The Research And Implementation Of Information Security Management Platform In Power Industry

Information security management platform is a generic term describing a platform whose purpose is to provide detection and reaction services to security incidents. It helps centrally monitor and control all the security elements and policy. It consists of a technical platform and an organizational team with security focus. Managing security events in today's corporate environment poses a series of challenges for beleaguered IT personnel and their organizations. A daily onslaught of security data from disparate systems, platforms and applications delivers the challenge. Numerous point solutions such as antivirus software, firewalls, intrusion prevention systems, intrusion detection, access control, identity management present information in different formats, store it in different places and report it to different locations. Most organizations deal with literally millions of messages daily from these incompatible security technologies, resulting in security information overload which, in turn, contributes to high overhead, duplication of effort, weak security models and failed audits. A properly configured and managed platform acts as an intelligent brain gathering data from all areas of a network, automatically sifting through alerts, prioritizing the risks and preventing attacks before they can be executed and cause costly damage.In this dissertation, we introduce the concepts and framework of the information security management platform and explore the business and technical requirements that organizations must consider when implementing it . We show the whole functional architecture of a Security Operation Center (SOC). It is made up of several modules: event collectors, asserts management, vulnerability management, risk management, event analyze, work-flow, knowledge base, display and report etc. In this paper we discuss the design and technical deployment of them in detail.We briefly describe the instance of SOC in Shanghai Municipal Power Company. We then focus on the key technology of SOC and common problems encountered in practice. Experience shows that a pragmatic approach needs to be taken in order to implement a professional SOC that can provide reliable results. A short conclusion will describe further research & analysis to be performed in the field of SOC design.