摘要
目的阐述基于态势感知平台的医院安全运营实践方案,构建主动、协同、闭环、高效的安全运营体系。方法于2021年9—12月开展持续的安全运营实践活动,提出医院安全运营框架,以人员、技术、流程为支撑,围绕资产、漏洞、威胁、事件4个要素展开分析。结果克服医院安全数据孤岛、高级威胁检测滞后、安全事件溯源机制不健全、安全管理不善等问题,安全管理趋向规范化,降低医院网络信息安全风险。结论该安全运营实践方案取得了良好的效果,有效提升医院安全运营效率与质量,为其他医院安全管理中心的建设和运营提供参考。
Objective To expound the practice plan of hospital safety operation based on situational awareness platform,and to build an active,collaborative,closed-loop and efficient safety operation system.Methods From September to December 2021,continuous security operation practice activities were carried out,and a hospital security operation framework was proposed,supported by personnel,technology,and processes,and analyzed around the four elements of assets,vulnerabilities,threats,and events.Results The problems of hospital security data silos,lag in advanced threat detection,imperfect security event traceability mechanism,and poor security management were overcome.Security management tends to be standardized,reducing hospital network information security risks.Conclusion The safety operation practice plan has achieved good results,effectively improving the hospital safety operation efficiency and quality,and providing a reference for the construction and operation of other hospital safety management centers.
作者
陈明
林志刚
林传捷
CHEN Ming;LIN Zhigang;LIN Chuanjie(Information Center of the First Affiliated Hospital of Fujian Medical University,Fuzhou,Fujian Province,350005 China)
出处
《中国卫生产业》
2022年第10期98-101,共4页
China Health Industry
基金
福建医科大学附属第一医院软科学研究计划项目资助(2020FY-R-05)。
关键词
态势感知
安全运营
安全管理
网络信息安全
Situational awareness
Security operation
Security management
Network information security
