CN118118249A - Enterprise information security operation and maintenance management system based on big data - Google Patents
Enterprise information security operation and maintenance management system based on big data Download PDFInfo
- Publication number
- CN118118249A CN118118249A CN202410320147.2A CN202410320147A CN118118249A CN 118118249 A CN118118249 A CN 118118249A CN 202410320147 A CN202410320147 A CN 202410320147A CN 118118249 A CN118118249 A CN 118118249A
- Authority
- CN
- China
- Prior art keywords
- safety
- risk
- information
- security
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012423 maintenance Methods 0.000 title claims abstract description 70
- 238000012937 correction Methods 0.000 claims description 51
- 238000012502 risk assessment Methods 0.000 claims description 49
- 231100000279 safety data Toxicity 0.000 claims description 44
- 238000012545 processing Methods 0.000 claims description 29
- 238000007726 management method Methods 0.000 claims description 24
- 238000004364 calculation method Methods 0.000 claims description 23
- 230000004044 response Effects 0.000 claims description 23
- 238000013500 data storage Methods 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 14
- 238000004458 analytical method Methods 0.000 claims description 13
- 238000012544 monitoring process Methods 0.000 claims description 13
- 230000008859 change Effects 0.000 claims description 5
- 238000007405 data analysis Methods 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 5
- 230000008569 process Effects 0.000 claims description 5
- 230000002159 abnormal effect Effects 0.000 claims description 4
- 230000005856 abnormality Effects 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 238000001514 detection method Methods 0.000 claims description 3
- 238000009792 diffusion process Methods 0.000 claims description 3
- 230000007613 environmental effect Effects 0.000 claims description 3
- 230000000116 mitigating effect Effects 0.000 claims description 3
- 238000011084 recovery Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 2
- 238000005516 engineering process Methods 0.000 description 3
- 238000011156 evaluation Methods 0.000 description 3
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the field of operation and maintenance safety, and discloses an enterprise information safety operation and maintenance management system based on big data.
Description
Technical Field
The invention relates to the technical field of operation and maintenance safety, in particular to an enterprise information safety operation and maintenance management system based on big data.
Background
With the rapid development of information technology and the continuous increase of enterprise data size, the information security risks facing enterprises are increasing. The security event management is an important component of the enterprise information security operation and maintenance management system, and aims to help enterprises discover, analyze and process various security events in time and guarantee the security and integrity of enterprise information assets. In the traditional enterprise information security management, security event management is mainly carried out by means of manual operation, local area network monitoring and the like, but the manual operation cannot meet the actual requirements due to the large enterprise data volume and complex and various security events; and the introduction of the enterprise information security operation and maintenance management system of big data can collect, store, process and analyze massive structured and unstructured data of enterprises, thereby realizing timely discovery and quick response to security events. The big data analysis technology can discover abnormal behaviors and potential threats by mining and analyzing mass data, and helps enterprises to realize real-time monitoring and early warning. In addition, the big data technology can also provide security event trend and mode through analysis of historical security events, and provide effective security policy and decision support for enterprises;
however, the above procedure still has the following drawbacks:
Firstly, the lack of an effective data acquisition and monitoring method for monitoring and acquiring the safety operation and maintenance data by a large-data enterprise information safety operation and maintenance management system may lead to inaccurate and reliable data to be monitored and acquired, so that all operation and maintenance information safety data cannot be monitored comprehensively;
Secondly, the data of the safety information is monitored and managed only through various behaviors of the occurrence event, and an intelligent analysis flow is lacked, so that the safety information risk event is automatically evaluated, the safety abnormality problem is automatically identified, the time and the cost for the safety information event management are increased, and meanwhile, the risk level response to different safety information risk events is lacked, so that the processing method of the safety risk event is possibly incorrect.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks of the prior art, the present invention provides an enterprise information security operation and maintenance management system based on big data, so as to solve the problems in the above-mentioned background art.
The invention provides the following technical scheme: an enterprise information security operation and maintenance management system based on big data, comprising:
Information data acquisition module: the system comprises a data storage module, a network security data acquisition unit, an information security data acquisition unit, a data processing unit and a data processing unit, wherein the data storage module is used for storing operation and maintenance information security data;
And a data storage module: the system comprises a data processing module, a network security transmission protocol, a centralized log collection server or storage equipment, a characteristic extraction module, a data processing module and a data processing module, wherein the data processing module is used for processing the operation and maintenance information security data;
And a data processing module: the system comprises an operation and maintenance information safety data acquisition unit, a network safety data acquisition unit, an information safety data acquisition unit and a network safety data analysis unit, wherein the operation and maintenance information safety data is processed and analyzed, the safety event occurrence probability coefficient is analyzed and calculated through the network safety data acquisition unit, and the safety event occurrence loss coefficient is obtained through the analysis and calculation of the information safety data acquisition unit;
A security event risk assessment module: the method comprises the steps of performing secondary analysis on a security event occurrence probability coefficient and a security event occurrence loss coefficient to obtain a security event risk assessment index, assessing security information risk through the security event risk assessment index, and monitoring the security state of an enterprise network in real time;
Safety information risk identification module: the risk identification module is used for identifying and positioning the risk of the target safety information, identifying the risk of the target safety information through a safety event risk assessment index, finding a safety abnormality problem, comparing the safety event risk assessment index with a standard safety feature threshold value, performing risk positioning on the risk of the target safety information, and transmitting command information of risk early warning to the influence correction module;
Influence correction module: the risk early warning system comprises a safety information risk recognition module, a safety event risk assessment index, a standard safety feature threshold, an influence correction coefficient and a safety information risk classification module, wherein the safety information risk recognition module is used for receiving a risk early warning instruction sent by the safety information risk recognition module, immediately performing safety risk response according to the received risk early warning instruction, calculating the safety event risk assessment index and the standard safety feature threshold to obtain the influence correction coefficient, and classifying the safety information risk through the influence correction coefficient;
risk level dividing module: the risk classification module is used for classifying the risks of the safety information, classifying the detected risks of the safety information into low risks, medium risks and high risks through influence correction coefficients, and transmitting the classified results of the safety risks to the safety risk feedback module;
And a safety risk feedback module: and the method is used for making corresponding disposal measures according to the risk identification result and the grade of the safety information, and rapidly carrying out early warning response and processing safety events to prevent continuous diffusion of attacks.
Preferably, the information data acquisition module periodically updates and acquires the operation and maintenance information safety data on each node by monitoring the operation and maintenance information safety data on the network nodes, records the acquisition time of the operation and maintenance information safety data each time, selects the network nodes to be monitored and managed according to the network architecture and the scale of an enterprise, and deploys a data collector on the selected network nodes for acquiring the operation and maintenance information safety data of the nodes;
The network security data acquisition unit monitors and acquires network security data on each network node; the information security data acquisition unit monitors and acquires information security data on each network node.
Preferably, the data storage module dispersedly stores the collected operation and maintenance information safety data according to different nodes, and then carries out event numbering on the operation and maintenance information safety data each time, so as to identify the operation and maintenance information safety data in each time period, and simultaneously carries out data feature extraction and extracts data influencing the operation and maintenance information safety state on the nodes.
Preferably, the data processing module specifically analyzes the extracted data affecting the event safety state on the node, and calculates the change trend reflecting each parameter of the event safety;
The specific analysis mode of the probability coefficient of occurrence of the safety event is as follows:
step S1: the specific calculation formula for analyzing the password security is as follows P (x i) represents the probability of occurrence of a single character or cryptographic element, n represents the total number of characters or cryptographic elements, x i represents the ith character or cryptographic element;
Step S2: the specific calculation formula for analyzing the network attack effectiveness is q=q (a j)×q(Sj),Sj represents S= { S 1,S2,…,Sm }, and q (S j) represents the probability of an attacker reaching the state S j;
Step S3: the specific calculation formula for analyzing the response frequency of the security event is as follows T 1 denotes an average detection time, t 2 denotes an average response time, t 3 denotes an average mitigation time, t 4 denotes an average recovery time, and N denotes the total number of events occurring within a specific period of time;
step S4: the specific calculation formula for analyzing the occurrence probability coefficient of the security event is I=L (H, q, T), q represents the network attack efficiency, H represents the password security, and T represents the response frequency of the security event;
The specific analysis mode of the safety event occurrence loss coefficient is as follows:
A specific calculation formula for analyzing the loss coefficient of occurrence of a security event is r=f (V 1,V2,V3),V1 represents asset value, V 2 represents vulnerability severity of asset, V 3 represents environmental impact factor of threat.
Preferably, the security event risk assessment module analyzes and calculates a security event risk assessment index according to the result of data processing, assesses the security event on the node in each time period through the security event risk assessment index, monitors the change condition of the security state of the enterprise network, and timely predicts the possible network security risk problem;
the specific calculation formula of the security event risk assessment index is a=b (I, R) = (L (H, q, T), F (V 1,V2,V3)), I represents a security event occurrence probability coefficient, and R represents a security event occurrence loss coefficient.
Preferably, the safety information risk identification module compares the safety event risk assessment index with a standard safety feature threshold value, and when the safety event risk assessment index a is equal to or greater than the standard safety feature threshold value a', the safety information risk is indicated to appear, and the safety information risk is immediately identified and positioned.
Preferably, the influence correction module corrects the security information risk by calculating an influence correction coefficient, timely detects the security risk problem, and prioritizes the security information risk; the influence correction coefficient is obtained by comparing and calculating a security event risk assessment index with a standard security feature threshold value, and a specific calculation formula is the influence correction coefficientA represents a security event risk assessment index and a' represents a standard security feature threshold.
Preferably, the risk classification module classifies the severity of the security information risk detected on the node according to the influence correction coefficient k;
when the influence correction coefficient kappa is smaller than 0, the occurrence of safety risk is indicated not to occur, and when the influence correction coefficient kappa is equal to or larger than 0, the safety information risk is detected on the node, and the safety information risk on the node is identified and positioned according to the safety information risk identification module;
If the influence correction coefficient kappa=0, dividing the safety information risk into low risks; if 0< influence correction coefficient kappa <1, dividing the security information risk into low risks; if the influence correction coefficient kappa >1, the security information risk is classified as high risk.
Preferably, the security risk feedback module is used for making a corresponding emergency response plan according to the occurrence degree of the risk level of the security information, tracking and analyzing the response process of the event, identifying the occurrence reason and vulnerability of the event, taking measures to prevent the occurrence of the similar event again, and sending out instruction information of abnormal warning.
The invention has the technical effects and advantages that:
According to the invention, the information data acquisition module is arranged to acquire operation and maintenance information safety data on the network node, and record each operation and maintenance information safety data along with time, so that the operation and maintenance information safety data can be effectively and comprehensively acquired and monitored, the acquired data is more accurate and reliable, the error of data acquisition is reduced, the event state information data is stored and extracted by the data storage module, the operation and maintenance information safety data is analyzed by the data processing module, the safety event risk assessment index calculated by the safety event risk assessment module is used for identifying and positioning the safety information risk, the influence correction module is used for comparing the safety event risk assessment index with the standard safety feature threshold value to obtain the influence correction coefficient, the risk classification module is used for classifying the safety information risk, corresponding disposal measures are formulated by the safety risk feedback module, the safety event is responded and processed rapidly, the safety risk problem can be automatically estimated and identified by the intelligent data analysis flow, the monitoring time and the cost of the safety operation and maintenance are saved, and meanwhile, the safety event can be processed more reasonably and accurately.
Drawings
FIG. 1 is a flow chart of an enterprise information security operation and maintenance management system based on big data.
Detailed Description
The embodiments of the present invention will be clearly and completely described below with reference to the drawings in the present invention, and the configurations of the structures described in the following embodiments are merely examples, and the enterprise information security operation and maintenance management system based on big data according to the present invention is not limited to the structures described in the following embodiments, and all other embodiments obtained by a person having ordinary skill in the art without making any creative effort are within the scope of the present invention.
The invention provides an enterprise information security operation and maintenance management system based on big data, which comprises:
information data acquisition module: the system is used for collecting operation and maintenance information safety data, comprises a network safety data collecting unit and an information safety data collecting unit, and simultaneously transmits the collected operation and maintenance information safety data to a data storage module.
In this embodiment, the information data acquisition module periodically updates and acquires the operation and maintenance information security data on each node by monitoring the operation and maintenance information security data on the network nodes, records the acquisition time of the operation and maintenance information security data each time, selects the network nodes to be monitored and managed according to the network architecture and the scale of the enterprise, and deploys a data collector on the selected network nodes for acquiring the operation and maintenance information security data of the nodes;
The network security data acquisition unit monitors and acquires network security data on each network node; the information security data acquisition unit monitors and acquires information security data on each network node.
The information data acquisition module is beneficial to comprehensively acquiring and monitoring the operation and maintenance information safety data, so that the acquired data is more accurate and reliable, and the error of data acquisition is reduced.
And a data storage module: the system is used for transmitting the collected operation and maintenance information safety data to a centralized log collecting server or a storage device through a network safety transmission protocol, extracting characteristics of the operation and maintenance information safety data, and transmitting the processed operation and maintenance information safety data to a data processing module.
In this embodiment, the data storage module performs decentralized storage on the collected operation and maintenance information security data according to different nodes, and then performs event numbering on the operation and maintenance information security data each time, so as to identify the operation and maintenance information security data in each time period, and simultaneously performs data feature extraction to extract data affecting the security state of the operation and maintenance information on the nodes.
It should be specifically noted that the data storage module provides efficient and reliable data storage and management functions, so as to ensure the integrity and availability of data. By storing the data in a decentralized manner, the risk of single-point faults and data loss is reduced.
And a data processing module: the system is used for processing and analyzing the operation and maintenance information safety data, analyzing and calculating the safety event occurrence probability coefficient through the network safety data acquisition unit, and analyzing and calculating through the information safety data acquisition unit to obtain the safety event occurrence loss coefficient.
In this embodiment, the data processing module specifically analyzes the extracted data affecting the event security state on the node, and calculates the variation trend reflecting each parameter of the event security;
The specific analysis mode of the probability coefficient of occurrence of the safety event is as follows:
step S1: the specific calculation formula for analyzing the password security is as follows P (x i) represents the probability of occurrence of a single character or cryptographic element, n represents the total number of characters or cryptographic elements, x i represents the ith character or cryptographic element;
Step S2: the specific calculation formula for analyzing the network attack effectiveness is q=q (a j)×q(Sj),Sj represents S= { S 1,S2,…,Sm }, and q (S j) represents the probability of an attacker reaching the state S j;
Step S3: the specific calculation formula for analyzing the response frequency of the security event is as follows T 1 denotes an average detection time, t 2 denotes an average response time, t 3 denotes an average mitigation time, t 4 denotes an average recovery time, and N denotes the total number of events occurring within a specific period of time;
step S4: the specific calculation formula for analyzing the occurrence probability coefficient of the security event is I=L (H, q, T), q represents the network attack efficiency, H represents the password security, and T represents the response frequency of the security event;
The specific analysis mode of the safety event occurrence loss coefficient is as follows:
A specific calculation formula for analyzing the loss coefficient of occurrence of a security event is r=f (V 1,V2,V3),V1 represents asset value, V 2 represents vulnerability severity of asset, V 3 represents environmental impact factor of threat.
The data analysis module can provide real-time monitoring, timely discover abnormal conditions or potential threats in the system, help enterprises timely take measures to solve problems, provide basis for evaluating risk problems of safety events, timely know the running condition and the safety condition of the system, reduce the time of risk evaluation, and enable the result of risk evaluation to be more accurate.
A security event risk assessment module: the method is used for carrying out secondary analysis on the occurrence probability coefficient of the security event and the occurrence loss coefficient of the security event to obtain a security event risk assessment index, assessing the security information risk through the security event risk assessment index, and monitoring the security state of the enterprise network in real time.
In this embodiment, the security event risk assessment module analyzes and calculates a security event risk assessment index according to a result of data processing, assesses a security event on a node in each time period through the security event risk assessment index, monitors a change condition of a security state of an enterprise network, and timely predicts a possible network security risk problem;
the specific calculation formula of the security event risk assessment index is a=b (I, R) = (L (H, q, T), F (V 1,V2,V3)), I represents a security event occurrence probability coefficient, and R represents a security event occurrence loss coefficient.
The method has the advantages that potential information security risks can be identified and found in time through the security event risk assessment index, operation and maintenance management efficiency is improved, and the security problems of the event can be monitored in real time.
Safety information risk identification module: the risk identification module is used for identifying and positioning the risk of the target safety information, identifying the risk of the target safety information through the risk assessment index of the safety event, finding out the safety abnormality problem, comparing the risk assessment index of the safety event with the standard safety feature threshold value, performing risk positioning on the risk of the target safety information, and transmitting command information of risk early warning to the influence correction module.
In this embodiment, the security information risk identification module compares the security event risk assessment index with the standard security feature threshold, and when the security event risk assessment index a is equal to or greater than the standard security feature threshold a', it indicates that a security information risk appears, and immediately identifies and locates the security information risk.
Influence correction module: the risk early warning system comprises a safety information risk recognition module, a safety event risk assessment index, a standard safety feature threshold, an influence correction coefficient and a safety information risk classification module, wherein the safety information risk recognition module is used for receiving a risk early warning instruction sent by the safety information risk recognition module, immediately performing safety risk response according to the received risk early warning instruction, calculating the safety event risk assessment index and the standard safety feature threshold to obtain the influence correction coefficient, and classifying the safety information risk through the influence correction coefficient.
In this embodiment, the influence correction module corrects the security information risk by calculating an influence correction coefficient, timely detects the security risk problem, and prioritizes the security information risk; the influence correction coefficient is obtained by comparing and calculating a security event risk assessment index with a standard security feature threshold value, and a specific calculation formula is the influence correction coefficientA represents a security event risk assessment index and a' represents a standard security feature threshold.
Specifically, through the correction of the influence of the security event, the enterprise can better evaluate and control the risk, discover and cope with potential security threats in time, and reduce the occurrence and loss of the information security event.
Risk level dividing module: the risk classification module is used for classifying the risks of the safety information, classifying the detected risks of the safety information into low risks, medium risks and high risks through the influence correction coefficients, and transmitting the classified results of the safety risks to the safety risk feedback module.
In this embodiment, the risk classification module classifies the severity of the security information risk detected on the node according to the influence correction coefficient κ;
when the influence correction coefficient kappa is smaller than 0, the occurrence of safety risk is indicated not to occur, and when the influence correction coefficient kappa is equal to or larger than 0, the safety information risk is detected on the node, and the safety information risk on the node is identified and positioned according to the safety information risk identification module;
If the influence correction coefficient kappa=0, dividing the safety information risk into low risks; if 0< influence correction coefficient kappa <1, dividing the security information risk into low risks; if the influence correction coefficient kappa >1, the security information risk is classified as high risk.
Specifically, the risk classification module can objectively evaluate risks facing the enterprise information system according to a certain evaluation standard and algorithm, and classify the risks into different grades, so as to more accurately evaluate and position the severity of the risks.
And a safety risk feedback module: and the method is used for making corresponding disposal measures according to the risk identification result and the grade of the safety information, and rapidly carrying out early warning response and processing safety events to prevent continuous diffusion of attacks.
In this embodiment, the security risk feedback module makes a corresponding emergency response plan according to the occurrence degree of the risk level of the security information, tracks and analyzes the response process of the event, identifies the cause and vulnerability of the event, takes measures to prevent the similar event from happening again, and sends out instruction information of abnormal warning.
Finally: the foregoing description of the preferred embodiments of the invention is not intended to limit the invention to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (9)
1. The enterprise information security operation and maintenance management system based on big data is characterized in that: comprising the following steps:
Information data acquisition module: the system comprises a data storage module, a network security data acquisition unit, an information security data acquisition unit, a data processing unit and a data processing unit, wherein the data storage module is used for storing operation and maintenance information security data;
And a data storage module: the system comprises a data processing module, a network security transmission protocol, a centralized log collection server or storage equipment, a characteristic extraction module, a data processing module and a data processing module, wherein the data processing module is used for processing the operation and maintenance information security data;
And a data processing module: the system comprises an operation and maintenance information safety data acquisition unit, a network safety data acquisition unit, an information safety data acquisition unit and a network safety data analysis unit, wherein the operation and maintenance information safety data is processed and analyzed, the safety event occurrence probability coefficient is analyzed and calculated through the network safety data acquisition unit, and the safety event occurrence loss coefficient is obtained through the analysis and calculation of the information safety data acquisition unit;
A security event risk assessment module: the method comprises the steps of performing secondary analysis on a security event occurrence probability coefficient and a security event occurrence loss coefficient to obtain a security event risk assessment index, assessing security information risk through the security event risk assessment index, and monitoring the security state of an enterprise network in real time;
Safety information risk identification module: the risk identification module is used for identifying and positioning the risk of the target safety information, identifying the risk of the target safety information through a safety event risk assessment index, finding a safety abnormality problem, comparing the safety event risk assessment index with a standard safety feature threshold value, performing risk positioning on the risk of the target safety information, and transmitting command information of risk early warning to the influence correction module;
Influence correction module: the risk early warning system comprises a safety information risk recognition module, a safety event risk assessment index, a standard safety feature threshold, an influence correction coefficient and a safety information risk classification module, wherein the safety information risk recognition module is used for receiving a risk early warning instruction sent by the safety information risk recognition module, immediately performing safety risk response according to the received risk early warning instruction, calculating the safety event risk assessment index and the standard safety feature threshold to obtain the influence correction coefficient, and classifying the safety information risk through the influence correction coefficient;
risk level dividing module: the risk classification module is used for classifying the risks of the safety information, classifying the detected risks of the safety information into low risks, medium risks and high risks through influence correction coefficients, and transmitting the classified results of the safety risks to the safety risk feedback module;
And a safety risk feedback module: and the method is used for making corresponding disposal measures according to the risk identification result and the grade of the safety information, and rapidly carrying out early warning response and processing safety events to prevent continuous diffusion of attacks.
2. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the information data acquisition module periodically updates and acquires the operation and maintenance information safety data on each node by monitoring the operation and maintenance information safety data on the network nodes, records the acquisition time of the operation and maintenance information safety data each time, selects the network nodes to be monitored and managed according to the network architecture and the scale of an enterprise, and deploys a data acquisition device on the selected network nodes for acquiring the operation and maintenance information safety data of the nodes;
The network security data acquisition unit monitors and acquires network security data on each network node; the information security data acquisition unit monitors and acquires information security data on each network node.
3. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the data storage module dispersedly stores the collected operation and maintenance information safety data according to different nodes, and then carries out event numbering on the operation and maintenance information safety data each time, so as to identify the operation and maintenance information safety data in each time period, and simultaneously carries out data characteristic extraction and extracts data influencing the operation and maintenance information safety state on the nodes.
4. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the data processing module specifically analyzes the extracted data affecting the event safety state on the node, and calculates the change trend reflecting each parameter of the event safety;
The specific analysis mode of the probability coefficient of occurrence of the safety event is as follows:
step S1: the specific calculation formula for analyzing the password security is as follows P (x i) represents the probability of occurrence of a single character or cryptographic element, n represents the total number of characters or cryptographic elements, x i represents the ith character or cryptographic element;
Step S2: the specific calculation formula for analyzing the network attack effectiveness is q=q (a j)×q(Sj),Sj represents S= { S 1,S2,…,Sm }, and q (S j) represents the probability of an attacker reaching the state S j;
Step S3: the specific calculation formula for analyzing the response frequency of the security event is as follows T 1 denotes an average detection time, t 2 denotes an average response time, t 3 denotes an average mitigation time, t 4 denotes an average recovery time, and N denotes the total number of events occurring within a specific period of time;
step S4: the specific calculation formula for analyzing the occurrence probability coefficient of the security event is I=L (H, q, T), q represents the network attack efficiency, H represents the password security, and T represents the response frequency of the security event;
The specific analysis mode of the safety event occurrence loss coefficient is as follows:
A specific calculation formula for analyzing the loss coefficient of occurrence of a security event is r=f (V 1,V2,V3),V1 represents asset value, V 2 represents vulnerability severity of asset, V 3 represents environmental impact factor of threat.
5. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the security event risk assessment module analyzes and calculates a security event risk assessment index according to the result of data processing, assesses the security event on the nodes in each time period through the security event risk assessment index, monitors the change condition of the security state of the enterprise network, and timely predicts the possible network security risk problem;
the specific calculation formula of the security event risk assessment index is a=b (I, R) = (L (H, q, T), F (V 1,V2,V3)), I represents a security event occurrence probability coefficient, and R represents a security event occurrence loss coefficient.
6. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the safety information risk identification module compares the safety event risk assessment index with a standard safety feature threshold value, and when the safety event risk assessment index a is equal to or greater than the standard safety feature threshold value a', the safety information risk is indicated to appear, and the safety information risk is immediately identified and positioned.
7. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the influence correction module corrects the safety information risk by calculating an influence correction coefficient, timely detects the safety risk problem, and prioritizes the safety information risk; the influence correction coefficient is obtained by comparing and calculating a security event risk assessment index with a standard security feature threshold value, and a specific calculation formula is the influence correction coefficientA represents a security event risk assessment index and a' represents a standard security feature threshold.
8. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the risk classification module classifies the severity of the security information risk detected on the node according to the influence correction coefficient kappa;
when the influence correction coefficient kappa is smaller than 0, the occurrence of safety risk is indicated not to occur, and when the influence correction coefficient kappa is equal to or larger than 0, the safety information risk is detected on the node, and the safety information risk on the node is identified and positioned according to the safety information risk identification module;
If the influence correction coefficient kappa=0, dividing the safety information risk into low risks; if 0< influence correction coefficient kappa <1, dividing the security information risk into low risks; if the influence correction coefficient kappa >1, the security information risk is classified as high risk.
9. The enterprise information security operation and maintenance management system based on big data as claimed in claim 1, wherein: the safety risk feedback module is used for making a corresponding emergency response plan according to the occurrence degree of the risk level of the safety information, tracking and analyzing the response process of the event, identifying the occurrence reason and the occurrence vulnerability of the event, taking measures to prevent the occurrence of the similar event again, and sending out instruction information of abnormal warning.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410320147.2A CN118118249A (en) | 2024-03-20 | 2024-03-20 | Enterprise information security operation and maintenance management system based on big data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410320147.2A CN118118249A (en) | 2024-03-20 | 2024-03-20 | Enterprise information security operation and maintenance management system based on big data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118118249A true CN118118249A (en) | 2024-05-31 |
Family
ID=91216935
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410320147.2A Pending CN118118249A (en) | 2024-03-20 | 2024-03-20 | Enterprise information security operation and maintenance management system based on big data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118118249A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118379064A (en) * | 2024-06-24 | 2024-07-23 | 青岛场外市场清算中心有限公司 | Clearing method and clearing system based on composite cash register |
-
2024
- 2024-03-20 CN CN202410320147.2A patent/CN118118249A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118379064A (en) * | 2024-06-24 | 2024-07-23 | 青岛场外市场清算中心有限公司 | Clearing method and clearing system based on composite cash register |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110620759B (en) | Multi-dimensional association-based network security event hazard index evaluation method and system | |
| JP2018533897A5 (en) | ||
| CN112114995A (en) | Process-based terminal anomaly analysis method, device, equipment and storage medium | |
| CN118118249A (en) | Enterprise information security operation and maintenance management system based on big data | |
| CN105376193B (en) | The intelligent association analysis method and device of security incident | |
| CN113553210A (en) | Alarm data processing method, device, equipment and storage medium | |
| CN115001877B (en) | Big data-based information security operation and maintenance management system and method | |
| CN117955712A (en) | Communication information security risk early warning management and control method and system based on big data | |
| CN117544420B (en) | Fusion system safety management method and system based on data analysis | |
| CN117421761B (en) | Database data information security monitoring method | |
| CN116614313A (en) | Network intrusion protection system and method based on data identification | |
| CN116956148A (en) | Power system data interaction security threat information analysis method | |
| CN117375985A (en) | Method and device for determining security risk index, storage medium and electronic device | |
| CN117827813A (en) | Computer information security monitoring system | |
| CN116896515A (en) | Unattended monitoring and early warning implementation method of intelligent brain platform | |
| CN115706669A (en) | Network security situation prediction method and system | |
| CN115701889A (en) | Oil field industrial control safety supervision method based on SOAR | |
| CN117633779A (en) | Rapid deployment method and system for element learning detection model of network threat in power network | |
| CN117118665A (en) | Power system data interaction security threat information analysis method | |
| CN116614258A (en) | Network danger prediction model of security situation awareness system | |
| CN118368332B (en) | Intelligent park security warning information pushing method and system | |
| CN117609990B (en) | Self-adaptive safety protection method and device based on scene association analysis engine | |
| CN116260640B (en) | Information interception control method and system for big data analysis based on artificial intelligence | |
| CN118228274B (en) | Data security diagnosis method for dispatching automation system | |
| CN115567322B (en) | Method for identifying abnormal communication based on TCP service open port |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |