnosis and test interface, malicious code protection, support update, physical anti-destruction and detection, prepare a product provider trust root, prepare an asset owner trust root, and prepare an actual situation and a coincidence condition in terms of the integrity of a starting process according to an investigation table of the requirement of the embedded equipment in the IEC62443-4-2 standard compliance assessment operation instruction, collect compliance proving materials in terms of the requirement of the embedded equipment based on information in a user evaluation application, and give evaluation results (coincidence, non-coincidence and inapplicability) in terms of the requirement of the embedded equipment by combining on-line/off-line of document auditing, personnel interview and on-line checking;
9) The "host device requires" an evaluation. If the tested object is host equipment, the method also needs to evaluate the mobile code, the physical diagnosis and test interface, the malicious code protection, the support update, the physical anti-destruction and detection, the trust root of the provisioning product provider, the trust root of the provisioning asset owner and the actual status and the compliance condition in terms of the integrity of the starting process according to the investigation table of the host equipment requirement in the IEC62443-4-2 standard compliance assessment operation instruction, based on the information of the information in the user evaluation application, by means of the combination of on-line/off-line of document auditing, personnel interview, site auditing and the like, and collect the compliance proving material in terms of the host equipment requirement to give the evaluation result (compliance, non-compliance and inapplicability) in terms of the host equipment requirement;
10 A) the "network device requirements" evaluation. If the object to be tested is a network device, the actual situation and the coincidence condition in terms of "use control" investigation form in "IEC 62443-4-2 standard coincidence assessment operation instruction" are also required, based on the information in the user evaluation application, the coincidence proving material in terms of "network device requirement" is collected, and the evaluation result (coincidence, non-coincidence, inapplicability) in terms of "network device requirement" is given by the combination of on-line/off-line modes of document auditing, personnel interview, on-site checking, etc. of "wireless access management", "access through an untrusted network", "mobile code", "physical vandalism and detection", "provision of product vendor trust root", "provision of trust root of asset owner", "start-up process integrity", "zone boundary protection", "common purpose inter-person communication limitation";
11 Information security level SL evaluation of the component. Based on the evaluation results of the above items, summarizing statistics to obtain an information security level SL evaluation conclusion of the component;
12 Generating an assessment report;
13 In the form of a message informing the user to view the assessment report.
If the evaluation order is a GB/T30976.1 standard compliance evaluation, the evaluation personnel evaluates the management Level (management Level, ML) and the system capacity Level (capacity Level, CL) of the industrial control system (such as SCADA, DCS, PLC, PCS and the like) of the user in an on-line/off-line combined manner based on specific information of the object to be tested in the user evaluation application according to the GB/T30976.1 standard compliance evaluation operation instruction required by the quality management system of the ISO9001, which is related in the evaluation scheme and is independently developed by the evaluation mechanism based on engineering practice experience, thereby comprehensively evaluating and giving the information Security Level (Security Level, SL) of the system. The specific evaluation steps are as follows:
1) Management level ML evaluation. According to the "management level ML" investigation form in the "GB/T30976.1 standard compliance assessment operation instruction book", based on the information in the user evaluation application, the actual status quo and compliance conditions in terms of "security policy, information security organization, asset management, human resource security, physical and environmental security, communication and operation security, access control, information system acquisition/development/maintenance, information security event management, business continuity management, compliance" are assessed by means of on-line/off-line combination of document auditing, personnel interview, site auditing and the like, and compliance proving materials in terms of "management level ML" are collected, and assessment results (compliance, non-compliance, inapplicability) in terms of "management level ML" are given;
2) System capability level CL evaluation. According to the system capability level CL investigation table in GB/T30976.1 standard compliance assessment operation instruction, based on the information in user evaluation application, evaluating the actual status and coincidence condition of identification and authentication control, use control, system integrity, data confidentiality, limited data flow, timely response to event and resource availability by means of online/offline combination of document audit, personnel interview, field check and the like, collecting compliance proving materials in the aspect of system capability level CL, and giving evaluation results (coincidence, non-coincidence and inapplicability) in the aspect of system capability level CL;
3) The information security level SL is evaluated. Based on the evaluation results of the above items, a matrix method is adopted to obtain the information security level SL of the measured object;
4) Generating an evaluation report;
5) In the form of a message, the user is notified to view the assessment report.
If the evaluation order is about the GB/T22239 standard compliance evaluation, the evaluation personnel evaluates the compliance of the safety protection capability levels of different levels of protection objects (basic information network, information system, cloud computing platform/system, big data platform/system, internet of things, industrial control system and the like) of the user in an on-line/off-line combined mode according to the compliance condition of the related GB/T22239 standard compliance evaluation, which is independently researched and developed by the evaluation mechanism based on engineering practice experience and meets the requirement of the ISO9001 quality management system, namely the GB/T22239 standard compliance evaluation operation instruction.
Referring to fig. 3, the specific evaluation steps are as follows:
1) "secure physical environment" assessment. According to the 'safe physical environment' investigation table in the 'GB/T22239 standard compliance assessment operation instruction book', based on the information in the user evaluation application, the actual status quo and the coincidence condition in the aspects of 'physical position selection, physical access control, theft prevention and damage prevention, lightning prevention, fire prevention, water prevention and moisture prevention, static prevention, temperature and humidity control, power supply and electromagnetic protection' are evaluated by a mode of combining on-line/off-line in document auditing, personnel interview, on-site checking and the like, compliance proving materials in the aspect of 'safe physical environment' are collected, and evaluation results (coincidence, non-coincidence and inapplicability) in the aspect of 'safe physical environment' are given;
2) A "secure communication network" assessment. According to the 'safety communication network' investigation form in the 'GB/T22239 standard compliance assessment operation instruction', based on the information in the user evaluation application, the actual current situation and the compliance situation in the aspects of 'network architecture, communication transmission and credibility verification' are evaluated in a mode of combining online/offline document auditing, personnel interviewing, field checking and the like, compliance proving materials in the aspect of 'safety communication network' are collected, and the evaluation result (compliance, non-compliance and inapplicability) in the aspect of 'safety communication network' is given;
3) "safe area boundary" assessment. According to the 'safe area boundary' investigation table in the 'GB/T22239 standard compliance assessment operation instruction book', based on the information in the user evaluation application, the actual status quo and compliance conditions in the aspects of 'boundary protection, access control, intrusion prevention, malicious code and junk mail prevention, safety audit and credibility verification' are evaluated in a mode of combining online/offline such as document audit, personnel interview and field check, and the compliance proving material in the aspect of 'safe area boundary' is collected to give the evaluation result (compliance, non-compliance and inapplicability) in the aspect of 'safe area boundary';
4) "secure computing environment" evaluation. According to the 'safe computing environment' investigation list in the 'GB/T22239 standard compliance assessment operation instruction book', based on the information in the user evaluation application, evaluating the actual status quo and coincidence conditions in aspects of 'identity authentication, access control, security audit, intrusion prevention, malicious code prevention, credibility verification, data integrity, data confidentiality, data backup recovery, residual information protection and personal information protection' through a mode of online/offline combination of document audit, personnel interview, field check and the like, collecting compliance proving materials in the aspect of 'safe computing environment', and giving evaluation results (coincidence, non-coincidence and inapplicability) in the aspect of 'safe computing environment';
5) The "security management center" evaluates. According to the 'safety management center' investigation table in the 'GB/T22239 standard compliance assessment operation instruction book', based on the information in the user evaluation application, the actual status quo and compliance conditions in the aspects of 'system management, audit management, safety management, centralized management and control' are evaluated by a mode of combining online/offline document audit, personnel interview, field check and the like, compliance proving materials in the aspect of 'safety management center' are collected, and evaluation results (compliance, non-compliance and inapplicability) in the aspect of 'safety management center' are given;
6) And (5) evaluating a safety management system. According to the ' safety management system ' investigation form in the ' GB/T22239 standard compliance assessment operation instruction, based on the information in the user evaluation application, the actual current situation and the compliance condition of the ' safety strategy, management system, review and revision ' aspect are evaluated in an online/offline combined mode through document review, personnel interview, field review and the like, compliance proving materials in the ' safety management system ' aspect are collected, and the evaluation result (compliance, non-compliance and inapplicability) in the ' safety management system ' aspect is given;
7) "Security administration" evaluation. According to the 'safety management institution' investigation table in the 'GB/T22239 standard compliance assessment operation instruction', based on the information in the user evaluation application, the actual status quo and compliance conditions in the aspects of 'post setting, personnel allocation, authorization and approval, communication and cooperation, auditing and inspection' are evaluated in a mode of combining online/offline of document auditing, personnel interviewing, field checking and the like, compliance proving materials in the aspect of 'safety management institution' are collected, and the evaluation results (compliance, non-compliance and inapplicability) in the aspect of 'safety management institution' are given;
8) "Security manager" assessment. According to the 'safety manager' investigation list in the 'GB/T22239 standard compliance assessment operation instruction', based on the information in the user evaluation application, the actual status quo and compliance conditions of 'personnel recording, personnel leaving post, safety consciousness education and training, external personnel access management' are evaluated by means of online/offline combination of document auditing, personnel interviewing, field checking and the like, and compliance proving materials of 'safety manager' are collected to give evaluation results (compliance, non-compliance and inapplicability) of 'safety manager';
9) And (5) evaluating safety construction management. According to the 'safe construction management' investigation form in the 'GB/T22239 standard compliance assessment operation instruction book', based on the information in the user evaluation application, the actual current situation and the compliance situation in the aspects of 'grading and recording, safety scheme design, product purchasing and use, self-running software development, outsourcing software development, engineering implementation, test acceptance, system delivery, grade assessment and service provider selection' are assessed by a mode of combining online/offline such as document auditing, personnel interviewing and field checking, and the compliance proving material in the aspect of 'safe construction management' is collected, and the assessment result (compliance, non-compliance and inapplicability) in the aspect of 'safe construction management' is given;
10 A) secure operation management assessment. According to the research table of 'safe operation and maintenance management' in the GB/T22239 standard compliance assessment operation instruction book, based on the information of the user in the evaluation application, evaluating 'environment management, asset management, medium management, equipment maintenance management, vulnerability and risk management, network and system safety management, malicious code prevention management, configuration management, password management, change management, backup and recovery management, safety event handling, emergency plan management and package operation and maintenance management' based on the information of the user in the evaluation application, collecting compliance proving materials of 'safe operation and maintenance management' and giving evaluation results (compliance, non-compliance and inapplicability) of 'safe operation and maintenance management';
11 A) cloud computing security extension requirements assessment. If the object to be tested is a cloud computing platform/system, the actual current situation and the coincidence condition of the aspects of ' safe physical environment, safe communication network, safe area boundary, safe computing environment, safe management center, safe construction management and safe operation and maintenance management ' are evaluated by a mode of combining online/offline in document auditing, personnel interviewing and site auditing based on information in user evaluation application according to ' cloud computing safe expansion requirement ' investigation table ' in ' GB/T22239 standard coincidence assessment operation instruction book ', and the coincidence proof materials of the aspects of ' cloud computing safe expansion requirement ' are collected, and the evaluation results (coincidence, non-coincidence and inapplicability) of the aspects of ' cloud computing safe expansion requirement ' are given;
12 A) mobile interconnect security extension requirements assessment. If the tested object is a system adopting a mobile interconnection technology, the actual situation and the coincidence condition of the aspects of 'safe physical environment, safe area boundary, safe computing environment, safe construction management and safe operation and maintenance management' are evaluated by a mode of combining online/offline in a document auditing mode, a personnel interviewing mode, a site auditing mode and the like based on information in a user evaluating application according to 'mobile interconnection safety expansion requirement' investigation list in 'GB/T22239 standard coincidence assessment operation instruction book', and the coincidence proving materials in the aspect of 'mobile interconnection safety expansion requirement' are collected, and the evaluation results (coincidence, non-coincidence and inapplicability) in the aspect of 'mobile interconnection safety expansion requirement' are given;
13 The "internet of things security extension requirement" evaluation. If the object to be tested is the Internet of things, the actual situation and the coincidence condition of the aspects of 'safe physical environment, safe area boundary, safe computing environment and safe operation and maintenance management' are evaluated according to the 'safe expansion requirement of the Internet of things' investigation table in the 'GB/T22239 standard coincidence assessment operation instruction', based on the information of the data in the user evaluation application, by means of online/offline combination of document auditing, personnel interview, site auditing and the like, the coincidence proving material of the aspect of 'safe expansion requirement of the Internet of things' is collected, and the evaluation result (coincidence, non-coincidence and inapplicability) of the aspect of 'safe expansion requirement of the Internet of things' is given;
14 "industrial control system safety extension requirements" evaluation. If the detected object is an industrial control system, the actual situation and the coincidence condition of the aspects of 'safe physical environment, safe area boundary, safe computing environment and safe operation and maintenance management' are evaluated according to the 'industrial control system safe expansion requirement' investigation table in the GB/T22239 standard coincidence assessment operation instruction, based on the information in the user evaluation application, by means of online/offline combination of document auditing, personnel interview and site auditing, the coincidence proving material of the aspect of 'industrial control system safe expansion requirement' is collected, and the evaluation result (coincidence, non-coincidence and inapplicability) of the aspect of 'industrial control system safe expansion requirement' is given;
15 Security assurance capability assessment). Based on the evaluation results, evaluating the security protection capability level of the tested object;
16 Generating an assessment report;
17 In the form of a message informing the user to view the assessment report.
If the evaluation order is about a communication robustness test, an evaluation technician performs a communication pressure test, a protocol robustness test, and an arches communication authentication certificate (level i or level ii) in an off-line form on the basis of the specific information of the object to be tested in the user evaluation application, in terms of an off-line form, on the user's embedded equipment (PLC, SIS controller, DCS controller, etc.), host equipment (engineer station, data server, HMI, etc.), network equipment (router, switch, gateway, etc.), etc.
Referring to fig. 4, the specific evaluation steps are as follows:
1) Integrating a communication robustness testing tool in the system through an off-line evaluating tool integrating functional unit of the evaluating tool integrating module;
2) According to the specific condition of the tested object, a physical test platform is set, and a test environment is configured;
3) Selecting a test item and configuring test parameters;
4) Performing a test;
5) After the assessment is finished, analyzing the test result and generating a report;
6) In the form of a message, the user is notified to view the assessment report.
If the evaluation order is about baseline check, the evaluation staff performs security baseline check evaluation on Windows operating system, linux operating system, database, etc. of the industrial control system in an on-line/off-line combined mode based on the specific information of the object to be tested in the user evaluation application according to baseline check evaluation operation instruction.
Referring to fig. 5, the specific evaluation steps are as follows:
1) Integrating a baseline checking tool in the system through an on-line/off-line evaluating tool integrating functional unit of the evaluating tool integrating module;
2) Connecting the tested object according to the IP address, the protocol and the port of the tested object in the user evaluation application;
3) Adding a baseline configuration evaluation task;
4) Performing evaluation;
5) After the assessment is finished, analyzing an assessment result and generating a report;
6) In the form of a message, the user is notified to view the assessment report.
If the evaluation order is about vulnerability scanning, the evaluation staff performs vulnerability scanning on industrial control equipment/protocols and the like in an off-line mode based on specific information of an object to be tested in a user evaluation application according to vulnerability scanning evaluation operation instruction, and based on a typical vulnerability library (CVE, CNVD, CNNVD).
Referring to fig. 6, the specific evaluation steps are as follows:
1) Integrating a vulnerability scanning tool in the system through an offline evaluation tool integration functional unit of the evaluation tool integration module;
2) Connecting the tested object according to the IP address information of the tested object in the user evaluation application;
3) Adding a detected industrial control asset and an industrial control vulnerability scanning task;
4) Executing a scanning task;
5) Analyzing a vulnerability scanning result after scanning is finished, and generating a report;
6) In the form of a message, the user is notified to view the assessment report.
If the evaluation order is about source code security audit, the evaluation personnel carries out security audit on the source code in an online mode according to the source code security audit operation instruction and based on the specific information of the object to be tested in the user evaluation application.
Referring to fig. 7, the specific evaluation steps are as follows:
1) Integrating an online source code security audit tool in the system through an online evaluation tool integration functional unit of an evaluation tool integration module;
2) Adding a source code file according to a source code file of a measured object in a user evaluation application;
3) Performing source code security audit;
4) After the source code security audit is finished, automatically generating a source code security audit report;
5) In the form of a message, the user is notified to view the assessment report.
If the evaluation order is about an industrial Internet platform test, the evaluation staff performs test service on the industrial Internet platform in an on-line mode according to the industrial Internet platform test operation instruction, based on specific information of the tested object in the user evaluation application.
Referring to fig. 8, the specific evaluation steps are as follows:
1) Integrating an industrial Internet platform testing tool in the system through an on-line evaluating tool integrating functional unit of the evaluating tool integrating module;
2) Based on the information of the tested object provided in the user evaluation application, executing an industrial Internet platform test;
3) After the test is finished, automatically generating a test report;
4) In the form of a message, the user is notified to view the assessment report.
The evaluation order statistics management function unit displays the information of each evaluation order in a list form, wherein the evaluation order information comprises enterprise names, contacts, contact phones, order placing time, evaluation requirements and corresponding evaluation scheme names; counting and giving out the number of evaluation applications to be audited; counting and giving out the number of the evaluation orders to be evaluated; displaying the number of newly increased evaluation orders and the number of completed evaluation orders in each month in a period of about 12 months in a form of a line diagram;
The evaluation scheme library module comprises a standard compliance evaluation scheme library functional unit and a professional evaluation scheme library functional unit;
the standard compliance assessment scheme library function unit is used for storing standard compliance assessment schemes, wherein the standard compliance assessment schemes comprise standard compliance assessment schemes which are solidified into a system during system design, and standard compliance assessment schemes which can be customized through an assessment scheme customization module according to actual requirements of users.
The standard compliance assessment scheme that has been cured into the system at system design time includes: IEC62443-2-4 safety part 2-4 of Industrial Automation and control System: IACS service provider's safety program requirement "standard compliance assessment scheme, IEC 62443-3-3" industrial communication network and System safety requirement and safety class "standard compliance assessment scheme, IEC 62443-4-1" Industrial Automation and control System information safety part 4-1: product safety development lifecycle requirements standard compliance assessment scheme, IEC 62443-4-2 part 4-2 of Industrial Automation and control System safety: IACS component safety technical requirement standard compliance assessment scheme, GB/T30976.1 industrial control system information safety part 1, assessment Specification standard compliance assessment scheme and GB/T22239 basic information safety technical network safety level protection requirement standard compliance assessment scheme:
And the professional evaluation scheme library functional unit is used for storing professional evaluation schemes, wherein the professional evaluation schemes comprise professional evaluation schemes which are solidified into the system during system design, and professional evaluation schemes customized through an evaluation scheme customization module according to the actual demands of users. The professional evaluation scheme which has been solidified into the system at the time of system design includes: communication robustness test scheme, baseline check evaluation scheme, vulnerability scanning evaluation scheme, source code security audit scheme, industrial internet platform test scheme:
the evaluation scheme customization module comprises a new evaluation scheme functional unit, a release evaluation scheme functional unit, a sequencing evaluation scheme functional unit and a deletion evaluation scheme functional unit;
the new evaluation scheme functional unit is used for creating an industrial control information network security evaluation scheme, inputting the name, evaluation basis, evaluation details, evaluation flow and evaluation operation instruction of the evaluation scheme, adding an evaluation report template, associating related evaluation tools by using an evaluation tool integration module, and storing the new evaluation scheme into an evaluation scheme library;
the issuing evaluation scheme functional unit is used for issuing the names and the evaluation basis of the evaluation schemes in the established evaluation schemes in the evaluation scheme library to the test evaluation service introduction functional unit of the portal display module for the user to inquire and select; cancelling the content of a certain published evaluation scheme in the test evaluation service introduction functional unit of the portal display module according to the requirement;
The sequencing evaluation scheme functional unit is used for modifying the sequence of the established evaluation schemes in the evaluation scheme library according to the actual market demands of the industrial control industry and the business capacity of the evaluation mechanism, and automatically updating the sequence to the test evaluation service introduction functional unit of the portal display module for users to inquire and select for use;
the test evaluation scheme deleting functional unit is used for deleting an established evaluation scheme in the evaluation scheme library according to the actual market demand of the industrial control industry and automatically updating the test evaluation service introduction functional unit of the portal display module;
the evaluation tool integration module comprises an on-line evaluation tool integration functional unit and an off-line evaluation tool integration functional unit;
the on-line evaluation tool integration function unit provides an integration interface of the on-line evaluation tool for the industrial control information network security of different types, and provides corresponding on-line evaluation tool integration for the evaluation scheme in the evaluation scheme library module and the evaluation scheme customization module;
the off-line evaluation tool integration function unit provides an integration interface for other industrial control information network safety evaluation tools which cannot carry out on-line evaluation, and provides corresponding off-line evaluation tool integration for the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module;
The personal information management module comprises a user information management function unit and an evaluation order management function unit;
the user information management function unit displays basic information of registered users in the form of a table, wherein the basic information comprises enterprise names, areas, industries, enterprise business licenses and contact ways; the user can change the login password, so that the security of the account is improved;
the evaluation order management functional unit comprises an evaluation order checking sub-functional unit, an evaluation order canceling sub-functional unit, an evaluation information supplementing sub-functional unit and an evaluation report management sub-functional unit; the evaluation order checking sub-functional unit displays the submitted evaluation application order information of the user in the form of a table, wherein the evaluation application order information comprises: the method comprises the steps of evaluating order names, evaluating demand information and evaluating contact person information; for each order, the current progress condition of the order is displayed in a flow chart form, and the specific stages of the progress flow comprise: order submission, order initial review, order approval, order testing and order completion, providing real-time query for users; the evaluation order cancellation sub-functional unit specifically comprises: the user can cancel the submitted evaluation order according to the requirement; the evaluation information supplementing sub-functional unit specifically comprises: the user perfects the related information required by the submitted evaluation application according to the requirements of the evaluation mechanism and the feedback information of the initial examination of the order; the evaluation report management sub-functional unit is used for a user to check or download an evaluation report corresponding to the completed evaluation application order;
The system management module comprises a user management function unit, an evaluation engineer management function unit and a log management function unit;
a user management function unit for auditing the user information registered to use the system; presenting user information registered for use of the system in the form of a list, the user information including: enterprise name, contact, and registration time; the specific operations of the users registered to use the system are deleted, deactivated and activated; counting the number of newly registered users; in the form of a histogram, the statistics of the number of logged-in users and the statistics of the number of newly added users in a period of about 12 months are displayed; displaying untreated and treated user consultation information in a list form;
the evaluation engineer management function unit displays the existing evaluation engineer information in a list form; an assessment engineer for managing and maintaining the development of the assessment service; the role of the evaluation engineer includes: the specific management operations include: new creation, modification and deletion;
the log management function unit displays the operation log and the login log of the system in a list form for the administrator of the system to inquire, and realizes the event recording and tracing functions of the system.
The working principle of one embodiment of the invention is as follows: the user checks the test evaluation service in the management system through the portal display module, the application is required to be submitted for the selected test evaluation service, then the user enters the evaluation application module, firstly, the user fills in registration information to register, the user can apply for the selected test evaluation service and submit the registration information after checking, the system checks the received evaluation application, an evaluation order is generated after checking, the evaluation order is transmitted to the evaluation execution module to be executed, an evaluation manager is required to allocate an evaluation specialized person to perform evaluation operation during the period, and an evaluation report is generated and fed back to the user after the execution of the evaluation execution module is finished; the user can check the evaluation report through the personal information management module, and the detailed workflow is shown in fig. 2;
a system administrator can newly establish an industrial information network security evaluation scheme through an evaluation scheme customizing module, input the name, the evaluation basis, the evaluation details, the evaluation flow and the evaluation operation instruction of the evaluation scheme, add an evaluation report template, associate related evaluation tools by using an evaluation tool integrating module, and store the newly added evaluation scheme into an evaluation scheme library; a system manager manages users, evaluation personnel and system logs through a system management module;
Each standard compliance assessment scheme and each standard compliance judgment criterion are independently researched and developed by an assessment organization by referring to an international advanced industrial safety test method and combining with domestic engineering practice experience, and meet the requirements of an ISO9001 quality management system, and are continuously optimized and adjusted.
For each order which is not subjected to evaluation, an evaluation supervisor can sequentially allocate the evaluation personnel according to the submitting time sequence and the evaluation demand information of each order and by combining the professional direction of each evaluation personnel, the number of the currently-implemented orders and the experience value;
the evaluation tool integration module in the system can provide an evaluation tool integration interface for an evaluation scheme, and realizes integration of industrial information network security test evaluation tools such as a communication robustness test tool, a baseline checking tool, a vulnerability scanning tool, a source code security audit tool, an industrial Internet platform test tool and the like which are outside the system and can carry out online/offline test.

Claims (9)

1. The industrial information network security test evaluation system is characterized in that the management system is based on a browser/server architecture and comprises a portal display module, an evaluation application module, an evaluation execution module, an evaluation scheme library module, an evaluation scheme customization module, an evaluation tool integration module, a personal information management module and a system management module;
The portal display module is used for displaying the industrial information network security test evaluation system; the evaluation application module is user-oriented and is used for submitting an industrial information network security test evaluation application; the evaluation execution module is used for evaluating an industrial information network security test evaluation application proposed by a user and generating an evaluation report; the evaluation scheme library module is used for storing an industrial information network security test evaluation scheme; the system administrator-oriented evaluation scheme customizing module is used for dynamically managing and customizing the industrial control information network security evaluation scheme in the evaluation scheme library according to the actual requirements of industrial control industry network security test evaluation; the evaluation tool integration module is used for providing a tool integration interface for other external industrial control information network security evaluation tools and integrating the external industrial control information network security evaluation tools with the system; the personal information management module is user-oriented and is used for managing the registration information of the user and managing the proposed industrial information network security test evaluation application; the system management module is oriented to a system administrator and is used for managing users, evaluation personnel and system logs.
2. The industrial information network security test and assessment system according to claim 1, wherein the portal presentation module comprises a system overall description function unit, a test and assessment service description function unit, a served enterprise description function unit, a consultation function unit, a description of use function unit and a contact us function unit;
the system integrally introduces a functional unit, and shows the construction background, purpose, professionality, authority, reliability and innovation of the test evaluation system, the value provided for a user and the like in the form of pictures and texts, so that the user can conveniently inquire and know the system function;
the test evaluation service introduction function unit displays introduction information of different types of test evaluation services which can be provided by the test evaluation system in a list form, and provides inquiry and selection for users;
the functional unit is introduced by the served enterprises, displays the names and Logo information of the enterprises served by the test evaluation system in the form of a dynamic rolling list, and provides related queries for users;
the consultation function unit is user-oriented, and specifically provides a consultation problem in a targeted manner by combining the actual industrial information network security test evaluation requirement of the user; the proposed consultation questions are informed to the system administrator to answer in the form of messages;
The usage instruction function unit is user-oriented, provides a system usage instruction manual downloading function, and helps a user to quickly master the operation method of the system;
the contact us functional unit is used for displaying the communication address, the postal code, the fixed telephone, the fax and the electronic mailbox information of the mechanism for providing the industrial information network security test evaluation service, so that the user can contact the test evaluation service mechanism conveniently.
3. The industrial information network security test and evaluation system according to claim 1, wherein the evaluation application module comprises a user registration function unit, a user login function unit, and an evaluation application function unit;
the user registration function unit is user-oriented and is used for providing a user registration function;
the user login function unit is used for verifying user login information, and after verification, a user can use related operation of the system;
the evaluation application functional unit specifically introduces various test evaluation services displayed by the functional unit according to the test evaluation service of the portal display module, selects specific test evaluation services according to actual service requirements, fills in detailed evaluation requirements and contact information, submits a test application after confirming that the test application is correct, and starts the evaluation execution module after submitting the test application.
4. The industrial information network security test evaluation system according to claim 1, wherein the evaluation execution module comprises an evaluation application auditing function unit, an evaluation order implementation function unit, and an evaluation order statistics management function unit;
and the evaluation application auditing function unit is oriented to an evaluation supervisor and is used for auditing the evaluation requirement according to the evaluation application submitted by the user. Generating an evaluation order for the evaluation application passing the examination and verification, and starting an evaluation order implementation functional unit; for the evaluation application which is not passed by the verification, canceling the evaluation application or notifying the user to modify the evaluation application; the auditing result of the evaluation application is fed back to the user in the form of a message;
the evaluation order implementation functional unit specifically comprises: for the checking orders which pass the checking and are not subjected to the checking, the checking and evaluating supervisor sequentially distributes the checking and evaluating personnel according to the submitting time sequence and the checking and evaluating requirement information of each order, and by combining the professional direction of each checking and evaluating personnel, the number of the currently implemented orders and the experience value, the checking and evaluating personnel are comprehensively considered; after the allocation of the evaluation orders is completed, notifying the evaluation specialists in the form of messages; for the distributed to-be-evaluated orders, the evaluation personnel sequentially analyzes the evaluation requirements according to the submitting time sequence of each to-be-evaluated order, and invokes corresponding evaluation tools according to the specific evaluation flow and steps in the operation instruction of the corresponding evaluation scheme to implement the evaluation in an on-line or off-line mode;
The evaluation order statistics management function unit displays information of each evaluation order in a list form, wherein the evaluation order information comprises enterprise names, contacts, contact phones, evaluation demands, corresponding evaluation scheme names and submission time; counting and giving out the number of evaluation applications to be audited; counting and giving the number of orders to be evaluated; counting and giving the number of completed orders; and displaying the number of the newly increased evaluation orders and the number of the completed evaluation orders in each month in the period of about 12 months in the form of a line diagram.
5. The industrial information network security test and assessment system according to claim 1, wherein the assessment solution library module comprises a standard compliance assessment solution library functional unit and a professional assessment solution library functional unit;
the standard compliance assessment scheme library function unit is used for storing standard compliance assessment schemes, wherein the standard compliance assessment schemes comprise standard compliance assessment schemes which are solidified into a system during system design, and standard compliance assessment schemes which can be customized through an assessment scheme customization module according to actual requirements of users.
The professional evaluation scheme library functional unit is used for storing professional evaluation schemes, wherein the professional evaluation schemes comprise professional evaluation schemes which are solidified into the system during system design, and professional evaluation schemes customized through an evaluation scheme customization module according to actual requirements of users. The professional evaluation scheme which has been solidified into the system at the time of system design includes: a communication robustness test scheme, a baseline checking evaluation scheme, a vulnerability scanning evaluation scheme, a source code security audit scheme and an industrial internet platform test scheme.
6. The industrial information network security test evaluation system of claim 1, wherein the assessment solution customization module comprises a new assessment solution functional unit, a release assessment solution functional unit, a sort assessment solution functional unit, and a delete assessment solution functional unit;
the newly added evaluation scheme functional unit is used for creating an industrial control information network security evaluation scheme, inputting the name, the evaluation basis, the evaluation details, the evaluation flow and the evaluation operation instruction book of the evaluation scheme, adding an evaluation report template, and associating the corresponding evaluation tools by using an evaluation tool integration module; storing the newly added evaluation scheme into an evaluation scheme library;
the issuing evaluation scheme functional unit is used for issuing part of contents (names and evaluation basis of the evaluation schemes) of the established evaluation schemes in the evaluation scheme library to the test evaluation service introduction functional unit of the portal display module for the user to inquire and select; meanwhile, according to the requirements, the testing and evaluating service of the portal display module can be canceled to introduce certain published evaluating scheme content in the functional unit.
The sequencing evaluation scheme functional unit is used for modifying the arrangement sequence of the established evaluation schemes in the evaluation scheme library according to the actual market demands of the industrial control industry and the business capacity of the evaluation mechanism, and automatically updating the arrangement sequence of the test evaluation service items of the test evaluation service introduction functional unit of the portal display module for the user to inquire and select;
The deleting evaluation scheme functional unit is used for deleting an established evaluation scheme in the evaluation scheme library according to the actual market demand of the industrial control industry and automatically updating the test evaluation service item of the test evaluation service introduction functional unit of the portal display module.
7. The industrial information network security test and assessment system according to claim 1, wherein the assessment tool integration module comprises an on-line assessment tool integration functional unit and an off-line assessment tool integration functional unit;
the on-line evaluation tool integrated functional unit provides an integrated interface for the tools of different types, which can carry out the safety test of the industrial control information network in an on-line form, associates corresponding on-line evaluation tools with the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module, and imports an evaluation report;
the off-line evaluation tool integrated functional unit provides an integrated interface for the tools of different types, which can carry out the safety evaluation of the industrial control information network in an off-line mode, associates corresponding off-line evaluation tools for the evaluation schemes in the evaluation scheme library module and the evaluation scheme customization module, and imports an evaluation report.
8. The industrial information network security test and evaluation system according to claim 1, wherein the personal information management module includes a registration information management function unit and an evaluation application management function unit;
the registration information management function unit displays basic information of registered users in the form of a table, wherein the basic information comprises enterprise names, areas, industries, enterprise business licenses and contact ways; providing a user with a function of changing a login password, and guaranteeing the security of an account;
the evaluation application management functional unit comprises an evaluation application checking sub-functional unit, an evaluation application canceling sub-functional unit, an evaluation information supplementing sub-functional unit and an evaluation report management sub-functional unit; the evaluation application checking sub-function unit displays the submitted evaluation application information of the user in the form of a table, wherein the evaluation application information comprises: an evaluation application name, an evaluation requirement and an evaluation contact phone; and for each evaluation application, displaying the current progress condition in a flow chart form, and providing real-time inquiry for a user. The specific stages of the progress flow comprise: application submission, application audit, order testing and order completion; the evaluation application cancellation sub-functional unit specifically comprises: the user can cancel the submitted evaluation application according to the requirement; the evaluation information supplementing sub-functional unit specifically comprises: the user supplements the required information according to the feedback information of the evaluation application auditing function unit, and perfects the submitted evaluation application; and the evaluation report management sub-functional unit is used for checking or downloading an evaluation report corresponding to the evaluated application of which the evaluation is completed by the user.
9. The industrial information network security test and assessment system according to claim 1, wherein the system management module comprises a user management function unit, an evaluator management function unit, and a log management function unit;
the user management function unit is used for auditing the user information registered to use the system; presenting user information registered for use of the system in the form of a list, the user information including: enterprise name, contact, and registration time; managing users registered to use the system, wherein specific operations include deletion, deactivation and activation; counting the number of newly registered users; in the form of a histogram, the statistics of the number of users logging in the system and the statistics of the number of newly added users in a period of about 12 months are shown; displaying untreated and treated user consultation information in a list form;
the evaluation personnel management function unit displays the existing evaluation personnel information in a list form, wherein the evaluation personnel information comprises: name, sex, professional direction, title, number of orders under test, number of orders completed, experience value; the system is used for managing the evaluation personnel with different roles; the roles of the evaluation personnel include: the specific management operations comprise: new creation, modification and deletion;
The log management function unit displays the operation log and the login log of the system in a list form for a system administrator to inquire, so as to realize the event recording and tracing functions of the system.
CN202310059348.7A 2023-01-18 2023-01-18 Industrial information network security test evaluation system Pending CN116405240A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310059348.7A CN116405240A (en) 2023-01-18 2023-01-18 Industrial information network security test evaluation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310059348.7A CN116405240A (en) 2023-01-18 2023-01-18 Industrial information network security test evaluation system

Publications (1)

Publication Number Publication Date
CN116405240A true CN116405240A (en) 2023-07-07

Family

ID=87012971

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310059348.7A Pending CN116405240A (en) 2023-01-18 2023-01-18 Industrial information network security test evaluation system

Country Status (1)

Country Link
CN (1) CN116405240A (en)

Similar Documents

Publication Publication Date Title
US10339321B2 (en) Cybersecurity maturity forecasting tool/dashboard
US10021138B2 (en) Policy/rule engine, multi-compliance framework and risk remediation
US10019677B2 (en) Active policy enforcement
US20040010709A1 (en) Security maturity assessment method
CN103400226A (en) Integrated tobacco industry information security, operation and maintenance application platform system
CN1628295A (en) Methods and systems for managing enterprise assets
US20060004614A1 (en) Content management system
US11416874B1 (en) Compliance management system
CA2894046A1 (en) Method and system for technology risk and control
CN102622677A (en) Enterprise safety production management method
CN107358122A (en) The access management method and system of a kind of data storage
CN104156824A (en) Mobile HSE inspection method based on explosion-proof hand-held terminal
JP2022166167A (en) Method and system for providing and receiving information for risk management on site
Jääskelä et al. Digi-HTA, assessment framework for digital healthcare services: information security and data protection in health technology–initial experiences
CN114491483A (en) Flight simulator equipment supply chain system based on block chain
CN111652454A (en) Supervision quality and safety production management evaluation management system
CN116405240A (en) Industrial information network security test evaluation system
KR100568266B1 (en) The method of certification service through the internet
KR101651586B1 (en) System for managing security vulnerability found from step developing system to step operating system
KR101596456B1 (en) System and method for managing security
KR20040011863A (en) Real Time Information Security Risk Management System and Method
Shan et al. Road vehicles Cybersecurity system evaluation method
US20110091845A1 (en) Implementation of Facility Management Programs
US11558182B2 (en) Method and system to facilitate assessment, authorization, and monitoring of policy documents related to an organization
KR100569627B1 (en) The method of consulting service through the internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination