摘要
在电力工业与信息工业高度融合的进程中,信息安全至关重要。为了保障网络信息的机密性,信息系统网络中部署了多种安全防护技术手段,使得信息系统受到外部网络攻击造成的危害越来越少。为了保障系统业务的连续稳定进行,对系统内部风险的控制变得越来越重要。因此,信息安全运维审计的概念应运而生。根据电力行业信息安全对运维审计的需求,提出了运维审计的网络模型,研究了进行安全运维操作的理论及技术,并分析对比了基于旁路及基于代理的运维审计网络模型,对运维审计模型的访问及控制机制作了详尽的描述分析,进而降低电力行业内部的安全风险。作为信息安全建设中不可或缺的部分,信息安全运维审计在保障企业信息安全及完整中起到了至关重要的作用。
Information security is critical in the highly integrated process of the power industry and the information industry. To ensure the confidentiality of network information, variety of secure protection measures are deployed. To ensure stable operation of the system, the control of the internal risks also becomes more and more important. Therefore, the concept of information security operation audit comes into consideration. Here, we propose network model for operation audit according to the requirements of information security for operation in the power industry. To reduce the security risks in the power industry, we research the theory and technology of safe operation audit and analysis on the access and control mechanisms of the information security operation audit model. As an indispensable part of enterprise information security construction, operation security audit is an important part of the enterprise security system.
作者
陈剑飞
孙强
孔德秋
CHEN Jianfei;SUN Qiang;KONG Deqiu(National Network Shandong Electric Power Company,Jinan 250001;Weihai Wendeng District Power Supply Company,State Network Shandong Electric Power Company,Weihai 264400;Economic and Technical Research Institute,National Network Shandong Electric Power Company,Jinan 250001)
出处
《微型电脑应用》
2019年第7期99-102,共4页
Microcomputer Applications
