摘要
内网的安全,其实质就是数据的安全。因此,首先应该关注数据类型,确定保护对象,方能有的放矢。如今,使用最广泛的电子文件格式是文档文件,尤其是对于政府部门和事业单位,文档是最主要的信息载体,基本上所有的涉密文件均为文档类型。因此保护好文档安全,在一定程度上就是保护好内网安全。在内网建立一套完善的文档安全防护机制,在终端直接对文档的行为进行监控和审计,是防止文档泄露的最佳解决方案之一。对文档的监控和审计,能杜绝很大一部分泄密事件的发生,即使泄密事件发生,也能够很快找到泄密途径,追究责任,挽回损失;同时,通过对大量行为数据的分析,能够为管理者找到安全管理漏洞,不断完善安全管理机制。
Network security, essentially is the data security. So, first of all, the attention should be paid to the data type, protection object. Nowadays, the most widely used is electronic file format, particularly for government departments, public institutions. The document is the main carrier of information, all confidential documents basically belong to the document type. Thus the protection of document security, to a certain extent, is to protect the network security. The construction of perfect document security protection mechanism in the intranet, and the direct conduct of document monitoring and audit in the terminal, are the fairly good solutions for document leakage. The document monitoring and audit can largely prevent the occurrence of leakage incidents, even if the incidents happen, can quickly find the leaking ways, accountability, and remedies. Meanwhile, the analysis on large quantities of behaviors data can help managers find the security loopholes, and constantly improve the safety management mechanism.
出处
《信息安全与通信保密》
2011年第3期73-74,78,共3页
Information Security and Communications Privacy
关键词
文档安全审计
文档操作行为
文档内容行为
电子文档保密技术
document security audit
document operation behavior
document content behavior
E-document security technology
