大型煤业集团信息安全体系设计

Security Architecture of the Information System of a Large-scale Coal-mining Enterprise

大型煤业集团信息系统是由众多子系统所组成的大规模、跨地域、异构和多业务的复杂大系统,它的安全是多因素和动态的。本文根据信息保障技术框架和信息安全风险管理的流程、方法,同时结合煤业集团的实际情况,以“纵深防御”的思想为出发点,通过构建信息安全管理体系和技术体系来保障系统的安全。

The information system of the coal-mining enterprise is a large-scale, multi-service and complex system that strands across multiple geographic areas and consists of several heterogeneous networks. Security of the system is a dynamic process that involves multiple factors. This article presents a security architecture to ensure the information security of the system. In the process of forming the security architecture, the author adopted the technical framework of information assurance, utilized the methodology and procedures of risk management, adopted the strategy of ＂Defense-in-Depth＂ and took into consideration of conditions and specific requirements of the coal-mining enterprise.