摘要
随着信息技术的高速发展,信息安全的"内控"问题已经到了不可忽视的地步,关键信息系统的越权操作、误操作、滥用,以及信息泄露,都有可能导致企业的重大损失,甚至危及国家安全。论文针对现有安全审计技术的不足,提出了一个有效的产品模型,试图解决目前审计产品不能审计加密协议,会话记录不完整,以及不够高效易用等问题,力图使审计产品逐渐走向实用化。
With the high-speed development of Information Technology, Internal Control is playing important role in information security. The abuse or misuse of internal information system, and the leak of company operation data, may lead to considerable loss of enterprises, or even may threaten the national security. This paper describes a new model of network security auditing system, which focuses on providing a solution for encrypted protocols analysis, complete ses-sion minutes, and effective auditing methods, th...
出处
《信息安全与通信保密》
2008年第2期89-91,共3页
Information Security and Communications Privacy
关键词
审计
加密协议
萨班斯
网络安全
audit
encrypted protocol
Sarbanes-Oxley Act
network security
