技术领域Technical Field
本发明涉及电力信息系统技术领域,具体涉及一种电力信息系统检测方法及系统。The present invention relates to the technical field of electric power information systems, and in particular to an electric power information system detection method and system.
背景技术Background Art
随着信息技术的不断发展和普及,电力信息系统在电力行业中扮演着越来越重要的角色,然而,由于电力信息系统规模的不断扩大和复杂性的增加,系统面临着越来越多的安全风险和挑战。例如,操作员工的安全意识不足、操作失误、系统漏洞等都可能导致系统遭受攻击或故障,进而影响电力系统的正常运行和数据安全,因此,需要一种电力信息系统检测方法及系统。With the continuous development and popularization of information technology, power information systems play an increasingly important role in the power industry. However, due to the continuous expansion of the scale and complexity of power information systems, the system faces more and more security risks and challenges. For example, insufficient safety awareness of operating staff, operational errors, system vulnerabilities, etc. may cause the system to be attacked or fail, thereby affecting the normal operation and data security of the power system. Therefore, a power information system detection method and system are needed.
现有技术往往局限于单一方面的检测,比如只关注系统的漏洞扫描或只监测网络流量,无法全面评估操作员工的安全意识和操作能力、系统的灾难恢复能力等多个方面,导致无法全面把握系统的安全状况,很显然这种检测方法及系统至少存在以下方面问题:1、现有技术往往缺乏综合评估操作员工的安全意识和操作能力、操作安全目标和访问权限等级、系统的灾难恢复能力等关键参数,无法对系统的安全性和可靠性进行全面评估,容易忽略系统中存在的潜在安全风险,往往是被动式的检测方法,只有在发生安全事件或故障时才能发现问题,无法提前预警和及时处理潜在的安全隐患,容易造成系统遭受攻击或遭受损失。Existing technologies are often limited to single-aspect detection, such as only focusing on system vulnerability scanning or only monitoring network traffic. They are unable to comprehensively evaluate the safety awareness and operating capabilities of operating employees, the disaster recovery capabilities of the system, and other aspects, resulting in an inability to fully grasp the security status of the system. Obviously, this detection method and system have at least the following problems: 1. Existing technologies often lack key parameters such as comprehensive evaluation of the safety awareness and operating capabilities of operating employees, operational security goals and access permission levels, and the disaster recovery capabilities of the system. They are unable to comprehensively evaluate the security and reliability of the system, and are prone to ignoring potential security risks in the system. They are often passive detection methods, and can only discover problems when security incidents or failures occur. They are unable to provide early warnings and promptly handle potential security risks, which can easily cause the system to be attacked or suffer losses.
2、现有技术缺乏针对性的监督和培训机制,无法对操作员工的安全意识和操作能力进行有针对性的培训,提高其对系统安全的认识和操作技能,容易造成人为操作失误或安全漏洞,由于现有技术的局限性,无法全面评估系统的安全性和可靠性,缺乏有效的安全保障措施,难以保障电力系统的正常运行和数据安全,同时,无法对操作员工的操作安全目标和访问权限等级进行分析,无法及时发现权限滥用和不当行为,增加了系统被攻击或滥用的风险。2. Existing technologies lack targeted supervision and training mechanisms, and are unable to provide targeted training on the safety awareness and operational capabilities of operating staff, thereby improving their understanding of system security and operational skills, which can easily lead to human operational errors or security loopholes. Due to the limitations of existing technologies, it is impossible to comprehensively evaluate the security and reliability of the system, and there is a lack of effective security measures, making it difficult to ensure the normal operation of the power system and data security. At the same time, it is impossible to analyze the operational safety goals and access rights levels of operating staff, and it is impossible to promptly detect abuse of authority and improper behavior, increasing the risk of system attacks or abuse.
发明内容Summary of the invention
针对上述存在的技术不足,本发明的目的是提供一种电力信息系统检测方法及系统。In view of the above-mentioned technical deficiencies, an object of the present invention is to provide a power information system detection method and system.
为解决上述技术问题,本发明采用如下技术方案:本发明在第一方面提供一种电力信息系统检测方法,包括:步骤一、操作工程学和人为操作学参数的获取:获取目标电力信息系统历史周期中各操作员工对应的操作工程学和人为操作学参数,操作工程学参数包括钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长,人为操作学参数包括操作系统错误率和违反安全规范频率,分析得到各操作员工对应的操作工程学评估系数和人为操作学评估系数。To solve the above technical problems, the present invention adopts the following technical solutions: In the first aspect, the present invention provides a power information system detection method, including: Step 1, obtaining operation engineering and human operation parameters: obtaining the operation engineering and human operation parameters corresponding to each operating employee in the historical period of the target power information system, the operation engineering parameters include the click rate of phishing emails, the security incident reporting rate and the response time corresponding to each security incident, the human operation parameters include the operating system error rate and the frequency of violation of safety regulations, and the operation engineering evaluation coefficient and human operation evaluation coefficient corresponding to each operating employee are obtained by analysis.
步骤二、安全意识影响因子的获取:获取各操作员工对应的安全意识参数,安全意识参数包括安全培训频率和各次安全意识调查问卷分数,分析得到各操作员工对应的安全意识影响因子。Step 2: Obtaining safety awareness influencing factors: Obtain the safety awareness parameters corresponding to each operating employee. The safety awareness parameters include the frequency of safety training and the scores of each safety awareness questionnaire. Analyze and obtain the safety awareness influencing factors corresponding to each operating employee.
步骤三、综合信息系统操作评估系数的获取:根据各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,分析得到各操作员工对应的综合信息系统操作评估系数,进而判断各操作员工对应的安全意识是否合格,并将安全意识不合格对应的各操作员工记为各待监督操作员工,进而对各待监督操作员工对应的操作安全目标和访问权限等级进行分析。Step 3. Obtaining the comprehensive information system operation evaluation coefficient: According to the operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness influencing factor corresponding to each operation employee, analyze and obtain the comprehensive information system operation evaluation coefficient corresponding to each operation employee, and then judge whether the safety awareness corresponding to each operation employee is qualified, and record the operation employees with unqualified safety awareness as the operation employees to be supervised, and then analyze the operation safety goals and access permission levels corresponding to each operation employee to be supervised.
步骤四、灾难恢复能力评估系数的获取:在电力信息系统运行时,定期进行灾难恢复演练,进而获取各次灾难恢复演练对应的灾难恢复能力指标,灾难恢复能力指标包括系统备份频率、系统恢复成功率和系统恢复时长,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数。Step 4. Obtaining the disaster recovery capability assessment coefficient: When the power information system is in operation, disaster recovery drills are conducted regularly to obtain the disaster recovery capability indicators corresponding to each disaster recovery drill. The disaster recovery capability indicators include system backup frequency, system recovery success rate and system recovery time. The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained through analysis.
步骤五、灾难恢复能力的判断:根据各次灾难恢复演练对应的灾难恢复能力评估系数,进而判断各次灾难恢复演练对应的灾难恢复能力是否合格。Step 5: Determination of disaster recovery capability: Based on the disaster recovery capability assessment coefficient corresponding to each disaster recovery drill, determine whether the disaster recovery capability corresponding to each disaster recovery drill is qualified.
优选地,所述分析得到各操作员工对应的操作工程学评估系数,具体分析过程如下:将各操作员工对应的钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长分别记为、和,其中,表示各操作员工对应的编号,,u为大于2的任意整数,表示各安全事件对应的编号,,n为大于2的任意整数,代入计算公式中,得到各操作员工对应的操作工程学评估系数,其中,、、分别为设定的操作员工对应的标准钓鱼邮件点击率、标准安全事件报告率、安全事件对应的标准反应时长,、、分别为设定的操作员工钓鱼邮件点击率对应的权重因子、安全事件报告率对应的权重因子、安全事件反应时长对应的权重因子。Preferably, the analysis obtains the operation engineering evaluation coefficient corresponding to each operation staff, and the specific analysis process is as follows: the phishing email click rate, security incident reporting rate and response time corresponding to each security incident corresponding to each operation staff are recorded as , and ,in, Indicates the number corresponding to each operating employee. , u is any integer greater than 2, Indicates the number corresponding to each security event. , n is any integer greater than 2, substitute it into the calculation formula The operation engineering evaluation coefficient corresponding to each operator is obtained ,in, , , They are the standard phishing email click rate, standard security incident reporting rate, and standard response time for security incidents corresponding to the set operating staff. , , They are the weight factors corresponding to the click rate of phishing emails sent by operating employees, the weight factors corresponding to the security incident reporting rate, and the weight factors corresponding to the security incident response time.
优选地,所述分析得到各操作员工对应的人为操作学评估系数,具体分析过程如下:将各操作员工对应的操作系统错误率和违反安全规范频率分别记为和,代入计算公式中,得到各操作员工对应的人为操作学评估系数,其中,、分别为设定的操作员工对应的标准操作系统错误率、标准违反安全规范频率,、分别为设定的操作员工操作系统错误率对应的权重因子、违反安全规范频率对应的权重因子。Preferably, the analysis obtains the human operation evaluation coefficient corresponding to each operator. The specific analysis process is as follows: the operating system error rate and the safety specification violation frequency corresponding to each operator are respectively recorded as and , substitute into the calculation formula The human operation evaluation coefficient corresponding to each operator is obtained ,in, , They are the standard operating system error rate and standard safety violation frequency corresponding to the set operating staff. , They are the weight factors corresponding to the set operating system error rate of the operating staff and the weight factors corresponding to the frequency of violation of safety regulations.
优选地,所述分析得到各操作员工对应的安全意识影响因子,具体分析过程如下:将各操作员工对应的安全培训频率和各次安全意识调查问卷分数分别记为和,其中,表示各次安全意识调查问卷对应的编号,,m为大于2的任意整数,代入计算公式中,得到各操作员工对应的安全意识影响因子,其中,、分别为设定的操作员工对应的标准安全培训频率、标准安全意识调查问卷分数,、分别为设定的操作员工安全培训频率对应的权重因子、安全意识调查问卷分数对应的权重因子。Preferably, the analysis obtains the safety awareness influencing factor corresponding to each operator, and the specific analysis process is as follows: the safety training frequency corresponding to each operator and the score of each safety awareness questionnaire are recorded as and ,in, Indicates the number corresponding to each security awareness questionnaire, , m is any integer greater than 2, substitute it into the calculation formula The corresponding safety awareness influencing factors of each operator are obtained ,in, , They are the standard safety training frequency and standard safety awareness questionnaire scores corresponding to the set operating staff. , They are the weight factors corresponding to the set frequency of safety training for operating staff and the weight factors corresponding to the scores of the safety awareness questionnaire.
优选地,所述分析得到各操作员工对应的综合信息系统操作评估系数,具体分析过程如下:将各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,代入计算公式中,得到各操作员工对应的综合信息系统操作评估系数,其中,、分别为设定的操作员工操作工程学评估系数对应的权重因子、人为操作学评估系数对应的权重因子,e表示自然常数。Preferably, the analysis obtains the comprehensive information system operation evaluation coefficient corresponding to each operator. The specific analysis process is as follows: Substitute the operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness impact factor corresponding to each operator into the calculation formula The comprehensive information system operation evaluation coefficient corresponding to each operating employee is obtained ,in, , are the weight factors corresponding to the set operator operation engineering evaluation coefficient and the weight factors corresponding to the human operation evaluation coefficient, and e represents a natural constant.
优选地,所述判断各操作员工对应的安全意识是否合格,具体判断过程如下:将各操作员工对应的综合信息系统操作评估系数与设定的标准操作员工对应的综合信息系统操作评估系数进行对比,若某操作员工对应的综合信息系统操作评估系数小于设定的标准操作员工对应的综合信息系统操作评估系数,则判定该操作员工对应的安全意识不合格,若某操作员工对应的综合信息系统操作评估系数大于或者等于设定的标准操作员工对应的综合信息系统操作评估系数,则判定该操作员工对应的安全意识合格,以此方式,判断各操作员工对应的安全意识是否合格。Preferably, the specific judgment process for judging whether the safety awareness corresponding to each operating employee is qualified is as follows: comparing the comprehensive information system operation evaluation coefficient corresponding to each operating employee with the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee; if the comprehensive information system operation evaluation coefficient corresponding to an operating employee is smaller than the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee, then the safety awareness corresponding to the operating employee is judged to be unqualified; if the comprehensive information system operation evaluation coefficient corresponding to an operating employee is greater than or equal to the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee, then the safety awareness corresponding to the operating employee is judged to be qualified; in this way, whether the safety awareness corresponding to each operating employee is qualified is judged.
优选地,所述对各待监督操作员工对应的操作安全目标和访问权限等级进行分析,具体分析过程如下:A1、将各待监督操作员工对应的综合信息系统操作评估系数与数据库中各操作安全目标对应的综合信息系统操作评估系数进行对比,若某待监督操作员工对应的综合信息系统操作评估系数与数据库中某操作安全目标对应的综合信息系统操作评估系数相同,则将数据库中该操作安全目标作为该待监督操作员工对应的操作安全目标,以此方式,对各待监督操作员工对应的操作安全目标进行分析,并将各待监督操作员工按照对应的操作安全目标进行监督。Preferably, the operational security goals and access permission levels corresponding to each operational employee to be supervised are analyzed, and the specific analysis process is as follows: A1. Compare the comprehensive information system operation assessment coefficient corresponding to each operational employee to be supervised with the comprehensive information system operation assessment coefficient corresponding to each operational security goal in the database. If the comprehensive information system operation assessment coefficient corresponding to an operational employee to be supervised is the same as the comprehensive information system operation assessment coefficient corresponding to an operational security goal in the database, then use the operational security goal in the database as the operational security goal corresponding to the operational employee to be supervised. In this way, the operational security goals corresponding to each operational employee to be supervised are analyzed, and each operational employee to be supervised is supervised according to the corresponding operational security goals.
A2、将各待监督操作员工对应的综合信息系统操作评估系数与数据库中各访问权限等级对应的综合信息系统操作评估系数进行对比,若某待监督操作员工对应的综合信息系统操作评估系数与数据库中某访问权限等级对应的综合信息系统操作评估系数相同,则将数据库中该访问权限等级作为该待监督操作员工对应的操作安全目标,以此方式,对各待监督操作员工对应的访问权限等级进行分析,并将各待监督操作员工设置成对应的访问权限等级。A2. Compare the comprehensive information system operation evaluation coefficient corresponding to each supervised operating employee with the comprehensive information system operation evaluation coefficient corresponding to each access permission level in the database. If the comprehensive information system operation evaluation coefficient corresponding to a certain operating employee to be supervised is the same as the comprehensive information system operation evaluation coefficient corresponding to a certain access permission level in the database, then use the access permission level in the database as the operation security target corresponding to the operating employee to be supervised. In this way, the access permission level corresponding to each operating employee to be supervised is analyzed, and each operating employee to be supervised is set to the corresponding access permission level.
优选地,所述分析得到各次灾难恢复演练对应的灾难恢复能力评估系数,具体分析过程如下:将各次灾难恢复演练对应的系统备份频率、系统恢复成功率和系统恢复时长分别记为、和,其中,表示各次灾难恢复演练对应的编号,,p为大于2的任意整数,代入计算公式中,得到各次灾难恢复演练对应的灾难恢复能力评估系数,其中,、、分别为设定的灾难恢复演练对应的标准系统备份频率、标准系统恢复成功率、标准系统恢复时长,、、分别为设定的灾难恢复演练系统备份频率对应的权重因子、系统恢复成功率对应的权重因子、系统恢复时长对应的权重因子。Preferably, the analysis obtains the disaster recovery capability evaluation coefficient corresponding to each disaster recovery drill. The specific analysis process is as follows: the system backup frequency, system recovery success rate and system recovery duration corresponding to each disaster recovery drill are recorded as , and ,in, Indicates the number corresponding to each disaster recovery drill, , p is any integer greater than 2, substitute it into the calculation formula The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained ,in, , , They are the standard system backup frequency, standard system recovery success rate, and standard system recovery duration corresponding to the set disaster recovery drills. , , They are respectively the weight factor corresponding to the set disaster recovery drill system backup frequency, the weight factor corresponding to the system recovery success rate, and the weight factor corresponding to the system recovery duration.
优选地,所述判断各次灾难恢复演练对应的灾难恢复能力是否合格,具体判断过程如下:将各次灾难恢复演练对应的灾难恢复能力评估系数与设定的标准灾难恢复演练对应的灾难恢复能力评估系数进行对比,若某次灾难恢复演练对应的灾难恢复能力评估系数小于设定的标准灾难恢复演练对应的灾难恢复能力评估系数,则判定该次灾难恢复演练对应的灾难恢复能力不合格,若某次灾难恢复演练对应的灾难恢复能力评估系数大于或者等于设定的标准灾难恢复演练对应的灾难恢复能力评估系数,则判定该次灾难恢复演练对应的灾难恢复能力合格,以此方式,判断各次灾难恢复演练对应的灾难恢复能力是否合格。Preferably, the determination of whether the disaster recovery capability corresponding to each disaster recovery drill is qualified is specifically carried out as follows: the disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is compared with the disaster recovery capability assessment coefficient corresponding to the set standard disaster recovery drill; if the disaster recovery capability assessment coefficient corresponding to a disaster recovery drill is less than the disaster recovery capability assessment coefficient corresponding to the set standard disaster recovery drill, then the disaster recovery capability corresponding to the disaster recovery drill is determined to be unqualified; if the disaster recovery capability assessment coefficient corresponding to a disaster recovery drill is greater than or equal to the disaster recovery capability assessment coefficient corresponding to the set standard disaster recovery drill, then the disaster recovery capability corresponding to the disaster recovery drill is determined to be qualified; in this way, it is determined whether the disaster recovery capability corresponding to each disaster recovery drill is qualified.
本发明在第二方面提供一种电力信息系统检测系统,包括:操作工程学和人为操作学参数获取模块:用于获取目标电力信息系统历史周期中各操作员工对应的操作工程学和人为操作学参数,操作工程学参数包括钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长,人为操作学参数包括操作系统错误率和违反安全规范频率,分析得到各操作员工对应的操作工程学评估系数和人为操作学评估系数。In a second aspect, the present invention provides an electric power information system detection system, comprising: an operation engineering and human operation parameters acquisition module: used to obtain the operation engineering and human operation parameters corresponding to each operating employee in the historical period of the target electric power information system, the operation engineering parameters include the click rate of phishing emails, the security incident reporting rate and the response time corresponding to each security incident, the human operation parameters include the operating system error rate and the frequency of violation of safety regulations, and the operation engineering evaluation coefficient and human operation evaluation coefficient corresponding to each operating employee are obtained by analysis.
安全意识影响因子获取模块:用于获取各操作员工对应的安全意识参数,安全意识参数包括安全培训频率和各次安全意识调查问卷分数,分析得到各操作员工对应的安全意识影响因子。Safety awareness influencing factor acquisition module: used to obtain the safety awareness parameters corresponding to each operating employee. The safety awareness parameters include the frequency of safety training and the scores of each safety awareness questionnaire. The safety awareness influencing factor corresponding to each operating employee is obtained through analysis.
综合信息系统操作评估系数获取模块:用于根据各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,分析得到各操作员工对应的综合信息系统操作评估系数,进而判断各操作员工对应的安全意识是否合格,并将安全意识不合格对应的各操作员工记为各待监督操作员工,进而对各待监督操作员工对应的操作安全目标和访问权限等级进行分析。Comprehensive information system operation evaluation coefficient acquisition module: used to analyze and obtain the corresponding comprehensive information system operation evaluation coefficient of each operating employee according to the corresponding operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness influencing factor of each operating employee, and then judge whether the corresponding safety awareness of each operating employee is qualified, and record the corresponding operating employees with unqualified safety awareness as operating employees to be supervised, and then analyze the corresponding operation safety goals and access permission levels of each operating employee to be supervised.
灾难恢复能力评估系数获取模块:用于在电力信息系统运行时,定期进行灾难恢复演练,进而获取各次灾难恢复演练对应的灾难恢复能力指标,灾难恢复能力指标包括系统备份频率、系统恢复成功率和系统恢复时长,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数。Disaster recovery capability assessment coefficient acquisition module: used to conduct disaster recovery drills regularly when the power information system is running, and then obtain the disaster recovery capability indicators corresponding to each disaster recovery drill. The disaster recovery capability indicators include system backup frequency, system recovery success rate and system recovery time. The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained by analysis.
灾难恢复能力判断模块:用于根据各次灾难恢复演练对应的灾难恢复能力评估系数,进而判断各次灾难恢复演练对应的灾难恢复能力是否合格。Disaster recovery capability judgment module: used to judge whether the disaster recovery capability corresponding to each disaster recovery drill is qualified based on the disaster recovery capability evaluation coefficient corresponding to each disaster recovery drill.
预警终端模块:用于当某操作员工对应的安全意识不合格和某次灾难恢复演练对应的灾难恢复能力不合格时,进行预警提示。Early warning terminal module: used to issue early warning prompts when the security awareness of a certain operating employee is not up to standard and the disaster recovery capability of a certain disaster recovery drill is not up to standard.
本发明的有益效果在于:1、本发明提供一种电力信息系统检测方法及系统,通过获取和分析操作员工的操作工程学和人为操作学参数,以及安全意识影响因子,可以全面评估操作员工的综合信息系统操作评估系数和安全意识是否合格,并对待监督操作员工进行分析和管理。同时,定期进行灾难恢复演练并评估灾难恢复能力指标,能够及时发现和提升系统的灾难恢复能力。综合而言,该方法能够全面保障电力信息系统的安全性,提高操作员工的安全意识和操作安全能力,从而确保系统的正常运行和安全性。The beneficial effects of the present invention are as follows: 1. The present invention provides an electric power information system detection method and system, which can comprehensively evaluate whether the comprehensive information system operation evaluation coefficient and safety awareness of the operating staff are qualified by acquiring and analyzing the operating engineering and human operating parameters, as well as the safety awareness influencing factors of the operating staff, and analyze and manage the operating staff to be supervised. At the same time, regular disaster recovery drills and evaluation of disaster recovery capability indicators can timely discover and improve the disaster recovery capability of the system. In summary, this method can comprehensively guarantee the security of the electric power information system, improve the safety awareness and operational safety capabilities of the operating staff, thereby ensuring the normal operation and safety of the system.
2、本发明实施例,通过获取操作员工的操作工程学、人为操作学和安全意识参数等,综合分析得到各操作员工的综合信息系统操作评估系数,全面评估操作员工的安全意识和操作能力,发现不合格的操作员工,进而进行监督和培训,提高操作员工的安全意识和操作能力,针对待监督操作员工,通过分析其操作安全目标和访问权限等级,限制其对系统的敏感数据和功能的访问权限,降低安全风险。2. The embodiment of the present invention obtains the operating engineering, human operation and safety awareness parameters of the operating staff, and comprehensively analyzes to obtain the comprehensive information system operation evaluation coefficient of each operating staff, comprehensively evaluates the safety awareness and operation ability of the operating staff, finds unqualified operating staff, and then supervises and trains them to improve the safety awareness and operation ability of the operating staff. For the operating staff to be supervised, by analyzing their operation security goals and access permission levels, their access rights to sensitive data and functions of the system are restricted to reduce security risks.
3、本发明实施例,通过定期进行灾难恢复演练,获取各次灾难恢复演练对应的灾难恢复能力指标,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数,从而评估系统的灾难恢复能力,及时发现和处理灾难事件,确保电力信息系统的稳定性和可靠性,对电力信息系统的操作员工进行全面评估和监督,限制其访问权限,定期进行灾难恢复演练,评估系统的灾难恢复能力等措施,可以提高电力信息系统的安全性和可靠性,保障电力系统的正常运行和数据安全。3. The embodiment of the present invention conducts disaster recovery drills regularly, obtains disaster recovery capability indicators corresponding to each disaster recovery drill, and analyzes the disaster recovery capability assessment coefficients corresponding to each disaster recovery drill, thereby evaluating the disaster recovery capability of the system, timely discovering and handling disaster events, ensuring the stability and reliability of the power information system, and comprehensively evaluating and supervising the operators of the power information system, restricting their access rights, conducting disaster recovery drills regularly, and evaluating the disaster recovery capability of the system. These measures can improve the security and reliability of the power information system and ensure the normal operation of the power system and data security.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings required for use in the embodiments or the description of the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative work.
图1为本发明方法实施步骤流程图。FIG1 is a flow chart of the implementation steps of the method of the present invention.
图2为本发明系统模块连接示意图。FIG. 2 is a schematic diagram showing the connection of system modules of the present invention.
具体实施方式DETAILED DESCRIPTION
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will be combined with the drawings in the embodiments of the present invention to clearly and completely describe the technical solutions in the embodiments of the present invention. Obviously, the described embodiments are only part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.
本发明实施例如图1所示,一种电力信息系统检测方法,包括:步骤一、操作工程学和人为操作学参数的获取:获取目标电力信息系统历史周期中各操作员工对应的操作工程学和人为操作学参数,操作工程学参数包括钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长,人为操作学参数包括操作系统错误率和违反安全规范频率,分析得到各操作员工对应的操作工程学评估系数和人为操作学评估系数。An embodiment of the present invention is shown in Figure 1, a power information system detection method, including: step one, obtaining operation engineering and human operation parameters: obtaining the operation engineering and human operation parameters corresponding to each operating employee in the historical period of the target power information system, the operation engineering parameters include the click rate of phishing emails, the security incident reporting rate and the response time corresponding to each security incident, the human operation parameters include the operating system error rate and the frequency of violation of safety regulations, and the operation engineering evaluation coefficient and human operation evaluation coefficient corresponding to each operating employee are obtained by analysis.
需要说明的是,通过监控系统记录所有发送给操作员工的邮件,并标记其中钓鱼邮件。然后记录各操作员工钓鱼邮件点击次数和总钓鱼邮件数量,钓鱼邮件点击率=钓鱼邮件点击次数/总钓鱼邮件数量,记录历史安全事件的发生情况,包括各操作员工安全事件报告次数和总发生的安全事件数量。安全事件报告率的计算方法为:安全事件报告次数/总发生的安全事件数量,记录各操作员工在发生安全事件后的反应时长,发生安全事件后的反应时长=处理事件的时间-安全事件发生的时间。It should be noted that the monitoring system records all emails sent to operating staff and marks phishing emails. Then the number of clicks on phishing emails by each operating staff and the total number of phishing emails are recorded. The phishing email click rate = the number of clicks on phishing emails / the total number of phishing emails. The occurrence of historical security incidents is recorded, including the number of security incident reports by each operating staff and the total number of security incidents. The calculation method of the security incident reporting rate is: the number of security incident reports / the total number of security incidents. The reaction time of each operating staff after the occurrence of a security incident is recorded. The reaction time after the occurrence of a security incident = the time to handle the incident - the time when the security incident occurred.
还需要说明的是,通过监控系统记录各操作员工在操作系统时发生的错误次数,错误次数包括误操作次数、系统配置错误次数等,通过系统日志或操作记录来获取这些信息,记录各操作员工违反安全规范的次数,安全规范的次数包括未按规定操作次数、绕过安全控制次数等。It should also be noted that the monitoring system records the number of errors that occur when each operator operates the system. The number of errors includes the number of incorrect operations, the number of system configuration errors, etc. This information is obtained through system logs or operation records, and the number of times each operator violates safety regulations is recorded. The number of safety regulations includes the number of operations that are not in accordance with regulations and the number of times security controls are bypassed.
在一个具体的实施例中,所述分析得到各操作员工对应的操作工程学评估系数,具体分析过程如下:将各操作员工对应的钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长分别记为、和,其中,表示各操作员工对应的编号,,u为大于2的任意整数,表示各安全事件对应的编号,,n为大于2的任意整数,代入计算公式中,得到各操作员工对应的操作工程学评估系数,其中,、、分别为设定的操作员工对应的标准钓鱼邮件点击率、标准安全事件报告率、安全事件对应的标准反应时长,、、分别为设定的操作员工钓鱼邮件点击率对应的权重因子、安全事件报告率对应的权重因子、安全事件反应时长对应的权重因子。In a specific embodiment, the analysis obtains the operation engineering evaluation coefficient corresponding to each operation employee. The specific analysis process is as follows: the phishing email click rate, security incident reporting rate and response time corresponding to each security incident corresponding to each operation employee are recorded as , and ,in, Indicates the number corresponding to each operating employee. , u is any integer greater than 2, Indicates the number corresponding to each security event. , n is any integer greater than 2, substitute it into the calculation formula The operation engineering evaluation coefficient corresponding to each operator is obtained ,in, , , They are the standard phishing email click rate, standard security incident reporting rate, and standard response time for security incidents corresponding to the set operating staff. , , They are the weight factors corresponding to the click rate of phishing emails sent by operating employees, the weight factors corresponding to the security incident reporting rate, and the weight factors corresponding to the security incident response time.
需要说明的是,、、均大于0且小于1。It should be noted that , , Both are greater than 0 and less than 1.
还需要说明的是,基于大量的研究数据和实验数据的总结。根据实验研究、经验和专业指南设定操作员工对应的标准钓鱼邮件点击率、标准安全事件报告率、安全事件对应的标准反应时长,同时,根据领域专家专业知识和研究的依据,并与领域专家进行讨论和确认。由专家可以根据自己的经验和知识设定操作员工钓鱼邮件点击率对应的权重因子、安全事件报告率对应的权重因子、安全事件反应时长对应的权重因子。It should also be noted that the summary is based on a large amount of research data and experimental data. According to experimental research, experience and professional guidelines, the standard phishing email click rate, standard security incident reporting rate and standard response time for security incidents for operating employees are set. At the same time, based on the professional knowledge and research basis of domain experts, and discussed and confirmed with domain experts, experts can set the weight factors corresponding to the phishing email click rate of operating employees, the weight factors corresponding to the security incident reporting rate and the weight factors corresponding to the security incident response time based on their own experience and knowledge.
在另一个具体的实施例中,所述分析得到各操作员工对应的人为操作学评估系数,具体分析过程如下:将各操作员工对应的操作系统错误率和违反安全规范频率分别记为和,代入计算公式中,得到各操作员工对应的人为操作学评估系数,其中,、分别为设定的操作员工对应的标准操作系统错误率、标准违反安全规范频率,、分别为设定的操作员工操作系统错误率对应的权重因子、违反安全规范频率对应的权重因子。In another specific embodiment, the analysis obtains the human operation evaluation coefficient corresponding to each operator. The specific analysis process is as follows: the operating system error rate and the safety specification violation frequency corresponding to each operator are respectively recorded as and , substitute into the calculation formula The human operation evaluation coefficient corresponding to each operator is obtained ,in, , They are the standard operating system error rate and standard safety violation frequency corresponding to the set operating staff. , They are the weight factors corresponding to the set operating system error rate of the operating staff and the weight factors corresponding to the frequency of violation of safety regulations.
需要说明的是,、均大于0且小于1。It should be noted that , Both are greater than 0 and less than 1.
还需要说明的是,基于大量的研究数据和实验数据的总结。根据实验研究、经验和专业指南设定操作员工对应的标准操作系统错误率、标准违反安全规范频率,同时,根据领域专家专业知识和研究的依据,并与领域专家进行讨论和确认。由专家可以根据自己的经验和知识设定操作员工操作系统错误率对应的权重因子、违反安全规范频率对应的权重因子。It should also be noted that the standard operating system error rate and standard safety specification violation frequency corresponding to the operator are set based on a large amount of research data and experimental data. At the same time, based on the professional knowledge and research basis of domain experts, and discussed and confirmed with domain experts, the experts can set the weight factors corresponding to the operating system error rate of the operator and the weight factors corresponding to the safety specification violation frequency based on their own experience and knowledge.
步骤二、安全意识影响因子的获取:获取各操作员工对应的安全意识参数,安全意识参数包括安全培训频率和各次安全意识调查问卷分数,分析得到各操作员工对应的安全意识影响因子。Step 2: Obtaining safety awareness influencing factors: Obtain the safety awareness parameters corresponding to each operating employee. The safety awareness parameters include the frequency of safety training and the scores of each safety awareness questionnaire. Analyze and obtain the safety awareness influencing factors corresponding to each operating employee.
在一个具体的实施例中,所述分析得到各操作员工对应的安全意识影响因子,具体分析过程如下:将各操作员工对应的安全培训频率和各次安全意识调查问卷分数分别记为和,其中,表示各次安全意识调查问卷对应的编号,,m为大于2的任意整数,代入计算公式中,得到各操作员工对应的安全意识影响因子,其中,、分别为设定的操作员工对应的标准安全培训频率、标准安全意识调查问卷分数,、分别为设定的操作员工安全培训频率对应的权重因子、安全意识调查问卷分数对应的权重因子。In a specific embodiment, the analysis obtains the safety awareness influencing factor corresponding to each operator. The specific analysis process is as follows: the safety training frequency and each safety awareness questionnaire score corresponding to each operator are recorded as and ,in, Indicates the number corresponding to each security awareness questionnaire, , m is any integer greater than 2, substitute it into the calculation formula The corresponding safety awareness influencing factors of each operator are obtained ,in, , They are the standard safety training frequency and standard safety awareness questionnaire scores corresponding to the set operating staff. , They are the weight factors corresponding to the set frequency of safety training for operating staff and the weight factors corresponding to the scores of the safety awareness questionnaire.
需要说明的是,、均大于0且小于1。It should be noted that , Both are greater than 0 and less than 1.
还需要说明的是,基于大量的研究数据和实验数据的总结。根据实验研究、经验和专业指南设定操作员工对应的标准安全培训频率、标准安全意识调查问卷分数,同时,根据领域专家专业知识和研究的依据,并与领域专家进行讨论和确认。由专家可以根据自己的经验和知识设定操作员工安全培训频率对应的权重因子、安全意识调查问卷分数对应的权重因子。It should also be noted that the standard safety training frequency and standard safety awareness questionnaire scores for operating employees are set based on a large amount of research data and experimental data. At the same time, based on the professional knowledge and research basis of field experts, and discussed and confirmed with field experts, experts can set the weight factors corresponding to the safety training frequency of operating employees and the weight factors corresponding to the safety awareness questionnaire scores based on their own experience and knowledge.
步骤三、综合信息系统操作评估系数的获取:根据各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,分析得到各操作员工对应的综合信息系统操作评估系数,进而判断各操作员工对应的安全意识是否合格,并将安全意识不合格对应的各操作员工记为各待监督操作员工,进而对各待监督操作员工对应的操作安全目标和访问权限等级进行分析。Step 3. Obtaining the comprehensive information system operation evaluation coefficient: According to the operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness influencing factor corresponding to each operation employee, analyze and obtain the comprehensive information system operation evaluation coefficient corresponding to each operation employee, and then judge whether the safety awareness corresponding to each operation employee is qualified, and record the operation employees with unqualified safety awareness as the operation employees to be supervised, and then analyze the operation safety goals and access permission levels corresponding to each operation employee to be supervised.
在一个具体的实施例中,所述分析得到各操作员工对应的综合信息系统操作评估系数,具体分析过程如下:将各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,代入计算公式中,得到各操作员工对应的综合信息系统操作评估系数,其中,、分别为设定的操作员工操作工程学评估系数对应的权重因子、人为操作学评估系数对应的权重因子,e表示自然常数。In a specific embodiment, the analysis obtains the comprehensive information system operation evaluation coefficient corresponding to each operator. The specific analysis process is as follows: Substitute the operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness impact factor corresponding to each operator into the calculation formula: The comprehensive information system operation evaluation coefficient corresponding to each operating employee is obtained ,in, , are the weight factors corresponding to the set operator operation engineering evaluation coefficient and the weight factors corresponding to the human operation evaluation coefficient, and e represents a natural constant.
需要说明的是,、均大于0且小于1。It should be noted that , Both are greater than 0 and less than 1.
还需要说明的是,根据领域专家专业知识和研究的依据,并与领域专家进行讨论和确认。由专家可以根据自己的经验和知识设定操作员工操作工程学评估系数对应的权重因子、人为操作学评估系数对应的权重因子。It should also be noted that, based on the professional knowledge and research basis of the domain experts, and after discussion and confirmation with the domain experts, the experts can set the weight factors corresponding to the operator's operation engineering evaluation coefficient and the weight factors corresponding to the human operation evaluation coefficient according to their own experience and knowledge.
在另一个具体的实施例中,所述判断各操作员工对应的安全意识是否合格,具体判断过程如下:将各操作员工对应的综合信息系统操作评估系数与设定的标准操作员工对应的综合信息系统操作评估系数进行对比,若某操作员工对应的综合信息系统操作评估系数小于设定的标准操作员工对应的综合信息系统操作评估系数,则判定该操作员工对应的安全意识不合格,若某操作员工对应的综合信息系统操作评估系数大于或者等于设定的标准操作员工对应的综合信息系统操作评估系数,则判定该操作员工对应的安全意识合格,以此方式,判断各操作员工对应的安全意识是否合格。In another specific embodiment, the determination of whether the safety awareness corresponding to each operating employee is qualified is specifically carried out as follows: comparing the comprehensive information system operation evaluation coefficient corresponding to each operating employee with the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee; if the comprehensive information system operation evaluation coefficient corresponding to an operating employee is smaller than the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee, then the safety awareness corresponding to the operating employee is determined to be unqualified; if the comprehensive information system operation evaluation coefficient corresponding to an operating employee is greater than or equal to the comprehensive information system operation evaluation coefficient corresponding to the set standard operating employee, then the safety awareness corresponding to the operating employee is determined to be qualified; in this way, it is determined whether the safety awareness corresponding to each operating employee is qualified.
在另一个具体的实施例中,所述对各待监督操作员工对应的操作安全目标和访问权限等级进行分析,具体分析过程如下:A1、将各待监督操作员工对应的综合信息系统操作评估系数与数据库中各操作安全目标对应的综合信息系统操作评估系数进行对比,若某待监督操作员工对应的综合信息系统操作评估系数与数据库中某操作安全目标对应的综合信息系统操作评估系数相同,则将数据库中该操作安全目标作为该待监督操作员工对应的操作安全目标,以此方式,对各待监督操作员工对应的操作安全目标进行分析,并将各待监督操作员工按照对应的操作安全目标进行监督。In another specific embodiment, the operational security goals and access permission levels corresponding to each supervised operating employee are analyzed, and the specific analysis process is as follows: A1. Compare the comprehensive information system operation evaluation coefficient corresponding to each supervised operating employee with the comprehensive information system operation evaluation coefficient corresponding to each operational security goal in the database. If the comprehensive information system operation evaluation coefficient corresponding to a certain operating employee to be supervised is the same as the comprehensive information system operation evaluation coefficient corresponding to a certain operational security goal in the database, then use the operational security goal in the database as the operational security goal corresponding to the operating employee to be supervised. In this way, the operational security goals corresponding to each supervised operating employee are analyzed, and each supervised operating employee is supervised according to the corresponding operational security goals.
A2、将各待监督操作员工对应的综合信息系统操作评估系数与数据库中各访问权限等级对应的综合信息系统操作评估系数进行对比,若某待监督操作员工对应的综合信息系统操作评估系数与数据库中某访问权限等级对应的综合信息系统操作评估系数相同,则将数据库中该访问权限等级作为该待监督操作员工对应的操作安全目标,以此方式,对各待监督操作员工对应的访问权限等级进行分析,并将各待监督操作员工设置成对应的访问权限等级。A2. Compare the comprehensive information system operation evaluation coefficient corresponding to each supervised operating employee with the comprehensive information system operation evaluation coefficient corresponding to each access permission level in the database. If the comprehensive information system operation evaluation coefficient corresponding to a certain operating employee to be supervised is the same as the comprehensive information system operation evaluation coefficient corresponding to a certain access permission level in the database, then use the access permission level in the database as the operation security target corresponding to the operating employee to be supervised. In this way, the access permission level corresponding to each operating employee to be supervised is analyzed, and each operating employee to be supervised is set to the corresponding access permission level.
本发明实施例,通过获取操作员工的操作工程学、人为操作学和安全意识参数等,综合分析得到各操作员工的综合信息系统操作评估系数,全面评估操作员工的安全意识和操作能力,发现不合格的操作员工,进而进行监督和培训,提高操作员工的安全意识和操作能力,针对待监督操作员工,通过分析其操作安全目标和访问权限等级,限制其对系统的敏感数据和功能的访问权限,降低安全风险。The embodiment of the present invention obtains the operating engineering, human operations and safety awareness parameters of the operating staff, conducts a comprehensive analysis to obtain the comprehensive information system operation evaluation coefficient of each operating staff, comprehensively evaluates the safety awareness and operation ability of the operating staff, finds unqualified operating staff, and then supervises and trains them to improve the safety awareness and operation ability of the operating staff. For the operating staff to be supervised, by analyzing their operation security goals and access permission levels, their access permissions to sensitive data and functions of the system are restricted, thereby reducing security risks.
步骤四、灾难恢复能力评估系数的获取:在电力信息系统运行时,定期进行灾难恢复演练,进而获取各次灾难恢复演练对应的灾难恢复能力指标,灾难恢复能力指标包括系统备份频率、系统恢复成功率和系统恢复时长,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数。Step 4. Obtaining the disaster recovery capability assessment coefficient: When the power information system is in operation, disaster recovery drills are conducted regularly to obtain the disaster recovery capability indicators corresponding to each disaster recovery drill. The disaster recovery capability indicators include system backup frequency, system recovery success rate and system recovery time. The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained through analysis.
在一个具体的实施例中,所述分析得到各次灾难恢复演练对应的灾难恢复能力评估系数,具体分析过程如下:将各次灾难恢复演练对应的系统备份频率、系统恢复成功率和系统恢复时长分别记为、和,其中,表示各次灾难恢复演练对应的编号,,p为大于2的任意整数,代入计算公式中,得到各次灾难恢复演练对应的灾难恢复能力评估系数,其中,、、分别为设定的灾难恢复演练对应的标准系统备份频率、标准系统恢复成功率、标准系统恢复时长,、、分别为设定的灾难恢复演练系统备份频率对应的权重因子、系统恢复成功率对应的权重因子、系统恢复时长对应的权重因子。In a specific embodiment, the analysis obtains the disaster recovery capability evaluation coefficient corresponding to each disaster recovery drill. The specific analysis process is as follows: the system backup frequency, system recovery success rate and system recovery duration corresponding to each disaster recovery drill are recorded as , and ,in, Indicates the number corresponding to each disaster recovery drill, , p is any integer greater than 2, substitute it into the calculation formula The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained ,in, , , They are the standard system backup frequency, standard system recovery success rate, and standard system recovery duration corresponding to the set disaster recovery drills. , , They are respectively the weight factor corresponding to the set disaster recovery drill system backup frequency, the weight factor corresponding to the system recovery success rate, and the weight factor corresponding to the system recovery duration.
需要说明的是,、、均大于0且小于1。It should be noted that , , Both are greater than 0 and less than 1.
还需要说明的是,基于大量的研究数据和实验数据的总结。根据实验研究、经验和专业指南设定灾难恢复演练对应的标准系统备份频率、标准系统恢复成功率、标准系统恢复时长,同时,根据领域专家专业知识和研究的依据,并与领域专家进行讨论和确认。由专家可以根据自己的经验和知识设定灾难恢复演练系统备份频率对应的权重因子、系统恢复成功率对应的权重因子、系统恢复时长对应的权重因子。It should also be noted that the standard system backup frequency, standard system recovery success rate, and standard system recovery duration corresponding to disaster recovery drills are set based on a large amount of research data and experimental data. At the same time, based on the professional knowledge and research basis of domain experts, and discussed and confirmed with domain experts, experts can set the weight factors corresponding to the disaster recovery drill system backup frequency, the system recovery success rate, and the system recovery duration based on their own experience and knowledge.
步骤五、灾难恢复能力的判断:根据各次灾难恢复演练对应的灾难恢复能力评估系数,进而判断各次灾难恢复演练对应的灾难恢复能力是否合格。Step 5: Determination of disaster recovery capability: Based on the disaster recovery capability assessment coefficient corresponding to each disaster recovery drill, determine whether the disaster recovery capability corresponding to each disaster recovery drill is qualified.
在一个具体的实施例中,所述判断各次灾难恢复演练对应的灾难恢复能力是否合格,具体判断过程如下:将各次灾难恢复演练对应的灾难恢复能力评估系数与设定的标准灾难恢复演练对应的灾难恢复能力评估系数进行对比,若某次灾难恢复演练对应的灾难恢复能力评估系数小于设定的标准灾难恢复演练对应的灾难恢复能力评估系数,则判定该次灾难恢复演练对应的灾难恢复能力不合格,若某次灾难恢复演练对应的灾难恢复能力评估系数大于或者等于设定的标准灾难恢复演练对应的灾难恢复能力评估系数,则判定该次灾难恢复演练对应的灾难恢复能力合格,以此方式,判断各次灾难恢复演练对应的灾难恢复能力是否合格。In a specific embodiment, the determination of whether the disaster recovery capability corresponding to each disaster recovery drill is qualified is performed as follows: the disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is compared with the disaster recovery capability assessment coefficient corresponding to a set standard disaster recovery drill. If the disaster recovery capability assessment coefficient corresponding to a disaster recovery drill is less than the disaster recovery capability assessment coefficient corresponding to the set standard disaster recovery drill, then the disaster recovery capability corresponding to the disaster recovery drill is determined to be unqualified. If the disaster recovery capability assessment coefficient corresponding to a disaster recovery drill is greater than or equal to the disaster recovery capability assessment coefficient corresponding to the set standard disaster recovery drill, then the disaster recovery capability corresponding to the disaster recovery drill is determined to be qualified. In this way, it is determined whether the disaster recovery capability corresponding to each disaster recovery drill is qualified.
本发明实施例,通过定期进行灾难恢复演练,获取各次灾难恢复演练对应的灾难恢复能力指标,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数,从而评估系统的灾难恢复能力,及时发现和处理灾难事件,确保电力信息系统的稳定性和可靠性,对电力信息系统的操作员工进行全面评估和监督,限制其访问权限,定期进行灾难恢复演练,评估系统的灾难恢复能力等措施,可以提高电力信息系统的安全性和可靠性,保障电力系统的正常运行和数据安全。The embodiment of the present invention conducts disaster recovery drills regularly, obtains disaster recovery capability indicators corresponding to each disaster recovery drill, and analyzes the disaster recovery capability evaluation coefficients corresponding to each disaster recovery drill, thereby evaluating the disaster recovery capability of the system, timely discovering and handling disaster events, ensuring the stability and reliability of the power information system, comprehensively evaluating and supervising the operating personnel of the power information system, restricting their access rights, conducting disaster recovery drills regularly, evaluating the disaster recovery capability of the system, and other measures can improve the security and reliability of the power information system and ensure the normal operation of the power system and data security.
本发明实施例如图2所示,一种电力信息系统检测系统,包括:操作工程学和人为操作学参数获取模块、安全意识影响因子获取模块、综合信息系统操作评估系数获取模块、灾难恢复能力评估系数获取模块、灾难恢复能力判断模块、预警终端模块和数据库。An embodiment of the present invention is shown in Figure 2, which is a power information system detection system, including: an operation engineering and human operation parameter acquisition module, a safety awareness influencing factor acquisition module, a comprehensive information system operation evaluation coefficient acquisition module, a disaster recovery capability evaluation coefficient acquisition module, a disaster recovery capability judgment module, an early warning terminal module and a database.
操作工程学和人为操作学参数获取模块:用于获取目标电力信息系统历史周期中各操作员工对应的操作工程学和人为操作学参数,操作工程学参数包括钓鱼邮件点击率、安全事件报告率和各安全事件对应的反应时长,人为操作学参数包括操作系统错误率和违反安全规范频率,分析得到各操作员工对应的操作工程学评估系数和人为操作学评估系数。Operational engineering and human operational parameters acquisition module: used to obtain the operational engineering and human operational parameters corresponding to each operating employee in the historical period of the target power information system. The operational engineering parameters include the click rate of phishing emails, the security incident reporting rate and the response time corresponding to each security incident. The human operational parameters include the operating system error rate and the frequency of violation of safety regulations. The operational engineering evaluation coefficient and human operational evaluation coefficient corresponding to each operating employee are obtained through analysis.
安全意识影响因子获取模块:用于获取各操作员工对应的安全意识参数,安全意识参数包括安全培训频率和各次安全意识调查问卷分数,分析得到各操作员工对应的安全意识影响因子。Safety awareness influencing factor acquisition module: used to obtain the safety awareness parameters corresponding to each operating employee. The safety awareness parameters include the frequency of safety training and the scores of each safety awareness questionnaire. The safety awareness influencing factor corresponding to each operating employee is obtained through analysis.
综合信息系统操作评估系数获取模块:用于根据各操作员工对应的操作工程学评估系数、人为操作学评估系数和安全意识影响因子,分析得到各操作员工对应的综合信息系统操作评估系数,进而判断各操作员工对应的安全意识是否合格,并将安全意识不合格对应的各操作员工记为各待监督操作员工,进而对各待监督操作员工对应的操作安全目标和访问权限等级进行分析。Comprehensive information system operation evaluation coefficient acquisition module: used to analyze and obtain the corresponding comprehensive information system operation evaluation coefficient of each operating employee according to the corresponding operation engineering evaluation coefficient, human operation evaluation coefficient and safety awareness influencing factor of each operating employee, and then judge whether the corresponding safety awareness of each operating employee is qualified, and record the corresponding operating employees with unqualified safety awareness as operating employees to be supervised, and then analyze the corresponding operation safety goals and access permission levels of each operating employee to be supervised.
灾难恢复能力评估系数获取模块:用于在电力信息系统运行时,定期进行灾难恢复演练,进而获取各次灾难恢复演练对应的灾难恢复能力指标,灾难恢复能力指标包括系统备份频率、系统恢复成功率和系统恢复时长,分析得到各次灾难恢复演练对应的灾难恢复能力评估系数。Disaster recovery capability assessment coefficient acquisition module: used to conduct disaster recovery drills regularly when the power information system is running, and then obtain the disaster recovery capability indicators corresponding to each disaster recovery drill. The disaster recovery capability indicators include system backup frequency, system recovery success rate and system recovery time. The disaster recovery capability assessment coefficient corresponding to each disaster recovery drill is obtained by analysis.
灾难恢复能力判断模块:用于根据各次灾难恢复演练对应的灾难恢复能力评估系数,进而判断各次灾难恢复演练对应的灾难恢复能力是否合格。Disaster recovery capability judgment module: used to judge whether the disaster recovery capability corresponding to each disaster recovery drill is qualified based on the disaster recovery capability evaluation coefficient corresponding to each disaster recovery drill.
预警终端模块:用于当某操作员工对应的安全意识不合格和某次灾难恢复演练对应的灾难恢复能力不合格时,进行预警提示。Early warning terminal module: used to issue early warning prompts when the security awareness of a certain operating employee is not up to standard and the disaster recovery capability of a certain disaster recovery drill is not up to standard.
本发明提供一种电力信息系统检测方法及系统,通过获取和分析操作员工的操作工程学和人为操作学参数,以及安全意识影响因子,可以全面评估操作员工的综合信息系统操作评估系数和安全意识是否合格,并对待监督操作员工进行分析和管理。同时,定期进行灾难恢复演练并评估灾难恢复能力指标,能够及时发现和提升系统的灾难恢复能力。综合而言,该方法能够全面保障电力信息系统的安全性,提高操作员工的安全意识和操作安全能力,从而确保系统的正常运行和安全性。The present invention provides a power information system detection method and system. By acquiring and analyzing the operation engineering and human operation parameters of the operating staff, as well as the safety awareness influencing factors, it is possible to comprehensively evaluate whether the comprehensive information system operation evaluation coefficient and safety awareness of the operating staff are qualified, and analyze and manage the operating staff to be supervised. At the same time, regular disaster recovery drills and evaluation of disaster recovery capability indicators can timely discover and improve the disaster recovery capability of the system. In summary, this method can comprehensively guarantee the security of the power information system, improve the safety awareness and operational safety capabilities of the operating staff, thereby ensuring the normal operation and safety of the system.
以上内容仅仅是对本发明的构思所作的举例和说明,所属本技术领域的技术人员对所描述的具体实施例做各种各样的修改或补充或采用类似的方式替代,只要不偏离发明的构思或者超越本说明书所定义的范围,均应属于本发明的保护范围。The above contents are merely examples and explanations of the concept of the present invention. The technicians in this technical field may make various modifications or additions to the specific embodiments described or replace them in a similar manner. As long as they do not deviate from the concept of the invention or exceed the scope defined in this specification, they should all fall within the protection scope of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411117387.9ACN118643503B (en) | 2024-08-15 | 2024-08-15 | A method and system for detecting electric power information system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202411117387.9ACN118643503B (en) | 2024-08-15 | 2024-08-15 | A method and system for detecting electric power information system |
| Publication Number | Publication Date |
|---|---|
| CN118643503Atrue CN118643503A (en) | 2024-09-13 |
| CN118643503B CN118643503B (en) | 2024-10-25 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202411117387.9AActiveCN118643503B (en) | 2024-08-15 | 2024-08-15 | A method and system for detecting electric power information system |
| Country | Link |
|---|---|
| CN (1) | CN118643503B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070061009A (en)* | 2005-12-08 | 2007-06-13 | 한국전자통신연구원 | Security risk management system and method |
| US20080047016A1 (en)* | 2006-08-16 | 2008-02-21 | Cybrinth, Llc | CCLIF: A quantified methodology system to assess risk of IT architectures and cyber operations |
| US8478708B1 (en)* | 2009-07-30 | 2013-07-02 | Zscaler, Inc. | System and method for determining risk posed by a web user |
| US20160330219A1 (en)* | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
| CN106650975A (en)* | 2017-02-27 | 2017-05-10 | 云南青才信息科技有限公司 | Timing training system for motor vehicle drivers |
| CN116489176A (en)* | 2023-04-20 | 2023-07-25 | 苏州琨山通用锁具有限公司 | Private cloud storage server system of intelligent lock |
| KR102608923B1 (en)* | 2023-09-12 | 2023-12-01 | 주식회사 엔키 | Apparatus and method of valuation for security vulnerability |
| CN118118212A (en)* | 2023-12-18 | 2024-05-31 | 上海麦杰科技股份有限公司 | Industrial Internet intrusion detection early warning system with intelligent edge |
| WO2024156170A1 (en)* | 2023-06-01 | 2024-08-02 | Zte Corporation | Method, device and computer program product for network security evaluation |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20070061009A (en)* | 2005-12-08 | 2007-06-13 | 한국전자통신연구원 | Security risk management system and method |
| US20080047016A1 (en)* | 2006-08-16 | 2008-02-21 | Cybrinth, Llc | CCLIF: A quantified methodology system to assess risk of IT architectures and cyber operations |
| US8478708B1 (en)* | 2009-07-30 | 2013-07-02 | Zscaler, Inc. | System and method for determining risk posed by a web user |
| US20160330219A1 (en)* | 2015-05-04 | 2016-11-10 | Syed Kamran Hasan | Method and device for managing security in a computer network |
| CN106650975A (en)* | 2017-02-27 | 2017-05-10 | 云南青才信息科技有限公司 | Timing training system for motor vehicle drivers |
| CN116489176A (en)* | 2023-04-20 | 2023-07-25 | 苏州琨山通用锁具有限公司 | Private cloud storage server system of intelligent lock |
| WO2024156170A1 (en)* | 2023-06-01 | 2024-08-02 | Zte Corporation | Method, device and computer program product for network security evaluation |
| KR102608923B1 (en)* | 2023-09-12 | 2023-12-01 | 주식회사 엔키 | Apparatus and method of valuation for security vulnerability |
| CN118118212A (en)* | 2023-12-18 | 2024-05-31 | 上海麦杰科技股份有限公司 | Industrial Internet intrusion detection early warning system with intelligent edge |
| Title |
|---|
| 陈国华;梁韬;张华文;: "城域承灾能力评估研究及其应用", 安全与环境学报, no. 02, 15 April 2008 (2008-04-15), pages 156 - 162* |
| 陈秀真;吴越;李建华;: "车载信息系统的安全测评体系及方法", 信息安全学报, no. 02, 15 April 2017 (2017-04-15), pages 15 - 23* |
| Publication number | Publication date |
|---|---|
| CN118643503B (en) | 2024-10-25 |
| Publication | Publication Date | Title |
|---|---|---|
| Yang et al. | Anomaly-based intrusion detection for SCADA systems | |
| CN113434866B (en) | Unified risk quantitative evaluation method for instrument function safety and information safety strategies | |
| CN119449432B (en) | A network data risk assessment system for computers | |
| CN106020154A (en) | Safe dynamic health assessment method and assessment system for ethylene production | |
| CN115378711B (en) | Intrusion detection method and system for industrial control network | |
| CN118972181B (en) | A deep learning-based intelligent transportation network intrusion detection method and system | |
| CN119885184A (en) | Power grid enterprise power data storage security risk assessment system | |
| CN117879961A (en) | Threat early warning analysis model of situation awareness system | |
| CN118095823A (en) | A factor-correlated security risk assessment method for power Internet of Things | |
| CN119544381A (en) | A large-scale network security defense system based on collaborative intrusion detection | |
| CN119135448B (en) | Network class security evaluation information processing method and system | |
| CN120165916A (en) | Internet of things control system and safety early warning method | |
| CN104601567B (en) | A kind of indexing security measure method excavated based on information network security of power system event | |
| CN118410499B (en) | Test system based on artificial intelligence large model | |
| CN118643503B (en) | A method and system for detecting electric power information system | |
| CN119272289A (en) | Data security risk assessment method based on model building | |
| CN114266365A (en) | A network security situational awareness method based on information fusion of primary and secondary systems in substations | |
| CN109376876A (en) | A kind of highway device intelligence cruising inspection system | |
| CN117614991B (en) | Intelligent seal cabinet based on remote control | |
| CN118378891A (en) | Power distribution network security risk assessment method and system based on strategy association | |
| CN114331029B (en) | A method and system for analyzing operation and maintenance risks of power monitoring system | |
| Cao et al. | A Novel Method of Network Security Measurement Based on Indicators | |
| Salazar et al. | Monitoring Approaches for Security and Safety Analysis: Application to a Load Position System. | |
| CN120493988B (en) | Method for enhancing robustness of artificial intelligence system | |
| CN118174957B (en) | A network security online real-time monitoring system based on big data |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |