摘要
信息系统运维安全管理是信息系统可靠运行、有效提供服务功能的重要保障。信息系统运维安全管控建设要以国际、国内信息安全管理标准规范为依据,将标准规范有机融入到信息系统运维管理流程之中,以帐户密码动态管理和操作行为审计管理为核心构建运维安全管控平台,通过帐户集中管理、密码审批使用、操作权限控制、行为审计监督,解决运维过程不可控、访问操作难预测、运维内容不可知等问题,真正实现信息系统运维事前预防、事中监控、事后审计的完整闭环安全管理。
Information system security management is an important guarantee for the reliable operation and maintenance of the information system and the effective provision of service function. The construction of information system maintenance and safety control should be on the basis of domestic and international information security management standard, and should incorporate the standards into the information system maintenance management process. Account password dynamic management and operation behavior audit management are the core for construction of information system maintenance security control platform. By centralized account management, password use-approval, access control, and operating behavior audit, the problem of uncontrollable maintenance process uncontrollable, unpredictable access operation and unknown maintenance content could be solved, thus to truly realize completely closed security management on beforehand prevention, incident monitoring and post auditing of information system maintenance security management.
出处
《通信技术》
2017年第8期1831-1835,共5页
Communications Technology
关键词
信息系统
运维
安全管控
动态管理
information system
operation and maintenance
security management
dynamic management
