The invention relates to an emergency disposal system and an emergency disposal method for network security events. The system comprises a data collection module, an event management module, an eventdisposal module, an auxiliary tool module and an expert knowledge base module. The basic information of network security event is input and the security detection is carried out by using auxiliary tool module, The data acquisition module collects information, searches implanted files by using auxiliary tool module and inputs them into the system, the event disposal module analyzes and obtains theclue tree and attacker information, confirms the analysis results based on the information of expert knowledge base module, determines the nature of the event, draws the rectification suggestions andissues the event disposal report, and rectifies the event. The invention establishes a standard network safety incident emergency treatment process, standardizes the incident treatment means and method, improves the treatment efficiency, avoids the expansion of harm, reduces the economic loss, integrates information collection, analysis and rectification into one, automatically analyzes, generatesrectification suggestions, generates reports, retains the treatment results, and facilitates access.