Integrated emergency response system in information infrastructure and operating method therefor
First Claim
1. An integrated computer emergency response system comprising:
- an information collecting/managing section for collecting security information about a wide range of security incidents and vulnerabilities which may be a threat to systems to be protected, via nationwide or enterprise-wide information technology infrastructures, including computer systems or networks, applications and internet services, and storing source data;
an information processing/analyzing section for processing and analyzing collected security information using a predetermined analysis algorithm and storing and managing analysis results;
an operating system section including an information sharing/searching/announce unit for transferring the processed and analyzed information to at least one system to be protected or an external system and a display unit for outputting necessary security information in a predetermined form;
an information security section for protecting the integrated computer emergency response system'"'"'s own information; and
a database section including a vulnerability DB for storing vulnerability information and a source/processed DB for storing source data and processed data.
0 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to an emergency response system for use in a whole-national or whole-enterprise information infrastructure including computer systems, networks, application programs, the internet and an operation method thereof. The emergency response system automatically collects/classifies various infringements (hacking, computer virus, worm virus, cyber-terror, network spy etc), processes/analyzes information on the infringements in necessary manner according to the corresponding organization, and uses processed or analyzed information. Furthermore, the emergency response system provides a trusted information sharing system and a communication network for sharing accumulated information as above, provides an infringement evaluation and early warning for the infringements, and performs a simulation for possible infringements.
-
Citations
27 Claims
-
1. An integrated computer emergency response system comprising:
-
an information collecting/managing section for collecting security information about a wide range of security incidents and vulnerabilities which may be a threat to systems to be protected, via nationwide or enterprise-wide information technology infrastructures, including computer systems or networks, applications and internet services, and storing source data;
an information processing/analyzing section for processing and analyzing collected security information using a predetermined analysis algorithm and storing and managing analysis results;
an operating system section including an information sharing/searching/announce unit for transferring the processed and analyzed information to at least one system to be protected or an external system and a display unit for outputting necessary security information in a predetermined form;
an information security section for protecting the integrated computer emergency response system'"'"'s own information; and
a database section including a vulnerability DB for storing vulnerability information and a source/processed DB for storing source data and processed data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for responding to a security incident by using an integrated computer emergency response system, which comprises:
-
an information collecting step performed by an information collecting/managing section to collect security information about security incidents and vulnerabilities through a predetermined communication network;
an information processing/analyzing step performed by an information processing/analyzing section to database collected security information and analyze the databased information using a predetermined analysis algorithm;
an information sharing/searching/announce step of managing processed and analyzed security information to be shared and searching for and providing the information upon request; and
an alerting step of sending predetermined early warning information to at least one of any inside and outside systems if an alert is required for any incident or vulnerability. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification