摘要
医院信息系统数据库采用的后关系型数据库Caché,除了具备关系数据库的一些特点外,还具有独特的多维数据结构,采用特殊的面向对象的M语言。针对后关系数据库,采用关系数据库审计技术,无法达到满意的审计效果。根据国家信息安全等级保护对数据库的审计系统的要求,医院按照分层模式构建数据库审计系统并以旁路监听的方式接入。经过一年多的使用,该方案可以有效地实现对数据库访问行为的审计,同时可以对敏感数据的高风险访问进行报警和记录,防止数据泄露。
Caché, the post-relational database used by the hospital information system database not only has some characteristics ofa relational database, but also has the unique multi-dimensional data structure and uses the special object-oriented M language. Forthe post-relational database, with the relational database audit technology, the satisfactory auditing results cannot be achieved. In thispaper, according to requirements of the national classified protection of information security protection to the audit system of database,the hospital builds the database audit system according to the hierarchical model and accesses by bypass monitoring. After more thana year of use, this proposal can effectively realize the audit of database access behaviors, and alarm and record the high-risk access tosensitive data and prevent data leakage.
作者
韩向非
郭幽燕
伍阳
赵宇
刘永波
HAN Xiang-fei;GUO You yan;WU Yang;ZHAO Yu;LIU Yong bo
出处
《中国数字医学》
2016年第11期71-73,110,共4页
China Digital Medicine
