| With the development of information technology, information system has gained widespread applications in political, military and economic affairs. The whole society depends more and more upon the information system. As informatization develops so rapidly, the security issues of information system has drawn more and more concerns and needs to be settled urgently. Risk assessment is the first step to carry out security protection plan aiming to discover and analyze risks, and also the basic one to the establishment of information security. However, the risk assessment measures currently applied cannot meet the needs of some special industry, which requires an all-inclusive security plan and a true evaluation of risks.Due to its unique features, this special industry has particularly strict security regulations, keeps its system isolated from outside network, and uses dedicated equipment under special circumstances. Therefore, relevant improvement needs to be made in the identification of information assets and in the application of key technologies.The studies introduced in this paper mainly include:1. The procedure of risk assessment in information security for the special industry.Since the traditional risk assessment measures cannot be applied directly to the special industry, the procedure studied and proposed here in this paper is designed to satisfy those requirements in the special industry, including assets identification, security assessment, malicious code analysis, penetration test, results analysis, etc.2. The threat discovery technology based on in-depth log analysisAfter a study of log analysis software currently used, log analysis models are created for collection, statistics, correlation analysis, computing results, etc. The design of in-depth log analysis modes, mainly for host’s operating system, middleware services, application system, traffic flow, etc., and for the purpose of potential threat discovery, leads to the design of log analysis module.3. The implementation of log analysis modelsThe implementation of automatic log analysis module in this paper is based on open resources tools. The feasibility of this module is analyzed and verified through the typical hacker attack and worm virus incidents, and its performance compared with the one of traditional log analysis tools. The results have proved that this log analysis tool has capabilities to discover typical threats in the special industry.This paper is focused on the research of risk evaluation procedure in the special industry and threat discovering technology based on log analysis. Design and implementation of log analysis are made by C# programming, solving the key problem in risk evaluation in this special industry, providing critical support for the overall promotion of information security and greatly increasing the reliability of information security system within this industry. |
PDF Full Text Request