电力信息系统安全基线测试方法研究
|
摘要
在综合考察了电力信息系统网络布局和安全现状的基础上结合ISO27001国际标准提出了基于安全基线的电力企业信息系统安全框架。该框架将电力信息系统面临的复杂环境分成网络设备、主机、数据库、中间件和应用系统几个关键部分,着眼于关键部分分别设定了安全基线从而消除大部分安全隐患。整个框架强调了系统上线后的日常维护和人员活动在整个安全体系中的重要性,将原来仅从单一的计算机网络角度出发的安全措施拓展成为技术加管理的安全框架使安全措施更加全面。
Based on the comprehensive inspection of electric power information system network layout and security status quo,and combined with IS027001 international standards,this paper formulates the electric power enterprise information system security framework bsed on security baseline.The framework divides the complex environment of electric power information system into several key parts;network devices,the host,database,middleware and application system.With a focus on the key parts,the safe security baselines are set up respectively in order to eliminate most of the potential security hazards.The framework highlights the importance of online system daily maintenance and operator activities in the whole security system,achieving more comprehensive security measures by developing the original security measure only from the perspective of a single computer network into a technology-management integrated security framework.
Based on the comprehensive inspection of electric power information system network layout and security status quo,and combined with IS027001 international standards,this paper formulates the electric power enterprise information system security framework bsed on security baseline.The framework divides the complex environment of electric power information system into several key parts;network devices,the host,database,middleware and application system.With a focus on the key parts,the safe security baselines are set up respectively in order to eliminate most of the potential security hazards.The framework highlights the importance of online system daily maintenance and operator activities in the whole security system,achieving more comprehensive security measures by developing the original security measure only from the perspective of a single computer network into a technology-management integrated security framework.
引文
[1]辛耀中.新世纪电网调度自动化技术发展趋势[J].电网技术,2001,25(12):1-10.XIN Yao-zhong.Development trend of power system dispatching automation in 21st century[J].Power System Technology,2001,25(12):1-10.
[2]胡炎,谢小荣,韩英泽.等.电力信息系统安全体系设计方法综述[J].电网技术2005,29(1):35-39HU Yan.XlE Xiao-rong,HAN Ying-duo,et al.A survey to design method of security architecture for power information systems[J].Power System Technology,2005,29(1):35-39
[3]胡炎,董名垂,韩英泽.电力工业信息安全的思考[J].电力系统自动化.2002,26(7):1-4.HU Yan.DONG Ming-chui,HAN Ying-duo.Consideration of information security for electric power industry[J].Automation of Electric Power Systems,2002,26(7):1-4.
[4]戚宇林,刘文颖,杨以涵,等.电力信息的网络化传输是电力系统安全的重要保证[J].电网技术,2004,28(9):58-61.QI Yu-lin,LIU Wen-ying,YANG Yi-han,et al.Ensuring power security by networking transmission of electric power information[J].Power System Technology,2004,28(9).58-61.
[5]陈郑平,王先培,王泉德,等.弹性文件系统在电力信息系统中的应用[J].电网技术,2005,29(13):80-84CHEN Zheng-ping,WANG Xian-pei,WANG Quan-de,et al.Application of resilient file system in power information system[J].Power System Technology,2005,29(13):80-84.
[6]周士跃,王劲松,金小达.地区供电网调度实时数据网络安全分析及对策[J].电网技术,2003,27(10):52-55.ZHOU Shi-yue,WANG Jin-song,JIN Xiao-da.Security analysis and countermeasures of real-time dispatching data network for regional power supply network[J].Power System Technology,2003,27(10):52-55.
[7]陈思勤.华能上海石洞口第二电厂实时系统安全分析及防护对策[J].电网技术,2004,28(11):72-75.CHEN Si-qin.Security analysis of real-time systems in Huaneng Shanghai Shidongkou No.2 power plant and their protection measures[J].Power System Technology,2004,28(11):72-75.
[8]周亮,刘开培,李俊娥.一种安全的电力系统计算机网络构建方案[J].电网技术,2004,28(23):71-75.ZHOU Liang,LIU Kai.LI Jun-e.A comprehensive project to construct secure computer network for power system[J].Power System Technology,2004,28(23),71-75.
[9]胡炎,谢小荣,辛耀中.电力信息系统现有安全设计方法分析比较[J].电网技术,2006,30(4):35-39HU Yan.XTE Xiao-rong,XIN Yao-zhong.Analysis and comparison of existing security design methods for power information system[J].Power System Technology,2006,30(4),35-39.
[10]张曾科.模糊数学在自动化技术中的应用[M].北京;清华大学出版社,1997.
[11]丛琳,李志民,潘明惠,等.基于模糊综合评判法的电力网络信息系统安全评估[J].电力系统自动化,2004,28(12):65-69.
[12]李志民,丛琳,郑颖,等.基于SSE-CMM的电力信息安全工程评估[J].电力系统自动化,2003,23(27):37-40.
[13]关义章,等.信息系统安全工程学[M].北京:电子工业出版社,2002.
[2]胡炎,谢小荣,韩英泽.等.电力信息系统安全体系设计方法综述[J].电网技术2005,29(1):35-39HU Yan.XlE Xiao-rong,HAN Ying-duo,et al.A survey to design method of security architecture for power information systems[J].Power System Technology,2005,29(1):35-39
[3]胡炎,董名垂,韩英泽.电力工业信息安全的思考[J].电力系统自动化.2002,26(7):1-4.HU Yan.DONG Ming-chui,HAN Ying-duo.Consideration of information security for electric power industry[J].Automation of Electric Power Systems,2002,26(7):1-4.
[4]戚宇林,刘文颖,杨以涵,等.电力信息的网络化传输是电力系统安全的重要保证[J].电网技术,2004,28(9):58-61.QI Yu-lin,LIU Wen-ying,YANG Yi-han,et al.Ensuring power security by networking transmission of electric power information[J].Power System Technology,2004,28(9).58-61.
[5]陈郑平,王先培,王泉德,等.弹性文件系统在电力信息系统中的应用[J].电网技术,2005,29(13):80-84CHEN Zheng-ping,WANG Xian-pei,WANG Quan-de,et al.Application of resilient file system in power information system[J].Power System Technology,2005,29(13):80-84.
[6]周士跃,王劲松,金小达.地区供电网调度实时数据网络安全分析及对策[J].电网技术,2003,27(10):52-55.ZHOU Shi-yue,WANG Jin-song,JIN Xiao-da.Security analysis and countermeasures of real-time dispatching data network for regional power supply network[J].Power System Technology,2003,27(10):52-55.
[7]陈思勤.华能上海石洞口第二电厂实时系统安全分析及防护对策[J].电网技术,2004,28(11):72-75.CHEN Si-qin.Security analysis of real-time systems in Huaneng Shanghai Shidongkou No.2 power plant and their protection measures[J].Power System Technology,2004,28(11):72-75.
[8]周亮,刘开培,李俊娥.一种安全的电力系统计算机网络构建方案[J].电网技术,2004,28(23):71-75.ZHOU Liang,LIU Kai.LI Jun-e.A comprehensive project to construct secure computer network for power system[J].Power System Technology,2004,28(23),71-75.
[9]胡炎,谢小荣,辛耀中.电力信息系统现有安全设计方法分析比较[J].电网技术,2006,30(4):35-39HU Yan.XTE Xiao-rong,XIN Yao-zhong.Analysis and comparison of existing security design methods for power information system[J].Power System Technology,2006,30(4),35-39.
[10]张曾科.模糊数学在自动化技术中的应用[M].北京;清华大学出版社,1997.
[11]丛琳,李志民,潘明惠,等.基于模糊综合评判法的电力网络信息系统安全评估[J].电力系统自动化,2004,28(12):65-69.
[12]李志民,丛琳,郑颖,等.基于SSE-CMM的电力信息安全工程评估[J].电力系统自动化,2003,23(27):37-40.
[13]关义章,等.信息系统安全工程学[M].北京:电子工业出版社,2002.