| With the development of information construction of electric power industry, information technology is increasingly used in electric power industry in recent years. More and more electrical work has been completed with the help of electricity information management systems and electric power secondary systems. However, the openness of computer and network technology has brought various threats to the information system. Electricity industry, as one of national basic establishment industries, is related to the normal operation of the national security and public service activities. Therefore, electric power industry information system security protection is particularly important.Information security risk assessment is an important means of information security protection. It is a vital role for the information security of the power industry to find the potential risks in the system timely.Power industry information security risk assessment still relies on manual assessment at present. Manual assessment is inefficient, difficult to find the potential vulnerability in the system and hard to avoid the subjectivity of evaluator. All the factors would influence the accuracy of assessment result. To solve these problems, the paper designs and implements a tool which is used in the assessment of electricity production information system risk according to The provisions of Security Protection for Power Secondary System.The evaluation tool classifies the risk factors in risk assessment process such as assets, threats, vulnerabilities etc. in the form of software. It includes the following features:assessment project management, asset identification, threat identification, vulnerability identification, risk assessment calculation and assessment report generation. To resolve the shortcoming in manual assessment style, which is hard to find the potential vulnerability in risk assessment process, the evaluation tool add a vulnerability scanning detection function to scan the target asset. Automatically determine the risk function has been added to the tool to resolve the vulnerability classification problem that has been scanned out. This function is realized to the scanned results automatic decision algorithm which is based on Bayes’theorem. It can automatically determine the scan vulnerability information into the classification of threat information and vulnerability information in assessment tool, assisted to complete the risk factors identification work. After finishing the assignment of information system risk parameters and correlation parameters, evaluation tool calculate the value-at-risk of system and system risk pre-loss value according to the risk assessment formula. Finally, the evaluation tool can generate a risk assessment report to help system administrator intuitively understanding the security state of information system.After extensive testing, the evaluation tool can reasonably describe the current security state of information system in the progress of risk assessment, standardize the assessment processes, improve the efficiency of risk assessment, give a scientific evaluation of the overall security state of the information system. The evaluation tool would promote the research of safety protection in the field of electric power secondary systems. |
PDF Full Text Request