Security Event Management System And Achieve

Along with the develpment of Information Technology, there are more and more security threat. The security problem can not be resolved by single security technology, information security need a integrated security architecture include : firewall,anti-virus,VPN,IDS,portscan,etc.According to the authority investigation corp's investigation, although the increase of the security devices, security events still become more and more.So nowaday emphasis of Information Security has been moved from the Product-centraliezed to the Management-centralized or Engneering-centralized period.In the mid-nineties, as the first information securty management standard, BS7799 has been introduced in.From then on, people have the security management standard and practise reference.Because of the complexity of the standard, the effect of the implementation is not very good. As the guarantee of the security management standard, Information Management System(IMS) present.lt can automate all parts of the standard, with that the standard make full effect.The IMS includes subsystems: event management, policy management, asset management, identity management and emergency response.As the core of the Information Security Management System, the Event Management System(EMS) play an important role in the Information Security Management.The EMS can not only as a subsystem of the IMS, but also as a single IMS.This article mainly researched the critical technology of the Security Event Management System. Such as event consolidate, filter&merge, correlation analysis, event management and so on.And also implement a simple system based on it.During the thesis progress, I collect many authoritative investigation for information security, and do requirement analysis base on it.I research well-known related product and research report, category and compare different between them.Base on the requirement analysis and product research, I make up the critical technologies.I also make the solution for the critical technologies.During the progress of the critical technology research, I category the popular event correlation method and arithmetic.I also extend the unify fomat IDMEF to corespond to the EMS.