基于ITIL的网络安全运营管理体系研究被引量：12

Architecture for network security operation management based on ITIL

下载PDF

导出

摘要采用安全运营管理平台对来自于防火墙、入侵检测系统、防病毒系统、主机及网络设备的报警信息和安全审计数据进行综合分析,可以实现更为有效的安全管理,及时判断安全事件及网络系统的现状和发展趋势。由于在安全运营管理相关技术和产品的研究开发过程中缺乏统一的标准和规范,使得无法有效地利用现有技术和产品进行高效的事件联动、协助分析和信息综合,这对高效的安全运营管理带来了巨大的挑战。文章从国内外现状和趋势出发,综合借鉴BS7799、NIST SP 800系列以及其它有关信息安全标准的特点,引入IT服务管理的理念,将安全运营管理定位为IT基础设施库中的服务,详细阐述了基于ITIL的网络安全运营管理体系的设计思想、基本框架、管理流程和流程间的关系。 Security operation platform can realize more effective security management and judge the current situation and trend of security incidents and networks system in time by analyzing the alarm information and security audit data from Firewall,IDS, anti-Virus system,mainframe and networks devices.Due to lacking of the uniform standard and criterion in developing the techniques and products of security operation,it brings a big challenge to highly efficient security operation and is unable to leverage the current techniques and products to conduct the incidents linkage,associated analysis and information integration. By the research of the worldwide status and trend and using BS7799,NIST SP800 series and other standards for reference,we introduce the theory of IT services and position the security operation as service in IT Infrastructure Library （ITIL）,and expound the design ideas,framework,management procedures and the relations between the procedures of the ITIL-based networks security operation platform.

作者刘海峰连一峰

机构地区中国科学院研究生院信息安全国家重点实验室

出处《计算机工程与应用》 CSCD 北大核心 2007年第9期193-197,共5页 Computer Engineering and Applications

基金国家自然科学基金(the National Natural Science Foundation of China under Grant No.60403006) 北京市科技计划项目(No.D0105007040331)资助。

关键词安全运营管理 IT基础设施库服务级别管理 Security Operation, Management IT Infrastructure Library （ITIL） Service Level Management （SLM）

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献9

1Rudd C.An introductory overview of ITIL[S/OL].[2004-04].http://www.itsmf.com/bestpractice/publications.asp.
2BSI,BS 7799-1:Information security management-part 1:code of Practice for information security management,BSI[S/OL].http://asia.bsi-global.com/China +InformationSecurity/Overview/WhatisBS7799.xalter.
3BSI,BS7799-2:Information security management-part 2:Specification for information security management systems,BSI[S/OL].http://asia.bsi-global.com/China+InformationSecurity/Overview/WhatisBS7799.xaher.
4NIST.NIST SP800-12 An introduction to computer seeuritv:the NIST handbook[S/OL].[1996-21].http://csrc.nist.gov/publications/nistpubs//800-12/handbook.pdf.
5Swanson M,Hash J,Bowen P/NIST SP800-18 Guide for Developing Security Plans for Federal Information Systems[S/OL].[2006-04].http://csrc.nist.gov/publications/nistpubs/800-18-Revl/sp800-18-Rev1-final.pdf.
6Swanson M,Wohl A,Pope L.et al.NIST SP800-34.Contingency planning guide for information technology systems[S/OL].[2002-06].http://csrc.nist.gov/publieations/nistpubs/800-34/sp800-34.pdf.
7ca公司.eTrust TM Security Management[EB/OL].http://www3.ca.com/solutions/Solution.aspx?ID=271.
8左天祖,刘伟.ITIL白皮书[M/OL].北京:北京大学出版社,2004-03.http://club.amteam.org/upload-file/83/839796_75149.PDF.
9Paul Overbeek.ITIL SECURITY MANAGEMENT Security as a managed service[EB/OE].[2004-06].http://www.spiral.lu/SI/Event.nsf/0/c0eba09d9cb8a870c1256eba002b6f49/$FILE/08_Overbeek_Sec-Man_Lux_Jun04.pdf.