SYSTEM AND OPERATING METHOD OF DETECTING HACKING HAPPENING FOR COMPLEMENTARY SECURITY MANAGEMENT SYSTEM

摘要

An integrated security management system for detecting hacking and an operating method are provided to monitor a hacking infringement of a server in real time through correlation analysis of plural solutions and automatically provide an optimum countermeasure suitable for information properties environment, thereby quickly dealing with and alarming a hacking infringement accident. An integrated hacking security management system of a data server comprises a solution unit(10), a log collecting unit(20), a security management unit(30), an infringement accident dealing unit(40), and an integrated circumstance unit(50). The security management unit analyzes risk information and infringement information from security events, threat information and harmful information collected by the log collecting unit. The infringement accident dealing unit presents an optimum countermeasure by analyzing a risk and infringement through frequency analysis, cross analysis and correlation analysis from the risk information and the infringement information provided by the security management unit. The infringement accident dealing unit manages external infringement accident receipt, history and present condition information. The security management unit comprises an event management unit, a traffic management unit, an operation management unit and an information collecting unit. The event management unit performs real time management of infringement events of information properties through performance monitoring and event monitoring and configuration. The event management unit searches log information, and analyzes transition and information by correlation.