摘要
针对目前企业信息系统频繁遭受非法访问、网络攻击和信息窃取等安全威胁,从物理安全设计、系统安全设计、组网规划、子网规划、网络隔离、访问控制、操作系统安全、应用系统安全、重点主机防护、连接与传输安全、安全综合管理、控制方案设计和安全管理等方面开展信息系统安全设计;同时,从数据备份、日志审计与备份、灾难恢复和安全应急响应等方面制定了安全运维措施,对于提高企业信息系统的安全性具有重要的意义。
In view of the current situation that enterprise information system is frequently affected by illegal access, network attack, information interception and other security threats, the information system security design is carried out from the aspects of physical security design, system security design, network planning, subnet planning, network isolation and access control, operating system security, application system security, key host protection, connection and transmission security, security integrated management and control scheme design and security management. At the same time, the security operation and maintenance measures are developed from the data backup, audit and backup, disaster recovery, security emergency response and other aspects, which is of great significance to improve the security of enterprise information system.
作者
张红金
蹇彪
张洋
ZHANG Hongjin JIAN Biao ZHANG Yang(CEPREI, Guangzhou 510610, China Wuhu CEPREI Robot Industry Research Institute Co., Ltd., Wuhu 241006, China)
出处
《电子产品可靠性与环境试验》
2017年第5期65-70,共6页
Electronic Product Reliability and Environmental Testing
关键词
信息系统
安全
设计
方案
运维
information system
design
security
scheme
operation and maintenance
