摘要
通过引入IT服务管理的理念,将安全运营管理定位为IT基础设施库ITIL中的服务,同时综合借鉴BS7799、NIST SP800系列以及其它有关信息安全标准的特点,构建基于ITIL的网络安全运营管理体系,帮助解决安全运营管理平台相关技术和产品的研究开发过程缺乏标准和规范的问题。服务级别管理是基于ITIL的网络安全运营管理体系保证安全服务达到组织或客户的期望并获得认可的关键,是基于安全服务级别协议的协商、定案、监控、报告和总结的过程。详细阐述了安全服务级别管理的相关概念、流程以及与安全运营管理体系其它过程间的关系。
By introducing the theory of IT service management and positioning security operation management as service in ITIL as well as utilizing BS7799, NIST 800 series and other security standards for reference, a network security management architecture based on ITIL is proposed to solve the problem of lacking of the uniform standard and criterion in developing the techniques and products of security operation. Security service level management is the key to meet expectations of organizations or customers and satisfy them in security services. SLM is the process of negotiation, agreement, monitoring, reporting and summary, which is based on service level agreement (SLA). The relevant concepts, procedures as well as relations with other processes are expounded.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第4期780-784,868,共6页
Computer Engineering and Design
基金
国家自然科学基金项目(60403006)
北京市科技计划基金项目(D0105007040331)
关键词
IT基础设施库
服务级别管理
服务级别协议
运营级别协议
支持合同
IT infrastructure library (ITIL)
service level management (SLM), service level agreement (SLA), operation level agreement (OLA)
underpinning contract (UC)
