建立中国石化网络安全风险管控和处置机制研究

Research on Establishing Sinopec Network Security Risk Management and Disposal Mechanism

新时代下的网络安全已经不再是单打独斗,尤其是针对某一类行业而言,能源、化工、电力等行业也逐渐成为国外黑客组织的重要打击目标.所以在未来的防御能力建设上需要行业内各部门联合起来一致对外,实现行业内的威胁情报共享.但是作为央企内部首先要做好自身的联防联控,在中国石化内部首先实现情报共享、威胁联动和应急处置.中国石化认真贯彻落实国家风险防范化解的工作部署要求,强化内部网络安全管控体系建设,严格把控信息系统设计和建设阶段与内控的结合,不断强化信息化刚性约束.网络安全管理与网络安全防护技术并重,以管理为先导、以技术为支撑,共同编织中国石化的网络安全防护大网,有效抓实网络安全工作,形成网络安全内生聚合力,打造中国石化“5+2”的网络安全风险联防联控机制,推动整体网络安全和信息化工作的协调发展.

Network security in the new era is no longer a one-man fight, especially for a certain type of industry such as energy, chemical, electric power and other industries have gradually become important targets of foreign hacker organizations. Therefore, in terms of future defense capability building, we need to unite together to achieve threat intelligence sharing within the industry. However, as a central enterprise, we must first do our own joint defense and control, and realize intelligence sharing, threat linkage and emergency response within Sinopec at first. Sinopec conscientiously implements the work deployment requirements of national risk prevention and mitigation, strengthens the construction of internal network security management and control system, strictly controls the integration of information system design and construction phase with internal control, and continuously strengthens the rigid constraints of informatization. Network security management and network security protection technology are equally important. With management as the guide and technology as the support, we will jointly weave Sinopec’s network security protection network, effectively implement network security work, form an endogenous cohesion of network security, and build Sinopec’s “5+2” cybersecurity risk control and handling mechanism, promote the coordinated development of overall network security and informatization work.