| After more than 10 years’ information security network construction, most enterprises and originations pay more attention to macrocosm from part. No longer focus on single security threat and defense system management, but information security risk. Besides organization and procession, the technique guarantee plays a very important role in the whole security guarantee system.However, an inevitable problem comes out, especially in electricity power industry, which is how to normalize and generalize the alarm information. Since the system alarm, network fault, and security incident contain different risk, property, and threat. All these facts are influencing identification information, calculation risk. Meanwhile, large-scale incident processing analysis and information security level assessment cannot put into effect efficiently.During the participation of The Information Security Level Comprehensive Evaluation Platform Research which holds by Electric Power Research Institute of central China, I designed a mass event processing system platform based on risk control and management. It realizes security incident normalization, summarizing generalization and correlation analysis. Risk demonstration is also the significant characteristic.The distributed large-scale incident processing model provides powerful decision support in this system. And a positive compiling method make the function of generalization comes into real. Collect log from safety apparatus, network device and system host, etc. and sort security alert information, then synchronize between different equipment. This generalization insures consistency. The method mentioned above proposes modeling approach, which bases on multi-risk assessment and analysis. By transfer evaluation factors and data fusion model to filtrate key incident, then adjust allocation more flexible. This assessment model makes venture analysis more effective and reliable. |
PDF Full Text Request