摘要
随着网络攻击技术的层出不穷和高危零日漏洞的不断发现,传统的信息安全防护手段已不足以应对日新月异的网络安全威胁。为了满足企业主动管控、系统防护和纵深防御的安全需求,提出了技术与管理相结合、动态与静态相融合的企业信息系统安全保障体系总体架构,详细阐述了安全体系建设涉及到的安全策略、安全技术、安全管理和安全运维的核心体系设计。通过构建可管、可视、可控的信息安全体系,保障企业业务系统的安全稳定运行。
With the emergence of network attack technology and the continuous discovery of high-risk 0 day vulnerabilities,traditional information security protection methods are insufficient to cope with the changing network security threats.In order to meet the security requirements of active management and control,system protection and defense in depth,this paper proposes a design scheme of enterprise information security assurance system which combines technology and management,dynamic and static.This paper gives the overall architecture design of enterprise information system security assurance system.This paper elaborates the core system design of security strategy,security technology,security management and security operation and maintenance involved in the security system construction.By building a manageable,visible and controllable information security system,we can ensure the safe and stable operation of the enterprise business system.
作者
钟征燕
韦屹
ZHONG Zhengyan;WEI Yi(Information Center of China Tobacco Guangxi Industrial Co.,Ltd.,Nanning 530001,China)
出处
《现代信息科技》
2020年第10期139-141,共3页
Modern Information Technology
关键词
信息安全
体系设计
分级保护
整体防御
动态管理
information security
system design
classified protection
overall defense
dynamic management