[go: up one dir, main page]

CN111984999A - A safety management and control method and system for a power failure emergency repair system - Google Patents

A safety management and control method and system for a power failure emergency repair system Download PDF

Info

Publication number
CN111984999A
CN111984999A CN202010844440.0A CN202010844440A CN111984999A CN 111984999 A CN111984999 A CN 111984999A CN 202010844440 A CN202010844440 A CN 202010844440A CN 111984999 A CN111984999 A CN 111984999A
Authority
CN
China
Prior art keywords
user
safety
service data
power failure
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010844440.0A
Other languages
Chinese (zh)
Other versions
CN111984999B (en
Inventor
曾繁孝
吴清
王肖珊
陈习
王建东
吴天杰
赵凤德
赵占山
韩博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hainan Electric Power Industry Development Co ltd
Information Communication Branch of Hainan Power Grid Co Ltd
Original Assignee
Hainan Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hainan Power Grid Co Ltd filed Critical Hainan Power Grid Co Ltd
Priority to CN202010844440.0A priority Critical patent/CN111984999B/en
Publication of CN111984999A publication Critical patent/CN111984999A/en
Application granted granted Critical
Publication of CN111984999B publication Critical patent/CN111984999B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Human Resources & Organizations (AREA)
  • Water Supply & Treatment (AREA)
  • General Business, Economics & Management (AREA)
  • Databases & Information Systems (AREA)
  • Marketing (AREA)
  • Tourism & Hospitality (AREA)
  • Public Health (AREA)
  • Strategic Management (AREA)
  • Primary Health Care (AREA)
  • Automation & Control Theory (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明公开了一种电力故障抢修系统的安全管控方法及系统,该方法包括:根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,当数据交换时,对业务数据进行安全等级判断并过滤;根据需求将电力故障抢修指挥平台的物理层划分为不同区,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略;获取不同区的业务数据,从可用的业务数据中获取各种日志,并生成审计报表;根据用户角色、地理位置及不同区的安全等级进行访问权限的分配,并根据用户操作日志调整用户的访问权限。通过实施本发明,保障了电力故障抢修指挥平台的安全运行,以及业务数据的安全。

Figure 202010844440

The invention discloses a safety management and control method and system for a power failure emergency repair system. The method includes: physically isolating the power failure emergency repair command platform according to the application environment of the power failure emergency repair command platform, the safety risk assessment result and the flow of business data; When exchanging, judge and filter the security level of business data; divide the physical layer of the power failure emergency repair command platform into different areas according to requirements, and formulate access control policies for each area according to user roles and business data flow between areas; Business data in different areas, obtain various logs from available business data, and generate audit reports; assign access rights according to user roles, geographic locations and security levels in different areas, and adjust user access rights according to user operation logs . By implementing the present invention, the safe operation of the power failure emergency repair command platform and the safety of business data are guaranteed.

Figure 202010844440

Description

一种电力故障抢修系统的安全管控方法及系统A safety management and control method and system for a power failure emergency repair system

技术领域technical field

本发明涉及电力抢修作业终端安全管控领域,具体涉及一种电力故障抢修系统的安全管控方法及系统。The invention relates to the field of safety management and control of power emergency repair operation terminals, in particular to a safety management and control method and system for a power failure emergency repair system.

背景技术Background technique

通过智能移动终端技术构建电力故障抢修指挥平台,实现电网故障信息在智能移动终端的全景多维展示,能有效克服现有办公方式中的局限性,提高管理水平和工作效率,帮助各级管理者和运行人员“随时随地”掌握电网运行状态,实现多元化办公。由于电力故障抢修指挥平台作为电力应急抢修的重要支撑平台,其中涉及到的相关业务系统非常的多,而且其中包括了很多重要的企业信息和数据,所以对于电力故障抢修指挥平台的安全管控提出了很高的要求。因此,如何对电力故障抢修指挥平台进行安全管控以保障系统的安全成为了电力故障抢修指挥平台必须要解决的问题。Building a command platform for emergency repair of power failures through intelligent mobile terminal technology to achieve panoramic multi-dimensional display of power grid fault information in intelligent mobile terminals, which can effectively overcome the limitations of existing office methods, improve management level and work efficiency, and help managers at all levels and Operators can grasp the operation status of the power grid "anytime, anywhere", and realize diversified office work. As the power failure emergency repair command platform is an important support platform for power emergency repair, it involves a lot of related business systems, and includes a lot of important enterprise information and data. Therefore, the safety management and control of the power failure emergency repair command platform is proposed. Very demanding. Therefore, how to safely manage and control the power failure emergency repair command platform to ensure the safety of the system has become a problem that must be solved by the power failure emergency repair command platform.

发明内容SUMMARY OF THE INVENTION

因此,本发明要解决的技术问题在于克服现有技术中的难以对电力故障抢修指挥平台进行安全管控的缺陷,从而提供一种电力故障抢修系统的安全管控方法及系统。Therefore, the technical problem to be solved by the present invention is to overcome the defect in the prior art that it is difficult to safely manage and control the power failure emergency repair command platform, thereby providing a safety management and control method and system for a power failure emergency repair system.

为达到上述目的,本发明提供如下技术方案:To achieve the above object, the present invention provides the following technical solutions:

第一方面,本发明实施例提供一种电力故障抢修系统的安全管控方法,包括:In a first aspect, an embodiment of the present invention provides a safety management and control method for a power failure emergency repair system, including:

根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将所述电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤;According to the application environment of the power failure emergency repair command platform, the results of safety risk assessment and the flow of business data, the power failure emergency repair command platform is physically isolated, the business data related to the Internet is deployed on the information extranet, and the business data related to the platform is deployed inside the platform. Information intranet, when the business data deployed in the information extranet is exchanged with the business data deployed in the information intranet, the security level of the business data is judged and filtered;

根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,所述用户角色包括:一般用户、业务应用管理员、系统管理员及领导用户;According to service assurance requirements, information security requirements and production safety requirements, the physical layer of the power failure emergency repair command platform is divided into key protection core areas, safety areas and basic safety areas. Deploy a network isolation device between the basic security zone, and formulate access control policies for each zone according to user roles and the flow of business data between zones. The user roles include: general users, business application administrators, system administrators, and leaders user;

获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对所述系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据所述审计报表定位造成错误或警告事件的责任人;Obtain business data in the key protection core area, security area, and basic security area, perform integrity verification according to business data constraints, obtain available business data, and obtain system operation logs, user operation logs, application logs from the available business data Database log and operating system log, and perform security audit on the system operation log, user operation log, application database log and operating system log, and generate an audit report. When an error or warning event occurs, locate the error according to the audit report. or warn the person responsible for the incident;

根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据所述用户操作日志调整用户的访问权限。According to the user's role, geographical location and the security level of the key protection core area, security area and basic security area, the access rights are allocated based on the user role, and the user account information, user login time, logout time, access terminal address, The operation object and operation method are generated, the user operation log is generated, and the user's access authority is adjusted according to the user operation log.

在一实施例中,所述对业务数据进行安全认证并过滤,包括:In one embodiment, the performing security authentication and filtering on the service data includes:

对业务数据进行安全等级判断,当业务数据为敏感数据时,禁止部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换;Judging the security level of business data, when the business data is sensitive data, it is forbidden to exchange data between the business data deployed on the information extranet and the business data deployed on the information intranet;

当业务数据为不敏感数据时,将所述业务数据进行脱敏处理后进行数据交换。When the business data is insensitive data, the business data is desensitized and then exchanged.

在一实施例中,所述根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,包括:In one embodiment, the formulating an access control policy for each zone according to the user role and the business data flow between the zones includes:

当业务数据从基本安全区流向安全区或从安全区流向重点防护核心区时,允许系统管理员及领导用户访问该业务数据;When business data flows from the basic security zone to the security zone or from the security zone to the key protection core zone, allow system administrators and leading users to access the business data;

当业务数据从安全区流向基本安全区或从重点防护核心区流向安全区时,允许所有用户角色访问该业务数据。When business data flows from the security zone to the basic security zone or from the core protection zone to the security zone, all user roles are allowed to access the business data.

在一实施例中,所述根据所述用户操作日志调整用户的访问权限,包括:In one embodiment, the adjusting the user's access authority according to the user operation log includes:

根据所述用户账号信息与本地存储的用户账号信息进行比对,当比对结果不一致时,判定所述用户账号为初次登录;According to the user account information and the locally stored user account information, when the comparison result is inconsistent, it is determined that the user account is the first login;

当所述用户账号为初次登录时,根据所述用户账号信息获取用户的访问权限,所述访问权限包括:对象级别的权限和行为级别的权限,所述对象级别的权限用于修改行为级别的权限,所述行为级别的权限用于从所述电力故障抢修指挥平台中获取对应行为级别的行为数据;When the user account is the first login, the user's access authority is obtained according to the user account information, and the access authority includes: an object-level authority and a behavior-level authority, and the object-level authority is used to modify the behavior-level authority. Authority, the authority of the behavior level is used to obtain behavior data corresponding to the behavior level from the power failure emergency repair command platform;

当所述用户账号为初次登录时,首先判断用户是否有对象级别的权限,当用户有对象级别的权限时,执行此权限,并将修改后的行为级别的权限返回至用户,当用户无对象级别的权限时,判断用户是否有行为级别的权限,当用户有行为级别的权限时,执行此权限,并将该行为级别的权限获取的对应行为数据返回至用户;When the user account is logged in for the first time, first determine whether the user has the object-level permission, when the user has the object-level permission, execute the permission, and return the modified behavior-level permission to the user, when the user has no object-level permission When the user has the permission of the behavior level, it is judged whether the user has the permission of the behavior level. When the user has the permission of the behavior level, the permission is executed, and the corresponding behavior data obtained by the permission of the behavior level is returned to the user;

当所述用户账号为初次登录时,根据所述用户操作日志评估用户执行权限时的行为状态,当判定用户执行权限时的行为状态异常时,调整用户的访问权限;When the user account is logged in for the first time, evaluate the behavior status of the user when the user executes the authority according to the user operation log, and adjust the user's access authority when it is determined that the behavior status of the user when the user executes the authority is abnormal;

根据所述用户账号信息与本地存储的用户账号信息进行比对,当比对结果一致时,判定所述用户账号不是初次登录,并按照既定访问策略访问电力故障抢修指挥平台。According to the user account information and the locally stored user account information, when the comparison results are consistent, it is determined that the user account is not the first login, and the power failure repair command platform is accessed according to the established access policy.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

采用双设备、双链路方式与电力故障抢修指挥平台连接通信,当其中任一条线路故障时,将其从服务列表中进行屏蔽,并切换至正常线路和与正常线路配套的通信设备通信连接,当检测到故障恢复后,切换回原线路和与原线路配套的原通信设备,并将故障信息记录至系统运行日志。It adopts dual-device and dual-link mode to connect and communicate with the power failure emergency repair command platform. When any one of the lines fails, it will be shielded from the service list and switched to the normal line and the communication equipment supporting the normal line. After detecting the fault recovery, switch back to the original line and the original communication equipment matched with the original line, and record the fault information in the system operation log.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

根据所述系统运行日志获取系统运行时间与停机时间,并根据系统运行时间与停机时间得到系统可用率,当系统可用率小于预设阈值时,生成进行后台软硬件架构升级的提示信息。The system running time and downtime are obtained according to the system operation log, and the system availability is obtained according to the system running time and the downtime. When the system availability is less than a preset threshold, a prompt message for background software and hardware architecture upgrade is generated.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

获取重点防护核心区、安全区和基本安全区中的业务数据,对所述业务数据中敏感数据采用公钥基础设施作为密钥进行加密存储,并采用数据备份、镜像技术及镜像服务器措施对业务数据进行备份处理。Obtain business data in the key protection core area, security area and basic security area, encrypt and store sensitive data in the business data using public key infrastructure as a key, and use data backup, mirroring technology and mirror server measures to monitor business operations. Data is backed up.

第二方面,本发明实施例提供一种电力故障抢修系统的安全管控系统,包括:In a second aspect, an embodiment of the present invention provides a safety management and control system for a power failure emergency repair system, including:

物理隔离模块,用于根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将所述电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤;The physical isolation module is used to physically isolate the power failure emergency repair command platform according to the application environment, security risk assessment results and business data flow of the power failure emergency repair command platform, and deploy the business data related to the Internet on the information extranet. The internal business data is deployed in the information intranet. When the business data deployed in the information extranet is exchanged with the business data deployed in the information intranet, the security level of the business data is judged and filtered;

区域划分模块,用于根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,所述用户角色包括:一般用户、业务应用管理员、系统管理员及领导用户;The area division module is used to divide the physical layer of the power failure emergency repair command platform into key protection core areas, safety areas and basic safety areas according to service assurance requirements, information security requirements and production safety requirements. Deploy network isolation devices between zones, between security zones and basic security zones, and formulate access control policies for each zone according to user roles and the flow of business data between zones. The user roles include: general users, business application administrators , system administrators and leading users;

安全审计模块,用于获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对所述系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据所述审计报表定位造成错误或警告事件的责任人;The security audit module is used to obtain business data in the key protection core area, security area and basic security area, perform integrity verification according to business data constraints, obtain available business data, and obtain system operation logs from the available business data. , user operation log, application database log and operating system log, and conduct security audits on the system operation log, user operation log, application database log and operating system log, and generate audit reports. The audit report identifies the person responsible for the error or warning event;

权限分配模块,用于根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据所述用户操作日志调整用户的访问权限。The permission assignment module is used to assign access permissions based on user roles, and record user account information, user login time, logout Time, access terminal address, operation object and operation method, generate a user operation log, and adjust the user's access authority according to the user operation log.

第三方面,本发明实施例提供一种计算机可读存储介质,所述计算机可读存储介质存储有计算机指令,所述计算机指令用于使所述计算机执行本发明实施例第一方面所述的电力故障抢修系统的安全管控方法。In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are used to cause the computer to execute the first aspect of the embodiment of the present invention. Safety management and control method of power failure emergency repair system.

第四方面,本发明实施例提供一种计算机设备,包括:存储器和处理器,所述存储器和所述处理器之间互相通信连接,所述存储器存储有计算机指令,所述处理器通过执行所述计算机指令,从而执行本发明实施例第一方面所述的电力故障抢修系统的安全管控方法。In a fourth aspect, an embodiment of the present invention provides a computer device, including: a memory and a processor, the memory and the processor are connected in communication with each other, the memory stores computer instructions, and the processor executes the The computer instructions are executed to execute the safety management and control method of the power failure emergency repair system according to the first aspect of the embodiment of the present invention.

本发明技术方案,具有如下优点:The technical scheme of the present invention has the following advantages:

本发明提供的电力故障抢修系统的安全管控方法,根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤;根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略;获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表定位造成错误或警告事件的责任人;根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据用户操作日志调整用户的访问权限。通过将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,保障了业务数据的安全。通过将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,满足了平台的服务保证需求、信息安全需求及生产安全需求,并为不同角色用户提供不同的访问控制策略,保证了业务数据的安全。通过审计报表可以准确的定位问题原因以及定位造成错误或警告事件的责任人,并及时的对该平台存在的问题进行修改完善,保障电力故障抢修指挥平台的安全运行。通过用户操作日志调整用户的访问权限,为不同角色用户提供合适的权限,避免了敏感数据泄露。The safety management and control method of the power failure emergency repair system provided by the present invention physically isolates the power failure emergency repair command platform according to the application environment of the power failure emergency repair command platform, the safety risk assessment result and the flow of business data, and deploys the business data related to the Internet outside the information. When the business data deployed on the external information network is exchanged with the business data deployed on the internal information network, the security level of the business data is judged and filtered; according to the service The physical layer of the power failure emergency repair command platform is divided into the key protection core area, the safety area and the basic safety area, and between the key protection core area and the safety area, the safety area and the basic safety area, respectively. Deploy network isolation devices between security zones, formulate access control policies for each zone based on user roles and the flow of business data between zones; obtain business data in key protection core zones, security zones, and basic security zones, and restrict them according to business data Check the integrity of the conditions to obtain the available business data, obtain the system operation log, user operation log, application database log and operating system log from the available business data, and analyze the system operation log, user operation log, application database log and Perform security audits on operating system logs and generate audit reports. When an error or warning event occurs, locate the person responsible for the error or warning event according to the audit report; protect the core area, security area, and basic security area based on user roles, geographic locations, and key areas Based on user roles, access rights are assigned, and user account information, user login time, logout time, access terminal address, operation objects and operation methods are recorded, user operation logs are generated, and users are adjusted according to user operation logs. access rights. By physically isolating the power failure emergency repair command platform, business data involving the Internet is deployed on the information extranet, and business data involving the platform is deployed on the information intranet, ensuring the security of business data. By dividing the physical layer of the power failure emergency repair command platform into key protection core areas, security areas and basic security areas, and formulating access control policies for each area according to user roles and the flow of business data between areas, the service of the platform is satisfied. Guarantee requirements, information security requirements and production security requirements, and provide different access control strategies for users with different roles to ensure the security of business data. Through the audit report, the cause of the problem and the person responsible for the error or warning event can be accurately located, and the existing problems of the platform can be revised and improved in time to ensure the safe operation of the power failure emergency repair command platform. Adjust user access permissions through user operation logs, provide appropriate permissions for users with different roles, and avoid sensitive data leakage.

附图说明Description of drawings

为了更清楚地说明本发明具体实施方式或现有技术中的技术方案,下面将对具体实施方式或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施方式,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the specific embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the accompanying drawings required in the description of the specific embodiments or the prior art. Obviously, the accompanying drawings in the following description The drawings are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained from these drawings without creative efforts.

图1为本发明实施例中电力故障抢修系统的安全管控方法的一个具体示例的流程图;1 is a flowchart of a specific example of a safety management and control method for a power failure emergency repair system in an embodiment of the present invention;

图2为本发明实施例中电力故障抢修系统的安全管控方法的另一个具体示例的流程图;2 is a flowchart of another specific example of a safety management and control method for a power failure emergency repair system in an embodiment of the present invention;

图3为本发明实施例中电力故障抢修系统的安全管控方法的另一个具体示例的流程图;3 is a flowchart of another specific example of the safety management and control method of the power failure emergency repair system in the embodiment of the present invention;

图4为本发明实施例中电力故障抢修系统的安全管控方法的另一个具体示例的流程图;FIG. 4 is a flowchart of another specific example of the safety management and control method of the power failure emergency repair system in the embodiment of the present invention;

图5为本发明实施例中电力故障抢修系统的安全管控系统的一个具体示例的原理框图;FIG. 5 is a schematic block diagram of a specific example of a safety management and control system of a power failure emergency repair system in an embodiment of the present invention;

图6为本发明实施例提供的计算机设备一个具体示例的组成图。FIG. 6 is a composition diagram of a specific example of a computer device provided by an embodiment of the present invention.

具体实施方式Detailed ways

下面将结合附图对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

在本发明的描述中,需要说明的是,除非另有明确的规定和限定,术语“安装”、“相连”、“连接”应做广义理解,例如,可以是固定连接,也可以是可拆卸连接,或一体地连接;可以是机械连接,也可以是电连接;可以是直接相连,也可以通过中间媒介间接相连,还可以是两个元件内部的连通,可以是无线连接,也可以是有线连接。对于本领域的普通技术人员而言,可以具体情况理解上述术语在本发明中的具体含义。In the description of the present invention, it should be noted that the terms "installed", "connected" and "connected" should be understood in a broad sense, unless otherwise expressly specified and limited, for example, it may be a fixed connection or a detachable connection connection, or integral connection; it can be a mechanical connection or an electrical connection; it can be a direct connection or an indirect connection through an intermediate medium, or it can be the internal connection of two components, which can be a wireless connection or a wired connection connect. For those of ordinary skill in the art, the specific meanings of the above terms in the present invention can be understood in specific situations.

此外,下面所描述的本发明不同实施方式中所涉及的技术特征只要彼此之间未构成冲突就可以相互结合。In addition, the technical features involved in the different embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

本发明实施例提供一种电力故障抢修系统的安全管控方法,如图1所示,包括如下步骤:An embodiment of the present invention provides a safety management and control method for a power failure emergency repair system, as shown in FIG. 1 , including the following steps:

步骤S1:根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤。Step S1: Physically isolate the power failure emergency repair command platform according to the application environment, security risk assessment results and business data flow of the power failure emergency repair command platform, deploy the business data involving the Internet on the information extranet, and deploy the business data involved in the platform In the information intranet, when the service data deployed in the information extranet is exchanged with the service data deployed in the information intranet, the security level of the service data is judged and filtered.

在一具体实施例中,电力故障抢修指挥平台应用环境十分复杂,涉及到大量的软件硬平台设备以及各种内、外部网络通道,并且对内、对外联系紧密,在技术和管理层面都面临着较大的安全风险。因此,电力故障抢修指挥平台遵循信息内、外网隔离原则,以安全风险评估结果及业务数据流向为指导,将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,保证了电力故障抢修指挥平台的安全运行。同时在内、外网业务数据进行数据交换时,对业务数据进行安全等级判断并过滤,进一步保障了电力故障抢修指挥平台的业务数据安全。其中,安全风险评估结果是根据电力故障抢修指挥平台技术层面和管理层面评估得到的结果。In a specific embodiment, the application environment of the power failure emergency repair command platform is very complex, involving a large number of software and hardware platform equipment and various internal and external network channels, and has close internal and external connections. greater security risk. Therefore, the power failure emergency repair command platform follows the principle of information internal and external network isolation, and is guided by the results of security risk assessment and business data flow. The business data involved in the platform is deployed on the information intranet to ensure the safe operation of the power failure emergency repair command platform. At the same time, when the business data of the internal and external networks is exchanged, the security level of the business data is judged and filtered, which further ensures the business data security of the power failure emergency repair command platform. Among them, the safety risk assessment results are based on the technical and management assessment results of the power failure emergency repair command platform.

在一具体实施例中,如图2所示,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤,包括如下步骤:In a specific embodiment, as shown in FIG. 2 , when the service data deployed on the external information network is exchanged with the service data deployed on the internal information network, the security level judgment and filtering are performed on the service data, including the following steps:

步骤S11:对业务数据进行安全等级判断,当业务数据为敏感数据时,禁止部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换。Step S11 : judging the security level of the service data, when the service data is sensitive data, data exchange between the service data deployed on the information extranet and the service data deployed on the information intranet is prohibited.

步骤S12:当业务数据为不敏感数据时,将业务数据进行脱敏处理后进行数据交换。Step S12: When the business data is insensitive data, perform data exchange after desensitizing the business data.

在本发明实施例中,敏感数据又可以分为核心敏感数据、基本敏感数据。通过对业务数据进行安全等级判断并过滤,避免了敏感数据的泄露。In this embodiment of the present invention, sensitive data can be further classified into core sensitive data and basic sensitive data. By judging and filtering the security level of business data, the leakage of sensitive data is avoided.

步骤S2:根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,用户角色包括:一般用户、业务应用管理员、系统管理员及领导用户,其中,权限级别最高的为领导用户,其次为系统管理员,再次为业务应用管理员,最后为一般用户。Step S2: Divide the physical layer of the power failure emergency repair command platform into key protection core areas, safety areas and basic safety areas according to service assurance requirements, information security requirements and production safety requirements, and separate the areas between the key protection core area and the safety area. , Deploy network isolation devices between security zones and basic security zones, and formulate access control policies for each zone according to user roles and business data flow between zones. User roles include: general users, business application administrators, system administrators, and Lead users, among them, lead users with the highest authority level, system administrators next, business application administrators again, and general users last.

在一具体实施例中,电力故障抢修指挥平台作为电网业务电力故障抢修服务的承载平台,对该平台的服务保证需求、信息安全需求及生产安全需求提出了很高的要求,因此,将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区。其中,重点防护核心区的安全等级高于安全区,安全区的安全等级高于基本安全区,重点防护核心区用于存储核心敏感数据,安全区用于存储基本敏感数据,基本安全区用于存储基本数据(即为不敏感数据)。为了保障各个区的业务数据安全,电力故障抢修指挥平台分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备并制定各个区的访问控制策略。In a specific embodiment, the command platform for emergency repair of power failures is used as a carrier platform for emergency repair services for power failures in power grid business, and puts forward high requirements for the service guarantee requirements, information security requirements and production safety requirements of the platform. The physical layer of the emergency repair command platform is divided into key protection core areas, safety areas and basic safety areas. Among them, the security level of the key protection core area is higher than the security area, the security level of the security area is higher than the basic security area, the key protection core area is used to store core sensitive data, the security area is used to store basic sensitive data, and the basic security area is used to store core sensitive data. Store basic data (ie, non-sensitive data). In order to ensure the security of business data in each area, the power failure emergency repair command platform deploys network isolation equipment between the key protection core area and the security area, and between the security area and the basic security area, and formulates access control strategies for each area.

在本发明实施例中,如图3所示,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,包括如下步骤:In an embodiment of the present invention, as shown in Figure 3, formulating an access control policy for each zone according to the user role and the business data flow between the zones includes the following steps:

步骤S21:当业务数据从基本安全区流向安全区或从安全区流向重点防护核心区时,允许系统管理员及领导用户访问该业务数据。Step S21: When the business data flows from the basic security zone to the security zone or from the security zone to the key protection core zone, the system administrator and leading users are allowed to access the business data.

步骤S22:当业务数据从安全区流向基本安全区或从重点防护核心区流向安全区时,允许所有用户角色访问该业务数据。Step S22: When the service data flows from the security zone to the basic security zone or from the key protection core zone to the security zone, all user roles are allowed to access the service data.

步骤S3:获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表定位造成错误或警告事件的责任人。Step S3: Obtain the business data in the key protection core area, the security area and the basic security area, perform integrity verification according to the business data constraints, obtain available business data, and obtain system operation logs and user operations from the available business data. logs, application database logs and operating system logs, and conduct security audits on system operation logs, user operation logs, application database logs and operating system logs, and generate audit reports. Warning the person responsible for the incident.

在一具体实施例中,为了保障电力故障抢修指挥平台业务数据的完整性,需根据约束条件进行完整性校验,具体的约束条件包括:非空约束、缺少约束、校验约束、主键约束、唯一约束及外键约束。为了能够在出现问题时更好的解决问题,并对可能存在的漏洞和风险进行及时的规避,在本发明实施例中,对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表可以准确的定位问题原因以及定位造成错误或警告事件的责任人,并将问题原因进行上报并通知对应的责任人,以便于及时的对该平台存在的问题进行修改完善,确保电力故障抢修指挥平台的安全运行。In a specific embodiment, in order to ensure the integrity of the business data of the power failure emergency repair command platform, integrity verification needs to be performed according to the constraints, and the specific constraints include: non-empty constraints, lack of constraints, verification constraints, primary key constraints, Unique constraints and foreign key constraints. In order to better solve problems when problems occur, and to avoid possible loopholes and risks in a timely manner, in the embodiment of the present invention, the system operation log, user operation log, application database log and operating system log are secured. Audit, generate audit reports, when an error or warning event occurs, according to the audit report can accurately locate the cause of the problem and locate the responsible person for the error or warning event, report the cause of the problem and notify the corresponding responsible person, so as to facilitate timely The existing problems of the platform are revised and improved to ensure the safe operation of the power failure emergency repair command platform.

步骤S4:根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据用户操作日志调整用户的访问权限。Step S4: According to the user role, geographical location and the security level of the key protection core area, security area and basic security area, access rights are allocated based on the user role, and the user account information, user login time, logout time, access time are recorded. Terminal address, operation object and operation method, generate user operation log, and adjust user's access authority according to user operation log.

在一具体实施例中,对不同地区,所属供电单位的电力故障抢修指挥平台对用户的地理位置进行范围限制,例如,在A区的用户在登录电力故障抢修指挥平台时,只能访问A区的业务数据,并根据用户角色权限等级、重点防护核心区、安全区和基本安全区的安全等级,访问A区不同等级的业务数据,以保证对应供电单位的后台应用的安全。当访问权限设置不合适时,根据用户操作日志可随时调整用户的访问权限。In a specific embodiment, for different regions, the power failure emergency repair command platform of the power supply unit to which the power supply unit belongs limits the geographic location of the user. For example, when a user in area A logs in to the power failure emergency repair command platform, he can only access area A. According to the user's role permission level, the security level of the key protection core area, the security area and the basic security area, you can access the business data of different levels in area A to ensure the security of the background applications of the corresponding power supply unit. When the access permission setting is inappropriate, the user's access permission can be adjusted at any time according to the user operation log.

在本发明实施例中,如图4所示,根据用户操作日志调整用户的访问权限,包括如下步骤:In the embodiment of the present invention, as shown in FIG. 4 , adjusting the user's access authority according to the user operation log includes the following steps:

步骤S41:根据用户账号信息与本地存储的用户账号信息进行比对,当比对结果不一致时,判定用户账号为初次登录。Step S41: Compare the user account information with the locally stored user account information, and when the comparison results are inconsistent, determine that the user account is the first login.

具体地,不同的用户在登陆电力故障抢修指挥平台,会存在初次登录和再次登录(即不是初次登录)之分,当用户初次登录时,并不确定电力故障抢修指挥平台为该用户配置的权限是否合适,只有进行实际操作才能评估权限配置是否合适。而再次登录的用户已根据之前的操作日志配置好合适的权限。因此,为了给用户需要配置合适的权限,需要判段用户账号是否为初次登录。Specifically, when different users log in to the power failure emergency repair command platform, there will be a distinction between initial login and re-login (that is, not the first login). Appropriate or not, only the actual operation can evaluate whether the permission configuration is appropriate. The user who logs in again has been configured with appropriate permissions based on the previous operation log. Therefore, in order to configure appropriate permissions for the user, it is necessary to determine whether the user account is the first login.

步骤S42:当用户账号为初次登录时,根据用户账号信息获取用户的访问权限,访问权限包括:对象级别的权限和行为级别的权限,对象级别的权限用于修改行为级别的权限,行为级别的权限用于从电力故障抢修指挥平台中获取对应行为级别的行为数据。Step S42: when the user account is the first login, the user's access authority is obtained according to the user account information. The access authority includes: object-level authority and behavior-level authority, the object-level authority is used to modify the behavior-level authority, and the behavior-level authority Permissions are used to obtain behavior data corresponding to the behavior level from the power failure emergency repair command platform.

具体地,当用户账号为初次登录时,不同的用户角色拥有不同的访问权限,当用户角色为领导用户时,该用户有对象级别的权限和行为级别的权限,领导用户根据对象级别的权限修改系统管理员、业务应用管理员及一般用户的行为级别的权限;当用户角色为系统管理员时,该用户有对象级别的权限和行为级别的权限,系统管理员根据对象级别的权限修改业务应用管理员及一般用户的行为级别的权限;当用户角色为业务应用管理员时,该用户有对象级别的权限和行为级别的权限,业务应用管理员根据对象级别的权限修改一般用户的行为级别的权限;当用户角色为一般用户时,该用户只有行为级别的权限。每个不同角色的用户均有行为级别的权限,用于从电力故障抢修指挥平台中获取对应行为级别的行为数据。Specifically, when the user account is logged in for the first time, different user roles have different access rights. When the user role is a lead user, the user has object-level permissions and behavior-level permissions. The lead user can modify the permissions according to the object-level permissions. Behavior-level permissions for system administrators, business application administrators, and general users; when the user role is system administrator, the user has object-level permissions and behavior-level permissions, and system administrators modify business applications based on object-level permissions Behavior-level permissions of administrators and general users; when the user role is a business application administrator, the user has object-level permissions and behavior-level permissions, and business application administrators can modify the behavior-level permissions of general users according to the object-level permissions. Permissions; when the user role is a general user, the user has only behavior-level permissions. Each user with different roles has the authority of the behavior level, which is used to obtain the behavior data of the corresponding behavior level from the power failure repair command platform.

步骤S43:当用户账号为初次登录时,首先判断用户是否有对象级别的权限,当用户有对象级别的权限时,执行此权限,并将修改后的行为级别的权限返回至用户,当用户无对象级别的权限时,判断用户是否有行为级别的权限,当用户有行为级别的权限时,执行此权限,并将该行为级别的权限获取的对应行为数据返回至用户。Step S43: When the user account is the first login, first determine whether the user has the object-level permission, when the user has the object-level permission, execute the permission, and return the modified behavior-level permission to the user, when the user has no object-level permission. When the object-level permission is used, it is judged whether the user has the behavior-level permission. When the user has the behavior-level permission, the permission is executed, and the corresponding behavior data obtained by the behavior-level permission is returned to the user.

具体地,当领导用户为初次登录时,首先判断出该用户有对象级别的权限,则执行该权限,修改其他角色的行为级别的权限,并将修改后的行为级别的权限返回至领导用户和被修改的用户,对象级别的权限执行结束后,开始执行领导用户的行为级别的权限,获取该行为级别的权限对应的行为数据。当用户角色为系统管理员或业务应用管理员时,权限执行过程同领导用户的权限执行过程,在此不再赘述。当一般用户为初次登录时,首先判断出该用户无对象级别的权限,接着判断出该用户有行为级别的权限,则执行该用户的行为级别的权限,获取该行为级别的权限对应的行为数据。Specifically, when the lead user logs in for the first time, it is first determined that the user has the object-level permission, then executes the permission, modifies the behavior-level permissions of other roles, and returns the modified behavior-level permissions to the leader user and For the modified user, after the object-level permission is executed, the behavior-level permission of the leader user starts to be executed, and the behavior data corresponding to the behavior-level permission is obtained. When the user role is the system administrator or the business application administrator, the permission execution process is the same as that of the lead user, and details are not repeated here. When a general user logs in for the first time, it is first determined that the user does not have object-level permissions, and then it is determined that the user has behavior-level permissions, and the user's behavior-level permissions are executed to obtain behavior data corresponding to the behavior-level permissions. .

步骤S44:当用户账号为初次登录时,根据用户操作日志评估用户执行权限时的行为状态,当判定用户执行权限时的行为状态异常时,调整用户的访问权限。Step S44: When the user account is logged in for the first time, evaluate the behavior status of the user when the user executes the authority according to the user operation log, and adjust the user's access authority when it is determined that the user's behavior status when the user executes the authority is abnormal.

具体地,根据用户操作日志(即权限执行过程)判断初次登录用户权限是否合适。比如,当用户角色为业务应用管理员时,如果根据该用户的权限可以获取到系统管理员角色才能获取的业务数据,说明此时该业务应用管理员的权限配置不合适,需要将该业务应用管理员的权限调整至业务应用管理员角色该拥有的权限。Specifically, according to the user operation log (ie, the authorization execution process), it is judged whether the authorization of the first login user is appropriate. For example, when the user role is a business application administrator, if the user's authority can obtain business data that can only be obtained by the system administrator role, it means that the authority configuration of the business application administrator is not appropriate at this time, and the business application needs to be The administrator's permissions are adjusted to those of the business application administrator role.

步骤S45:根据用户账号信息与本地存储的用户账号信息进行比对,当比对结果一致时,判定用户账号不是初次登录,并按照既定访问策略访问电力故障抢修指挥平台。Step S45: Compare the user account information with the locally stored user account information, and when the comparison results are consistent, determine that the user account is not the first login, and access the power failure emergency repair command platform according to the established access policy.

具体地,当用户不是初次登录时,该用户已根据之前的操作日志配置好合适的权限,无需再次评估用户执行权限时的行为状态,按照既定访问策略访问电力故障抢修指挥平台即可,减少了电力故障抢修指挥平台工作量。Specifically, when the user does not log in for the first time, the user has already configured appropriate permissions according to the previous operation log, and there is no need to re-evaluate the behavior status of the user when the user executes the permissions. It is enough to access the power failure emergency repair command platform according to the established access policy, reducing the need for Power failure emergency repair command platform workload.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

采用双设备、双链路方式与电力故障抢修指挥平台连接通信,当其中任一条线路故障时,将其从服务列表中进行屏蔽,并切换至正常线路和与正常线路配套的通信设备通信连接,当检测到故障恢复后,切换回原线路和与原线路配套的原通信设备,并将故障信息记录至系统运行日志。It adopts dual-device and dual-link mode to connect and communicate with the power failure emergency repair command platform. When any one of the lines fails, it will be shielded from the service list and switched to the normal line and the communication equipment supporting the normal line. After detecting the fault recovery, switch back to the original line and the original communication equipment matched with the original line, and record the fault information in the system operation log.

在一具体实施例中,为了保障电力故障抢修指挥平台的安全运行,一般采用冗余设计,例如采用双设备、双链路方式与电力故障抢修指挥平台连接通信,防止一条线路故障时,通信终止,进而电力故障抢修指挥平台无法运行。In a specific embodiment, in order to ensure the safe operation of the power failure emergency repair command platform, a redundant design is generally adopted, for example, a dual device and dual link mode is used to connect and communicate with the power failure emergency repair command platform to prevent the communication from being terminated when one line fails. , and then the power failure repair command platform cannot run.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

根据系统运行日志获取平台运行时间与停机时间,并根据平台运行时间与停机时间得到平台可用率,当平台可用率小于预设阈值时,生成进行后台软硬件架构升级的提示信息。The platform running time and downtime are obtained according to the system operation log, and the platform availability is obtained according to the platform running time and downtime. When the platform availability is less than the preset threshold, a prompt message for background software and hardware architecture upgrade is generated.

在一具体实施例中,预设阈值为99.9%,当系统可用率小于99.9%时,说明该平台提供持续服务的能力无法满足电力故障抢修指挥需要,需在后台进行软硬件架构升级。In a specific embodiment, the preset threshold is 99.9%. When the system availability is less than 99.9%, it means that the platform's ability to provide continuous services cannot meet the needs of emergency repair command for power failures, and software and hardware architecture needs to be upgraded in the background.

在一实施例中,电力故障抢修系统的安全管控方法,还包括:In one embodiment, the safety management and control method of the power failure emergency repair system further includes:

获取重点防护核心区、安全区和基本安全区中的业务数据,对业务数据中敏感数据采用公钥基础设施作为密钥进行加密存储,并采用数据备份、镜像技术及镜像服务器措施对业务数据进行备份处理。Obtain business data in the key protected core area, security area, and basic security area, encrypt and store sensitive data in business data using public key infrastructure as the key, and use data backup, mirroring technology, and mirror server measures to encrypt and store business data. Backup processing.

在一具体实施例中,对业务数据中敏感数据必须进行加密存储,保证敏感数据的数据安全,在本发明实施例中采用公钥基础设施作为密钥进行加密/解密。同时采用数据备份、镜像技术及镜像服务器措施对业务数据进行备份处理,提高了业务数据的可管理性、高安全性、完整性及易恢复性。In a specific embodiment, the sensitive data in the business data must be encrypted and stored to ensure the data security of the sensitive data. In the embodiment of the present invention, a public key infrastructure is used as a key for encryption/decryption. At the same time, data backup, mirroring technology and mirror server measures are used to back up business data, which improves the manageability, high security, integrity and easy recovery of business data.

本发明提供的电力故障抢修系统的安全管控方法,根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤;根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略;获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表定位造成错误或警告事件的责任人;根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据用户操作日志调整用户的访问权限。通过将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,保障了业务数据的安全。通过将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,满足了平台的服务保证需求、信息安全需求及生产安全需求,并为不同角色用户提供不同的访问控制策略,保证了业务数据的安全。通过审计报表可以准确的定位问题原因以及定位造成错误或警告事件的责任人,并及时的对该平台存在的问题进行修改完善,保障电力故障抢修指挥平台的安全运行。通过用户操作日志调整用户的访问权限,为不同角色用户提供合适的权限,避免了敏感数据泄露。The safety management and control method of the power failure emergency repair system provided by the present invention physically isolates the power failure emergency repair command platform according to the application environment of the power failure emergency repair command platform, the safety risk assessment result and the flow of business data, and deploys the business data related to the Internet outside the information. When the business data deployed on the external information network is exchanged with the business data deployed on the internal information network, the security level of the business data is judged and filtered; according to the service The physical layer of the power failure emergency repair command platform is divided into the key protection core area, the safety area and the basic safety area, and between the key protection core area and the safety area, the safety area and the basic safety area, respectively. Deploy network isolation devices between security zones, formulate access control policies for each zone based on user roles and the flow of business data between zones; obtain business data in key protection core zones, security zones, and basic security zones, and restrict them according to business data Check the integrity of the conditions to obtain the available business data, obtain the system operation log, user operation log, application database log and operating system log from the available business data, and analyze the system operation log, user operation log, application database log and Perform security audits on operating system logs and generate audit reports. When an error or warning event occurs, locate the person responsible for the error or warning event according to the audit report; protect the core area, security area, and basic security area based on user roles, geographic locations, and key areas Based on user roles, access rights are assigned, and user account information, user login time, logout time, access terminal address, operation objects and operation methods are recorded, user operation logs are generated, and users are adjusted according to user operation logs. access rights. By physically isolating the power failure emergency repair command platform, business data involving the Internet is deployed on the information extranet, and business data involving the platform is deployed on the information intranet, ensuring the security of business data. By dividing the physical layer of the power failure emergency repair command platform into key protection core areas, security areas and basic security areas, and formulating access control policies for each area according to user roles and the flow of business data between areas, the service of the platform is satisfied. Guarantee requirements, information security requirements and production security requirements, and provide different access control strategies for users with different roles to ensure the security of business data. Through the audit report, the cause of the problem and the person responsible for the error or warning event can be accurately located, and the existing problems of the platform can be revised and improved in time to ensure the safe operation of the power failure emergency repair command platform. Adjust user access permissions through user operation logs, provide appropriate permissions for users with different roles, and avoid sensitive data leakage.

本发明实施例还提供一种电力故障抢修系统的安全管控系统,如图5所示,包括:An embodiment of the present invention also provides a safety management and control system for a power failure emergency repair system, as shown in FIG. 5 , including:

物理隔离模块1,用于根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤。详细内容参见上述方法实施例中步骤S1的相关描述,在此不再赘述。Physical isolation module 1 is used to physically isolate the power failure emergency repair command platform according to the application environment of the power failure emergency repair command platform, the results of security risk assessment and the flow of business data, and deploy the business data involving the Internet on the information extranet, and will involve the internal platform. The business data deployed in the information network is deployed in the information intranet. When the business data deployed in the information extranet is exchanged with the business data deployed in the information intranet, the security level of the business data is judged and filtered. For details, refer to the relevant description of step S1 in the above method embodiment, which will not be repeated here.

区域划分模块2,用于根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,用户角色包括:一般用户、业务应用管理员、系统管理员及领导用户。详细内容参见上述方法实施例中步骤S2的相关描述,在此不再赘述。The area division module 2 is used to divide the physical layer of the power failure emergency repair command platform into key protection core areas, safety areas and basic safety areas according to service assurance requirements, information security requirements and production safety requirements, and the key protection core areas and Deploy network isolation devices between security zones and between security zones and basic security zones, and formulate access control policies for each zone according to user roles and the flow of business data between zones. User roles include: general users, business application administrators, System administrators and lead users. For details, refer to the relevant description of step S2 in the above method embodiment, which is not repeated here.

安全审计模块3,用于获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表定位造成错误或警告事件的责任人。详细内容参见上述方法实施例中步骤S3的相关描述,在此不再赘述。The security audit module 3 is used to obtain the business data in the key protection core area, the security area and the basic security area, perform integrity verification according to the constraints of the business data, obtain the available business data, and obtain the system operation from the available business data. Logs, user operation logs, application database logs and operating system logs, and conduct security audits on system operation logs, user operation logs, application database logs and operating system logs, and generate audit reports. Locate the person responsible for the error or warning event. For details, please refer to the relevant description of step S3 in the above method embodiment, which will not be repeated here.

权限分配模块4,用于根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据用户操作日志调整用户的访问权限。详细内容参见上述方法实施例中步骤S4的相关描述,在此不再赘述。Permission assignment module 4 is used to assign access permissions based on user roles, and record user account information, user login time, Logout time, access terminal address, operation object and operation method, generate user operation log, and adjust user's access authority according to user operation log. For details, refer to the relevant description of step S4 in the above method embodiment, which is not repeated here.

本发明提供的电力故障抢修系统的安全管控系统,通过应用电力故障抢修系统的安全管控方法,根据电力故障抢修指挥平台应用环境、安全风险评估结果及业务数据流向将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,当部署在信息外网的业务数据与部署在信息内网的业务数据进行数据交换时,对业务数据进行安全等级判断并过滤;根据服务保证需求、信息安全需求及生产安全需求将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并分别在重点防护核心区与安全区之间、安全区与基本安全区之间部署网络隔离设备,根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略;获取重点防护核心区、安全区和基本安全区中的业务数据,根据业务数据约束条件进行完整性校验,得到可用的业务数据,从可用的业务数据中获取系统运行日志、用户操作日志、应用数据库日志及操作系统日志,并对系统运行日志、用户操作日志、应用数据库日志及操作系统日志进行安全审计,生成审计报表,当出现错误或警告事件时,根据审计报表定位造成错误或警告事件的责任人;根据用户角色、地理位置及重点防护核心区、安全区和基本安全区的安全等级,以用户角色为基础进行访问权限的分配,并记录用户账号信息、用户登录时间、注销时间、访问终端地址、操作对象及操作方式,生成用户操作日志,并根据用户操作日志调整用户的访问权限。通过将电力故障抢修指挥平台进行物理隔离,将涉及互联网的业务数据部署在信息外网,将涉及平台内部的业务数据部署在信息内网,保障了业务数据的安全。通过将电力故障抢修指挥平台的物理层划分为重点防护核心区、安全区和基本安全区,并根据用户角色及各个区之间的业务数据流向制定各个区的访问控制策略,满足了平台的服务保证需求、信息安全需求及生产安全需求,并为不同角色用户提供不同的访问控制策略,保证了业务数据的安全。通过审计报表可以准确的定位问题原因以及定位造成错误或警告事件的责任人,并及时的对该平台存在的问题进行修改完善,保障电力故障抢修指挥平台的安全运行。通过用户操作日志调整用户的访问权限,为不同角色用户提供合适的权限,避免了敏感数据泄露。The safety management and control system of the power failure emergency repair system provided by the present invention physically isolates the power failure emergency repair command platform according to the application environment, safety risk assessment results and business data flow of the power failure emergency repair command platform by applying the safety management and control method of the power failure emergency repair system. , deploy the business data related to the Internet on the information extranet, and deploy the business data related to the platform inside the information intranet. The business data is judged and filtered on the security level; according to the service assurance requirements, information security requirements and production security requirements, the physical layer of the power failure emergency repair command platform is divided into key protection core areas, safety areas and basic safety areas. Deploy network isolation devices between zones and security zones, and between security zones and basic security zones, formulate access control policies for each zone based on user roles and business data flow between zones; obtain key protection core zones, security zones and basic security zones. The business data in the security zone is checked for integrity according to the business data constraints to obtain the available business data, and the system operation log, user operation log, application database log and operating system log are obtained from the available business data, and the system Perform security audits on operation logs, user operation logs, application database logs, and operating system logs, and generate audit reports. When an error or warning event occurs, locate the person responsible for the error or warning event according to the audit report; The security level of the key protection core area, security area and basic security area is assigned based on the user role, and the user account information, user login time, logout time, access terminal address, operation object and operation method are recorded. User operation log, and adjust the user's access rights according to the user operation log. By physically isolating the power failure emergency repair command platform, business data involving the Internet is deployed on the information extranet, and business data involving the platform is deployed on the information intranet, ensuring the security of business data. By dividing the physical layer of the power failure emergency repair command platform into key protection core areas, security areas and basic security areas, and formulating access control policies for each area according to user roles and the flow of business data between areas, the service of the platform is satisfied. Guarantee requirements, information security requirements and production security requirements, and provide different access control strategies for users with different roles to ensure the security of business data. Through the audit report, the cause of the problem and the person responsible for the error or warning event can be accurately located, and the existing problems of the platform can be revised and improved in time to ensure the safe operation of the power failure emergency repair command platform. Adjust user access permissions through user operation logs, provide appropriate permissions for users with different roles, and avoid sensitive data leakage.

本发明实施例提供一种计算机设备,如图6所示,该设备可以包括处理器61和存储器62,其中处理器61和存储器62可以通过总线或者其他方式连接,图6以通过总线连接为例。An embodiment of the present invention provides a computer device. As shown in FIG. 6 , the device may include a processor 61 and a memory 62, where the processor 61 and the memory 62 may be connected through a bus or in other ways. FIG. 6 takes the connection through a bus as an example .

处理器61可以为中央处理器(Central Processing Unit,CPU)。处理器61还可以为其他通用处理器、数字信号处理器(Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等芯片,或者上述各类芯片的组合。The processor 61 may be a central processing unit (Central Processing Unit, CPU). The processor 61 may also be other general-purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or Other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components and other chips, or a combination of the above types of chips.

存储器62作为一种非暂态计算机可读存储介质,可用于存储非暂态软件程序、非暂态计算机可执行程序以及模块,如本发明实施例中的对应的程序指令/模块。处理器61通过运行存储在存储器62中的非暂态软件程序、指令以及模块,从而执行处理器的各种功能应用以及数据处理,即实现上述方法实施例中的电力故障抢修系统的安全管控方法。As a non-transitory computer-readable storage medium, the memory 62 can be used to store non-transitory software programs, non-transitory computer-executable programs and modules, such as corresponding program instructions/modules in the embodiments of the present invention. The processor 61 executes various functional applications and data processing of the processor by running the non-transitory software programs, instructions and modules stored in the memory 62, that is, to realize the safety management and control method of the power failure emergency repair system in the above method embodiments. .

存储器62可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储处理器61所创建的数据等。此外,存储器62可以包括高速随机存取存储器,还可以包括非暂态存储器,例如至少一个磁盘存储器件、闪存器件、或其他非暂态固态存储器件。在一些实施例中,存储器62可选包括相对于处理器61远程设置的存储器,这些远程存储器可以通过网络连接至处理器61。上述网络的实例包括但不限于互联网、企业内部网、企业内网、移动通信网及其组合。The memory 62 may include a storage program area and a storage data area, wherein the storage program area may store an operating system and an application program required by at least one function; the storage data area may store data created by the processor 61 and the like. Additionally, memory 62 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 62 may optionally include memory located remotely from processor 61, which may be connected to processor 61 via a network. Examples of such networks include, but are not limited to, the Internet, intranets, intranets, mobile communication networks, and combinations thereof.

一个或者多个模块存储在存储器62中,当被处理器61执行时,执行如图1-4所示实施例中的电力故障抢修系统的安全管控方法。One or more modules are stored in the memory 62, and when executed by the processor 61, execute the safety management and control method of the power failure emergency repair system in the embodiment shown in FIGS. 1-4.

上述计算机设备具体细节可以对应参阅图1-4所示的实施例中对应的相关描述和效果进行理解,此处不再赘述。The specific details of the above computer equipment can be understood by referring to the corresponding descriptions and effects in the embodiments shown in FIGS. 1-4 , and details are not repeated here.

本领域技术人员可以理解,实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,存储介质可为磁碟、光盘、只读存储记忆体(Read-Only Memory,ROM)、随机存储记忆体(Random Access Memory,RAM)、快闪存储器(Flash Memory)、硬盘(Hard Disk Drive,缩写:HDD)或固态硬盘(Solid-StateDrive,SSD)等;存储介质还可以包括上述种类的存储器的组合。Those skilled in the art can understand that the realization of all or part of the processes in the methods of the above embodiments is a program that can be completed by instructing relevant hardware through a computer program and can be stored in a computer-readable storage medium. When the program is executed , which may include the processes of the above-mentioned method embodiments. Wherein, the storage medium may be a magnetic disk, an optical disk, a read-only memory (Read-Only Memory, ROM), a random access memory (Random Access Memory, RAM), a flash memory (Flash Memory), a hard disk (Hard Disk Drive) , abbreviation: HDD) or solid-state hard disk (Solid-State Drive, SSD), etc.; the storage medium may also include a combination of the above-mentioned types of memories.

显然,上述实施例仅仅是为清楚地说明所作的举例,而并非对实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。而由此所引申出的显而易见的变化或变动仍处于本发明创造的保护范围之中。Obviously, the above-mentioned embodiments are only examples for clear description, and are not intended to limit the implementation manner. For those of ordinary skill in the art, changes or modifications in other different forms can also be made on the basis of the above description. There is no need and cannot be exhaustive of all implementations here. And the obvious changes or changes derived from this are still within the protection scope of the present invention.

Claims (10)

1. A safety control method of a power failure emergency repair system is characterized by comprising the following steps:
the method comprises the steps that the power failure emergency repair command platform is physically isolated according to the application environment of the power failure emergency repair command platform, a safety risk evaluation result and the flow direction of service data, the service data related to the internet are deployed in an information extranet, the service data related to the inside of the platform are deployed in an information intranet, and when the service data deployed in the information extranet and the service data deployed in the information intranet are subjected to data exchange, safety grade judgment and filtering are carried out on the service data;
divide into key protection core district, safety zone and basic safety district with the physical layer of electrical fault rush-repair command platform according to service assurance demand, information security demand and production safety demand to dispose network isolation equipment between key protection core district and safety zone, safety zone and basic safety zone respectively, according to the business data flow direction between user role and each district and formulate the access control strategy in each district, the user role includes: general users, service application managers, system managers and leader users;
acquiring service data in a key protection core area, a safety area and a basic safety area, carrying out integrity verification according to service data constraint conditions to obtain available service data, acquiring a system operation log, a user operation log, an application database log and an operating system log from the available service data, carrying out safety audit on the system operation log, the user operation log, the application database log and the operating system log to generate an audit report, and positioning a responsible person causing an error or warning event according to the audit report when the error or warning event occurs;
according to the user role, the geographic position and the security level of the key protection core area, the security area and the basic security area, the access authority is distributed on the basis of the user role, user account information, user login time, user logout time, an access terminal address, an operation object and an operation mode are recorded, a user operation log is generated, and the access authority of the user is adjusted according to the user operation log.
2. The safety control method for the electrical fault emergency repair system according to claim 1, wherein the performing safety certification and filtering on the service data includes:
the safety level of the service data is judged, and when the service data are sensitive data, the data exchange between the service data deployed in the information extranet and the service data deployed in the information intranet is forbidden;
and when the service data are insensitive data, performing desensitization processing on the service data and then performing data exchange.
3. The method for safety management and control of a power failure emergency repair system according to claim 1, wherein the step of formulating an access control policy for each zone according to a user role and a traffic data flow direction between each zone comprises:
when the service data flows from the basic security zone to the security zone or from the security zone to the key protection core zone, allowing a system administrator and a leader user to access the service data;
when business data flows from a security zone to a basic security zone or from an important protection core zone to a security zone, all user roles are allowed to access the business data.
4. The method for safety control of an electrical fault emergency repair system according to claim 1, wherein the adjusting of the access right of the user according to the user operation log includes:
comparing the user account information with locally stored user account information, and judging that the user account is in initial login when the comparison result is inconsistent;
when the user account is in initial login, obtaining access authority of the user according to the user account information, wherein the access authority comprises: the power failure emergency repair command platform comprises an object level authority and a behavior level authority, wherein the object level authority is used for modifying the behavior level authority, and the behavior level authority is used for acquiring behavior data of a corresponding behavior level from the power failure emergency repair command platform;
when the user account is initially logged in, firstly judging whether the user has the authority at the object level, when the user has the authority at the object level, executing the authority, returning the modified authority at the behavior level to the user, when the user does not have the authority at the object level, judging whether the user has the authority at the behavior level, when the user has the authority at the behavior level, executing the authority, and returning corresponding behavior data acquired by the authority at the behavior level to the user;
when the user account is in initial login, the behavior state of the user when the user execution authority is evaluated according to the user operation log, and when the behavior state is abnormal when the user execution authority is judged, the access authority of the user is adjusted;
and comparing the user account information with locally stored user account information, judging that the user account is not the first login when the comparison result is consistent, and accessing the power failure first-aid repair command platform according to a set access strategy.
5. The method for safety control of a power fail-over system according to claim 1, further comprising:
the method comprises the steps of adopting a double-equipment and double-link mode to be connected and communicated with a power failure first-aid repair command platform, shielding any one line from a service list when the line has a failure, switching the line to a normal line and communicating with communication equipment matched with the normal line, switching the original line and the original communication equipment matched with the original line after the failure recovery is detected, and recording failure information to a system operation log.
6. The method for safety control of a power fail-over system according to claim 1, further comprising:
and acquiring the system operation time and the downtime according to the system operation log, acquiring the system availability according to the system operation time and the downtime, and generating prompt information for upgrading the background software and hardware architecture when the system availability is smaller than a preset threshold value.
7. The method for safety control of a power fail-over system according to claim 1, further comprising:
acquiring service data in a key protection core area, a security area and a basic security area, encrypting and storing sensitive data in the service data by using a public key infrastructure as a key, and performing backup processing on the service data by using data backup, a mirror image technology and a mirror image server.
8. The utility model provides a safety control system of electrical fault rush-repair system which characterized in that includes:
the physical isolation module is used for physically isolating the power failure emergency repair command platform according to the application environment of the power failure emergency repair command platform, a safety risk evaluation result and a service data flow direction, deploying service data related to the internet in an information extranet, deploying service data related to the inside of the platform in an information intranet, and judging and filtering the safety grade of the service data when the service data deployed in the information extranet and the service data deployed in the information intranet exchange data;
the regional division module is used for dividing the physical layer of the electric power fault rush-repair command platform into a key protection core area, a safety area and a basic safety area according to the service guarantee requirement, the information safety requirement and the production safety requirement, deploying network isolation equipment between the key protection core area and the safety area and between the safety area and the basic safety area respectively, and formulating the access control strategy of each area according to the user role and the service data flow direction between each area, the user role comprises: general users, service application managers, system managers and leader users;
the safety audit module is used for acquiring service data in a key protection core area, a safety area and a basic safety area, carrying out integrity verification according to service data constraint conditions to obtain available service data, acquiring a system operation log, a user operation log, an application database log and an operating system log from the available service data, carrying out safety audit on the system operation log, the user operation log, the application database log and the operating system log to generate an audit report, and positioning a responsible person causing an error or a warning event according to the audit report when the error or the warning event occurs;
and the authority distribution module is used for distributing the access authority on the basis of the user role according to the user role, the geographic position and the security level of the key protection core area, the security area and the basic security area, recording user account information, user login time, logout time, an access terminal address, an operation object and an operation mode, generating a user operation log, and adjusting the access authority of the user according to the user operation log.
9. A computer-readable storage medium storing computer instructions for causing a computer to execute the safety control method of a power failure emergency repair system according to any one of claims 1 to 7.
10. A computer device, comprising: a memory and a processor, the memory and the processor are connected with each other in communication, the memory stores computer instructions, and the processor executes the computer instructions to execute the safety control method of the power failure emergency repair system according to any one of claims 1 to 7.
CN202010844440.0A 2020-08-20 2020-08-20 Safety management and control method and system for power failure first-aid repair system Active CN111984999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010844440.0A CN111984999B (en) 2020-08-20 2020-08-20 Safety management and control method and system for power failure first-aid repair system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010844440.0A CN111984999B (en) 2020-08-20 2020-08-20 Safety management and control method and system for power failure first-aid repair system

Publications (2)

Publication Number Publication Date
CN111984999A true CN111984999A (en) 2020-11-24
CN111984999B CN111984999B (en) 2021-11-30

Family

ID=73442437

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010844440.0A Active CN111984999B (en) 2020-08-20 2020-08-20 Safety management and control method and system for power failure first-aid repair system

Country Status (1)

Country Link
CN (1) CN111984999B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115087000A (en) * 2021-03-03 2022-09-20 阿里巴巴新加坡控股有限公司 Fault determination method and device, nonvolatile storage medium and computer terminal
CN115643573A (en) * 2022-09-30 2023-01-24 东方中泰(北京)科技有限公司 A privileged account authentication method and system based on a dynamic security environment
CN116132158A (en) * 2023-02-08 2023-05-16 东北电力大学 Power monitoring system network risk assessment method considering subareas

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036881A (en) * 2012-12-11 2013-04-10 广东电网公司电力调度控制中心 System for unified configuration of isolation devices
CN103227797A (en) * 2013-05-08 2013-07-31 上海电机学院 Distributive management system of information network security for power enterprises
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN105847021A (en) * 2015-01-13 2016-08-10 国家电网公司 Concentrated operation and maintenance safety audit system in intelligent power grid dispatching control system
CN106790121A (en) * 2016-12-27 2017-05-31 逯帅 Power system service network
CN107231371A (en) * 2017-06-23 2017-10-03 国家电网公司 The safety protecting method of Electricity Information Network, device and system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103036881A (en) * 2012-12-11 2013-04-10 广东电网公司电力调度控制中心 System for unified configuration of isolation devices
CN103227797A (en) * 2013-05-08 2013-07-31 上海电机学院 Distributive management system of information network security for power enterprises
CN104184735A (en) * 2014-08-26 2014-12-03 国家电网公司 Electric marketing mobile application safe protection system
CN105847021A (en) * 2015-01-13 2016-08-10 国家电网公司 Concentrated operation and maintenance safety audit system in intelligent power grid dispatching control system
CN106790121A (en) * 2016-12-27 2017-05-31 逯帅 Power system service network
CN107231371A (en) * 2017-06-23 2017-10-03 国家电网公司 The safety protecting method of Electricity Information Network, device and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
全国电力二次系统安全防护专家组、工作组: "全国电力二次系统安全防护总体方案", 《北极星电力下载中心》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115087000A (en) * 2021-03-03 2022-09-20 阿里巴巴新加坡控股有限公司 Fault determination method and device, nonvolatile storage medium and computer terminal
CN115643573A (en) * 2022-09-30 2023-01-24 东方中泰(北京)科技有限公司 A privileged account authentication method and system based on a dynamic security environment
CN116132158A (en) * 2023-02-08 2023-05-16 东北电力大学 Power monitoring system network risk assessment method considering subareas

Also Published As

Publication number Publication date
CN111984999B (en) 2021-11-30

Similar Documents

Publication Publication Date Title
US11693591B2 (en) Multi cloud data framework for secure data access and portability
CN1773937B (en) Equipment management device, equipment, and equipment management method
JP6396887B2 (en) System, method, apparatus, and non-transitory computer readable storage medium for providing mobile device support services
CN103391216B (en) A kind of illegal external connection is reported to the police and blocking-up method
CN107943580A (en) For managing the method and equipment of user's intelligence contract at block chain link point
CN111984999A (en) A safety management and control method and system for a power failure emergency repair system
EP4350554B1 (en) Secure count in cloud computing networks
CN118484267B (en) Cloud computing-based online service computing power optimization method and system
Kambala Designing resilient enterprise applications in the cloud: Strategies and best practices
CN107197041A (en) A kind of safe cloud computing system
CN118827140A (en) Data security protection system based on blockchain
CN106603488A (en) Safety system based on power grid statistical data searching method
CN111859379B (en) Processing method and device for protecting data model
CN118784712A (en) An enterprise digital service platform with multi-tenant and microservice architecture
CN114625074A (en) Safety protection system and method for DCS (distributed control System) of thermal power generating unit
EP2887703B1 (en) Application protection in a mobile telecommunication device
CN118713858A (en) A security gateway management method for managing AI large language models
CN102291239A (en) Remote authentication method, system, agent component and authentication servers
CN105721486A (en) Single-user multi-system sign-on framework and method
CN109104314B (en) Method and device for modifying log configuration file
US20250298886A1 (en) Method, apparatus, device, and storage medium for cdn service orchestration in multi-cloud environment
CN111124591A (en) Mirror image transmission method and device, electronic equipment and storage medium
CN116974703B (en) Kubernetes application resource management method and system
US12443707B2 (en) Trust-based workspace instantiation
CN105631357A (en) System and method for protecting information security of mobile terminals

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20201119

Address after: Sixteenth No. 32, 1601 and 1602, power dispatching communication building, No. 570100, Fu Lu, Haikou, Hainan

Applicant after: INFORMATION COMMUNICATION BRANCH OF HAINAN POWER GRID Co.,Ltd.

Address before: No. 32, Haifu Road, Meilan District, Haikou, Hainan

Applicant before: HAINAN POWER GRID Co.,Ltd.

SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20231228

Address after: Room 1601 and 1602, 16th Floor, Power Dispatch Communication Building, No. 32 Haifu Road, Haikou City, Hainan Province, 571100

Patentee after: INFORMATION COMMUNICATION BRANCH OF HAINAN POWER GRID CO.,LTD.

Patentee after: Hainan Electric Power Industry Development Co.,Ltd.

Address before: 570100 rooms 1601 and 1602, 16th floor, power dispatching and communication building, No.32 Haifu Road, Haikou City, Hainan Province

Patentee before: INFORMATION COMMUNICATION BRANCH OF HAINAN POWER GRID CO.,LTD.