信息网络安全

信息网络安全 ›› 2016, Vol. 16 ›› Issue (6): 81-85.doi: 10.3969/j.issn.1671-1122.2016.06.013

• • 上一篇    下一篇

下一代运维安全审计系统研究与设计

王海涛()   

  1. 中国电力建设股份有限公司信息化管理部,北京 100048
  • 收稿日期:2016-02-15 出版日期:2016-06-20 发布日期:2020-05-13
  • 作者简介:

    作者简介: 王海涛(1972—),男,四川,高级工程师,硕士,主要研究方向为企业信息安全、企业信息化管理、数据安全管理。

Research and Design of the Next Generation of Operation Security Audit System

Haitao WANG()   

  1. Power Construction Corporation of China, Ltd. Information Managemet of, Beijing 100048, China
  • Received:2016-02-15 Online:2016-06-20 Published:2020-05-13

RichHTML

3

PDF (PC)

175

摘要:

文章通过对信息安全现状的分析,结合运维审计领域新的安全形势和业务需求,主要研究了运维安全审计系统未来的发展趋势,提出了下一代运维安全审计系统在安全治理、安全风险管理和法律法规遵从性三个方向的技术发展路线。为了解决目前运维安全管理体系中缺乏有效风险管理机制的问题,文章重点研究了下一代运维安全审计系统风险管理,包括风险识别、风险评估、风险感知等课题,提出了在各种场景和模型下基于CORAS框架的风险分析技术方法,以及利用贝叶斯定理初步探讨风险感知的实现机制。

关键词: 运维安全审计系统, 风险管理, 风险感知

Abstract:

Based on the analysis of current situation of information security, combined with the new security trends and new business needs in operation security audit field, this article mainly studied the development trends of the operation security audit system, given the technology roadmap for the next generation operation security audit system in three directions: governance, risk management and compliance. In order to solve the lack of effective risk management mechanism for current operation security audit system, this article studied the topic of risk management for the next generation operation security audit system, including risk identification, risk assessment, risk awareness, proposed a security risk analysis methodology with CORAS framework, introduced how to implement it on the operation security audit system through a step-by-step technological method in different scenarios and models. At last presented the risk awareness process using Bayesian theorem.

Key words: operation security audit system, risk management, risk awareness

中图分类号: