证券网络安全事件应急响应评价研究  

作　　者：朱嶷东 薛质[2] 王洪涛 刘宏 吴晨炜 胡广跃 Zhu Yidong;Xue Zhi;Wang Hongtao;Liu Hong;Wu Chenwei;Hu Guangyue(Sinolink Securities Co.,Ltd.,Shanghai 201204;School of Cyber Science and Engineering,Shanghai Jiao Tong University,Shanghai 200240;HAITONG Securities Co.,Ltd.,Shanghai 200001;Everbright Securities Co.,Ltd.,Shanghai 200040)

机构地区：[1]国金证券股份有限公司,上海201204 [2]上海交通大学网络空间安全学院,上海200240 [3]海通证券股份有限公司,上海200001 [4]光大证券股份有限公司,上海200040

出　　处：《信息安全研究》2024年第4期368-376,共9页Journal of Information Security Research

基　　金：国家重点研发计划项目(2021YFB3102000);智慧广电网络安全生态创新研究国家广播电视总局实验室项目(TXX20200001ZSB001);上海交大奇安信“信息系统安全”联合实验室项目。

摘　　要：网络安全事件应急响应横跨多部门、涉及多层次、覆盖多范围,已成为常态化安全运营中关键链路环节,是证券业务稳定安全运行保障的重要核心支撑.针对证券业传统应急响应能力评价指标不统一且过于主观问题,提出了包含检测响应、止损阻断、分析溯源、清除恢复、加固复验的网络安全事件应急响应流程,涵盖工具运用、日志覆盖、人员技能、职责分工、通报处置、宣传教育指标体系的三级评价模型,运用模糊层次分析法确定各层次指标权重,采用专家判断方法建立评价指标集,引入模糊灰色综合评价方法对证券行业网络安全事件应急响应能力进行评价,并通过实例验证对指标数据进行分析汇总,实现了评价指标的量化展示.The emergency response to cyber security events,spanning multiple departments,covering various levels and scopes,has become a crucial link in routine security operations,serving as a key pillar for ensuring the stable and secure operation of the securities industry.Addressing the issue of inconsistent and overly subjective traditional emergency response capability evaluation indicators in the securities industry,this paper proposes a cyber security incident emergency response process.This process includes detection response,loss prevention and blockage,source analysis,recovery,and reinforcement.The proposed evaluation model covers three tiers,encompassing tools utilization,log coverage,personnel skills,task distribution,notification handling,and publicity education.The fuzzy hierarchical analysis method is employed to determine the weight of each level indicator,while the expert judgment method is used to establish the evaluation indicator set.The fuzzy grey comprehensive evaluation method is introduced to assess the capability of emergency response to cyber security incidents in the securities industry.Through case validation and data analysis summary,the paper achieves quantitative demonstration of the evaluationindicators.

关 键 词：网络安全事件应急响应 专家判断方法 模糊层次分析方法 模糊灰色综合评价方法 证券业 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]