首页 > 资料专栏 > 论文 > 经营论文 > 风险管理论文 > MBA毕业论文_网新疆电力公司营销系统网络安全风险管理研究PDF

MBA毕业论文_网新疆电力公司营销系统网络安全风险管理研究PDF

资料大小:1967KB(压缩后)
文档格式:PDF
资料语言:中文版/英文版/日文版
解压密码:m448
更新时间:2022/4/10(发布于浙江)

类型:金牌资料
积分:--
推荐:升级会员

   点此下载 ==>> 点击下载文档


文本描述
I 摘要 网络安全问题伴随着互联网的发展逐渐暴露在人们面前,电力是关系国计民 生的关键基础行业,电力系统作为国家关键信息基础设施,它的安全与否对国家 经济和社会稳定有着重大影响。找出系统面临的主要风险点,提升整体网络安全 风险管理能力,对保障系统整体安全具有重大的意义。 本论文针对国网新疆电力公司营销系统开展网络安全风险管理研究,找出当 前营销系统网络安全风险管理面临的突出问题并给出处置建议,提升营销系统网 络安全风险防范能力。为了开展该研究,主要做了以下工作: (1)对国网新疆电力公司营销系统网络安全现状进行分析,将现状情况划分 为管理、业务运维、网络安全技术三大部分进行重点分析,经分析国网新疆电力 公司营销系统存在管理类、技术类或新技术发展而带来的其它未知安全隐患,说 明亟需找到主要风险点,有效行风险管理。 (2)建立基于人员架构的管理、业务运维及网络技术防护三个层面的风险识 别框架,并与风险三要素即资产、威胁、脆弱性进行对应,按照风险管理流程, 构建静态评估模型。 (3)基于国网公司管理规定等规范,结合常规评估风险点,构建风险识别表, 共计对三大类33小类风险项进行识别,明确识别方法。 (4)开展国网新疆电力公司营销系统风险分析工作。利用事件树分析法,按 照风险识别表的识别项,确定各项之间的关联关系,确定各风险项顶上事件,绘 制事件树,并对所有风险点进行权重分析,最终完成风险评估,找到主要风险点。 (5)最后针对主要风险点,提出风险处置意见。 通过研究证明,本文提出的方法可以有效的找到国网新疆电力公司的营销系 统网络安全主要风险点,从而针对性的提出风险处置意见进。为提升网络安全风 险管理提供一定参考价值。 关键字:网络安全;营销系统;事件树;风险管理;新疆电力 Abstract II Abstract WiththedevelopmentoftheInternet,theissueofnetworksecurityisgradually exposedtopeople.Electricityisakeybasicindustryrelatedtonationaleconomyand people'slivelihood.Asthekeyinformationinfrastructureofthecountry,thesafetyof thepowersystemhasasignificantimpactonthenationaleconomyandsocialstability. Findingoutthemainriskpointsfacingthesystemandimprovingtheoverallnetwork securityriskmanagementcapabilitiesareofgreatsignificanceforensuringtheoverall securityofthesystem. Thisthesisconductsresearchoncybersecurityriskmanagementforthemarketing systemofStateGridXinjiangElectricPowerCompany,findsouttheoutstanding problemsfacedbycybersecurityriskmanagementinthecurrentmarketingsystemand givessuggestionsfordisposal,andimprovestheabilityofthemarketingsystemto preventcybersecurityrisks.Inordertocarryoutthestudy,thefollowingworkwas mainlydone: (1)AnalyzethenetworksecuritystatusoftheStateGridXinjiangElectricPower Company'smarketingsystem,dividethestatusquointothreeparts:management, businessoperationandmaintenance,andnetworksecuritytechnologyforkeyanalysis. Afteranalysis,theStateGridXinjiangElectricPowerCompany'smarketingsystemhas managementcategories,Otherunknownhiddendangerscausedbythedevelopmentof technologyornewtechnologies,indicatingthatitisurgenttofindthemainriskpoints andeffectivelyimplementriskmanagement. (2)Establishathree-levelriskidentificationframeworkbasedonpersonnel structuremanagement,businessoperationandmaintenance,andnetworktechnology protection,andcorrespondtothethreeriskelements,namelyassets,threats,and vulnerabilities,andbuildastaticevaluationmodelaccordingtotheriskmanagement process. (3)BasedontheregulationsoftheStateGridCorporationandotherregulations, combinedwiththeroutineassessmentofriskpoints,ariskidentificationtableis constructed,andatotalof33sub-categoryriskitemsareidentified,andthe identificationmethodisclear. Abstract III (4)CarryoutriskanalysisofmarketingsystemofStateGridXinjiangElectric PowerCompany.Usingtheeventtreeanalysismethod,accordingtotheidentification itemsoftheriskidentificationtable,determinethecorrelationbetweeneachitem, determinethetopeventofeachriskitem,drawtheeventtree,andperformweight analysisonallriskpoints,andfinallycompletetheriskassessmentandfindMainrisk points. (5)Finally,putforwardriskdisposalopinionsforthemainriskpoints. Theresearchprovesthatthemethodproposedinthispapercaneffectivelyfindthe mainriskpointsofthenetworksecurityoftheStateGridXinjiangElectricPower Company'smarketingsystem,soastoputforwardrisktreatmentsuggestions.Providea certainreferencevalueforimprovingnetworksecurityriskmanagement. Keywords:networksecurity;marketingsystem;eventtree;riskmanagement; Xinjiangelectricity 目录 IV 目录 第1章绪论.....................................................................................................................1 1.1研究背景及意义...................................................................................................1 1.1.1研究背景.......................................................................................................1 1.1.2研究意义.......................................................................................................1 1.2国内外研究现状...................................................................................................2 1.2.1国外研究现状...............................................................................................2 1.2.2国内研究现状...............................................................................................4 1.2.3文献述评.......................................................................................................5 1.3研究内容及方法...................................................................................................6 1.3.1研究内容.......................................................................................................6 1.3.2研究方法.......................................................................................................7 1.4本章小结...............................................................................................................7 第2章相关基本理论分析.............................................................................................9 2.1网络安全...............................................................................................................9 2.1.1网络安全概念...............................................................................................9 2.1.2网络安全目标.............................................................................................10 2.1.3网络安全分类.............................................................................................10 2.2风险管理.............................................................................................................11 2.2.1风险管理概念及特点.................................................................................11 2.2.2风险管理过程.............................................................................................12 2.2.3风险分析方法.............................................................................................12 2.2.4风险评估流程.............................................................................................12 2.2.5风险处置措施.............................................................................................13 2.3事件树分析法.....................................................................................................14 2.3.1事件树分析法概念.....................................................................................14 2.3.2事件树绘制原则.........................................................................................14 2.3.3最小割集法.................................................................................................14 2.4本章小结.............................................................................................................15 目录 V 第3章电力营销系统网络安全现状...........................................................................16 3.1电力营销业务内容及其特殊性.........................................................................16 3.1.1电力营销业务内容.....................................................................................16 3.1.2电力营销业务的特殊性.............................................................................16 3.2管理现状.............................................................................................................17 3.3业务运维现状...