针对南方某电网主机系统安全审计的研究

The Research on Host System Security Audit of a South Power-Grid Company

随着南方某电网公司信息化建设的快速发展,以及在实际网络环境下业务主机安全审计和实现的不足,亟需提出一套成熟的主机安全审计方案,有效监控主机安全事件,加强信息安全管理和风险控制,从而满足政策合规的要求。针对该电网公司主要业务系统的体系结构、业务特点和功能模块进行分析,并结合实际的主机安全审计需求,提出切实可行的主机保护策略和实施建议。

With rapid development of the information construction in the south power grid company, and lack of business host security audit under the actual network environment, a mature solution of host security audit is highly in demand. It is required to monitor the host security events, strengthen the information security management and risk control effectively, so as to satisfy the requirements of policy compliance. In this article, we analyze the architecture, business features and functional modules of the major business systems in the company. According to the actual host security audit requirements, we propose the practical host protection policies and the implementation suggestions.