CN113343266A - Information system safety operation management platform and method - Google Patents
Information system safety operation management platform and method Download PDFInfo
- Publication number
- CN113343266A CN113343266A CN202110717720.XA CN202110717720A CN113343266A CN 113343266 A CN113343266 A CN 113343266A CN 202110717720 A CN202110717720 A CN 202110717720A CN 113343266 A CN113343266 A CN 113343266A
- Authority
- CN
- China
- Prior art keywords
- information
- project
- data
- security
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title abstract description 7
- 238000012360 testing method Methods 0.000 claims abstract description 9
- 238000007726 management method Methods 0.000 claims description 121
- 230000005540 biological transmission Effects 0.000 claims description 9
- 230000000694 effects Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 claims description 3
- 230000002123 temporal effect Effects 0.000 claims description 3
- 230000006855 networking Effects 0.000 claims description 2
- 238000012423 maintenance Methods 0.000 abstract description 8
- 238000012827 research and development Methods 0.000 abstract description 8
- 230000008439 repair process Effects 0.000 abstract description 5
- 238000012937 correction Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 4
- 238000011156 evaluation Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The embodiment of the invention relates to an information system safety operation management platform and a method, which record the basic information of a project through a basic information module, manage the basic information of the project through an application system module, manage the safety information, baseline acceptance information, filing information and authentication information of the project through a compliance management module, manage the safety of data and system data uploaded by a user after the project is online through a data safety management module, manage the personal privacy information of the user corresponding to the project through a privacy protection module, manage the safety loopholes of the project through a safety tool module, thereby realizing the management of the unified management, execution, self-test, repair and correction of information safety loopholes, rationality of system safety measures and the like of the project from project establishment, research and development, online to operation and maintenance stages through the whole life cycle of the project, not only the safety risk of the product information is reduced, but also the management efficiency of the project is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of internet security, in particular to an information system security operation management platform and method.
Background
At present, management of enterprises after on-line item projects, research and development projects and systems are separately managed, for example, the projects are usually PMO management, including management of project establishment, bid inviting, acceptance and the like, the project establishment and the project research and development stages usually only pay attention to compliance of the projects and do not relate to safety management of the projects, the on-line system after the project is finished is usually managed and maintained by an operation and maintenance department to monitor whether the system is on-line, leak conditions, network conditions, whether a user can open a website and the like, and the separate management mode easily causes the problems of non-uniform management, untimely information exchange, low management efficiency and the like.
Disclosure of Invention
In view of this, embodiments of the present invention provide an information system security operation management platform and method, so as to implement full-flow management from project establishment to operation.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of embodiments of the invention.
In a first aspect of the present disclosure, an embodiment of the present invention provides an information system security operation management platform, configured to perform full-flow management from project establishment to operation, where the platform includes:
the basic information module is used for recording the basic information of the project;
the application system module is used for managing the basic information of the project;
the compliance management module is used for managing the safety information, the baseline acceptance information, the record information and the authentication information of the project;
the data security management module is used for managing the security of the data uploaded by the user and the system data after the project is online;
the privacy protection module is used for managing the personal privacy information of the user corresponding to the project;
and the safety tool module is used for managing the security vulnerability of the project.
In a second aspect of the present disclosure, an embodiment of the present invention further provides an information system security operation management method, which is used for full-flow management from project establishment to operation, and includes:
recording the basic information of the project through a basic information module;
managing basic information of the project through an application system module;
managing the safety information, the baseline acceptance information, the record information and the authentication information of the project through a compliance management module;
managing the security of the data uploaded by the user and the system data after the project is online through a data security management module;
managing personal privacy information of the user corresponding to the project through a privacy protection module;
and managing the security vulnerability of the project through a security tool module.
The technical scheme provided by the embodiment of the invention has the beneficial technical effects that: recording basic information of the project through a basic information module, managing the basic information of the project through an application system module, the safety information, the baseline acceptance information, the record information and the authentication information of the project are managed through the compliance management module, the data security management module manages the security of the data uploaded by the user and the system data after the project is on line, the personal privacy information of the user corresponding to the project is managed through the privacy protection module, the security loophole of the project is managed through the security tool module, through the whole life cycle of the project, the unified management, execution, self-checking and self-checking of the safety measures, the repair and correction of information security loopholes, the rationality of system safety measures and the like of the project from project establishment, research and development, online operation and maintenance to all stages are realized, the safety risk of product information is reduced, and the management efficiency of the project is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only a part of the embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the contents of the embodiments of the present invention and the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario of an information system security operation management platform provided in an embodiment of the present invention;
fig. 2 is a schematic diagram of an information system security operation management platform provided according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of the configuration of the compliance management module of FIG. 2;
FIG. 4 is a schematic diagram of the data security management module in FIG. 2;
fig. 5 is a flowchart of an information system security operation management method according to an embodiment of the present invention.
Detailed Description
In order to make the technical problems solved, the technical solutions adopted and the technical effects achieved by the embodiments of the present invention clearer, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is obvious that the described embodiments are only some embodiments, but not all embodiments, of the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, belong to the scope of protection of the embodiments of the present invention.
It should be noted that the terms "system" and "network" are often used interchangeably herein in embodiments of the present invention. Reference to "and/or" in embodiments of the invention is intended to include any and all combinations of one or more of the associated listed items. The terms "first", "second", and the like in the description and claims of the present disclosure and in the drawings are used for distinguishing between different objects and not for limiting a particular order.
It should be further noted that, in the embodiments of the present invention, each of the following embodiments may be executed alone, or may be executed in combination with each other, and the embodiments of the present invention are not limited in this respect.
The names of messages or information exchanged between devices in the embodiments of the present disclosure are for illustrative purposes only, and are not intended to limit the scope of the messages or information.
The technical solutions of the embodiments of the present invention are further described by the following detailed description with reference to the accompanying drawings.
Fig. 1 is a schematic view of an application scenario of an information system security operation management platform according to an embodiment of the present invention, and as shown in fig. 1, the information system security operation management platform according to this embodiment may be applied to management of multiple companies and multiple projects in a group, and perform full-flow management from project establishment to security operation in a group-company-project group-project/system-subsystem hierarchical system, and be managed by a network security professional. Specifically, the platform in this embodiment may implement secure operation management on each project/system of each project group of each company under the group, where one company may include n project groups, one project group may include n projects or systems, and one project or system may generate a plurality of subsystems, such as at least one of a web application system, a PC client, mobile APP software, a wechat public number, an applet, and an H5 page. In this embodiment, in order to ensure information security, management such as management, execution, self-test, repair and modification of information security vulnerabilities, rationality of system security measures, and the like of the security measures in each stage from project establishment, research and development, online operation to operation and maintenance can be implemented throughout the whole life cycle of system/software development, so that the security risk of product information is reduced as much as possible, and the security risk is advanced. And the security management conditions of all projects under the group can be visually and graphically managed on the platform home page.
Fig. 2 is a schematic diagram of an information system security operation management platform according to an embodiment of the present invention, and as shown in fig. 2, the information system security operation management platform 200 (hereinafter referred to as a platform) includes: a basic information module 201, an application system module 202, a compliance management module 203, a data security management module 204, a privacy protection module 205, and a security tools module 206. Wherein:
and a basic information module 201 for recording basic information of the item. The basic information of the project comprises basic information of the project or the system and basic information of the corresponding subsystem. Specifically, the basic information includes, but is not limited to, enterprise information of a project, system or subsystem (sub-project), enterprise principal information, principal information of the project, information of a security management principal, and the like, wherein the enterprise information may include an enterprise name, a unified social credit code of the enterprise, an enterprise legal person, and the like. In this embodiment, known information of the project establishment phase may be registered when the project, system or subsystem is established, and all information may be supplemented when the project, system or subsystem is accepted online.
And the application system module 202 is used for managing basic information of the project. Specifically, the overall collection management of the project or system and the management of the subsystem information (sub-project information) are included. The subsystem information includes a subsystem type, an access address, server information, system function information and the like, and the subsystem type includes any one of a web application type, a PC application type, an APP application type, a wechat public number application type, an applet application type and an H5 page application type. It will be appreciated that for a project or system, a plurality of different types of subsystems may be included.
And the compliance management module 203 is used for managing the safety information, the baseline acceptance information, the record information and the authentication information of the project. The safety information of the project comprises different safety levels set according to the safety requirements of the system or the subsystem, and safety information such as service types, service ranges, service requirements, influence degrees, input cost, complexity degrees and the like. The security level may be a level of a high level protected information system or subsystem, a level of a medium level protected information system or subsystem, or a level of a low level protected information system or subsystem, etc. The baseline acceptance information refers to relevant information for performing baseline acceptance on the system, for example, including applicable safety control items for acceptance, and when the project is accepted, the control items are checked item by item and corresponding evidence is provided, and if the project is not accepted, the acceptance fails. The filing information includes the system level protection filing information, level protection grading information, ICP filing information, and Internet filing information. The authentication information includes whether the system or the subsystem has performed relevant authentication and the state of the authentication (whether the system or the subsystem is expired, the certificate expiration time, etc.), and relevant authentication information can be input at this point, for example, authentication of an information security management system, authentication of a personal identity information protection management system, authentication of a cloud security association CSA STAR, authentication of information system security level protection, authentication of industrial internet security assessment, etc.
And the data security management module 204 is configured to manage security of data and system data uploaded by a user after the project is online. Including but not limited to managing the storage location of the data, the backup policy/period of the data, the size of the data, the registration information of the user, the daily activity amount of the user, the download amount of the user, the type of the data, the security level of the data, the security period of the data, the key type and the key name of the data, etc.
And the privacy protection module 205 is used for managing the personal privacy information of the user corresponding to the project. The personal privacy information includes data related to user privacy, such as any item of a key of a user accessing a system, an identification number of the user, an address, a telephone number, marital status, a driver's license, a passport, and the like, and the personal privacy information related to different items is different.
And the security tool module 206 is used for managing the security vulnerability of the project. For example, the information of the fault and the information security temporal state is recorded by a log and an alarm mode, so that the security of the test data and the source code is protected.
The information system safe operation management platform records the basic information of a project through a basic information module, manages the basic information of the project through an application system module, manages the safety information, the baseline acceptance information, the record information and the authentication information of the project through a compliance management module, manages the safety of data uploaded by a user and system data after the project is online through a data safety management module, manages the personal privacy information of the user corresponding to the project through a privacy protection module, manages the security loophole of the project through a safety tool module, realizes the management of unified management, execution, self-test and self-test, the repair and correction of the information security loophole, the rationality of the system security measure and the like of the project from project establishment, research and development, online to operation and maintenance stages through the whole life cycle of the project, reduces the safety risk of product information, and the management efficiency of the project is improved.
Fig. 3 is a schematic structural diagram of a compliance management module in an embodiment of the present invention, and as shown in fig. 3, the compliance management module 203 may include a security information management unit 2031, a baseline acceptance information management unit 2032, a docket information management unit 2033, and an authentication information management unit 2034.
In the embodiment of the present invention, the security information managing unit 2031 is configured to set security level information of an item or a sub-item, and manage the security level information of the item or the sub-item. The security level information of the project or the sub-project comprises different security levels set according to the security requirements of the project or the sub-project, and information such as a service type, a service range, a service requirement, an influence degree, an input cost, a complexity degree and the like. The security level may be a level of a high level protected information item or sub-item, a level of a medium level protected information item or sub-item, or a level of a low level protected information item or sub-item, etc.
The baseline acceptance information management unit 2032 is configured to manage a security baseline of the project, and perform acceptance operation according to the set security control item when the project is accepted. Specifically, by setting a safety control item suitable for baseline acceptance of a project or a sub-project, the control item is checked item by item and corresponding evidence is provided during project acceptance, and if the control item is not completed, the acceptance fails.
A record information management unit 2033 for managing the level protection record, level protection and grading, ICP record, and internet record of the project.
An authentication information management unit 2034 for managing the authentication information and the authentication status of the items. The authentication information includes information whether the item or the sub-item is subjected to related authentication, the authentication state refers to states such as expiration and certificate expiration, and the obtained related authentication information can be input here, for example, authentication of an information security management system, authentication of a personal identity information protection management system, cloud security alliance CSA STAR authentication, information system security level protection authentication, industrial internet security assessment evaluation authentication, and the like.
In the embodiment, the safety information, the baseline acceptance information, the record information and the authentication information of the project are managed by each unit of the compliance management module, so that the information safety requirement runs through the whole life cycle of the project, the safety measures are uniformly managed in each stage of the project, and the safety of project management is improved.
Optionally, the data security management module is specifically configured to: after the project is online, the identity of a user accessing the project is identified, and the personal and private data uploaded by the user are encrypted and transmitted and stored; for items which issue the internet and access internal resources, an HTTPS (Hyper Text Transfer Protocol over secure Transport Protocol) and a TLS (Transport Layer Security) are adopted for encrypted transmission; the data-based backup strategy performs backup processing on data saved in a database or files saved in a file system.
Fig. 4 is a schematic structural diagram of a data security management module in an embodiment of the present invention, and as shown in fig. 4, the data security management module 204 may include a data information unit 2041, a data classification and classification unit 2042, and a password application unit 2043.
The data information unit 2041 is configured to manage a storage location of the data, a backup policy of the data, a data size, registration information of the user, a daily activity amount of the user, and a download amount of the user.
The data classification and classification unit 2042 is used for managing the type of data, the security level of the data, and the security duration of the data. Wherein the type of data includes any of personal user data, enterprise user data, order data, product data, device data, platform data, and other data. The security level of the data includes any of sensitivity, trade secret, internal, and public.
The cryptographic application unit 2043 is configured to manage a key type and a key name of the data.
In the embodiment, the data security management module is used for effectively managing the security of the data uploaded by the user and the system data after the project is online, so that the security risk of project management is reduced, and the security of project management is further improved.
It will be appreciated that the project or sub-project (i.e., system or subsystem) can only be brought online after the security operation management platform has completed the security acceptance. After the project or sub-project is online, the security operation management platform can be further used for managing the online application condition, the affiliation relationship, the system rating, the security baseline, the system record, the passed security standard, the data security, the classification, the personal privacy protection, the password application condition and the like of the project or system of each company, so that the application security operation management can be conveniently developed, the current situation of each system and the stage of the system can be comprehensively known, and a targeted security protection measure can be taken.
For example, application security operations management may include managing multi-dimensional security requirements for user security, operational security, data security, development security, personal privacy protection, compliance, and so on.
In particular, user security may include security aspects of user authentication, rights management, access rights, access control, and the like. The operation safety comprises the steps of carrying out security vulnerability self-checking on the system, and modifying and reinforcing the system according to the security vulnerability self-checking result, wherein the self-checking range comprises an application system, an operating system, a database and the like.
Data security may then include the following: the user accesses the online system by adopting the password, and the submission of the password is transmitted by encryption so as to ensure the reliability of the transmission of the identity authentication information; encrypted transmission of private data, for example, data such as an identification number, an address, a telephone number, a marital status, a driver's license, and a passport, which are related to an individual and privacy, is encrypted by using a key; the method comprises the following steps of encrypting and storing personal privacy data, for example, encrypting and storing data such as personal and privacy identity card numbers, addresses, phone numbers and the like by adopting an asymmetric encryption technology; HTTPS encrypted transmission, for example, for a system that issues the internet and accesses internal resources, it is necessary to ensure that the system uses HTTPS and TLS for encrypted transmission; and data backup, namely backing up data stored in a database or files on a file system by adopting a predefined data backup strategy, so that the data can be recovered in time when the data is lost.
The development of safety specifically comprises recording system faults and information safety tenses through logs and alarms, protecting test data and ensuring the safety of source codes. The personal privacy protection is to protect the collected personal privacy information of the user.
The users accessing the security operation management platform can be divided into a security manager role and a development/project manager role, the development/project manager role can fill project/system information in the system, the registered information can be used for operation and maintenance in the future, the security manager carries out auditing management on the project/system information, and the approved system is registered in the security operation management platform, so that application security operation management can be conveniently carried out, the current situation of the system can be comprehensively known, and targeted security protection measures can be taken. The safety operation management platform is used as one of the safety acceptance links of each stage of the service system, all the systems need to register the relevant information of the application system in the system before acceptance, and the system can be accepted and on-line after safety evaluation. Therefore, project management runs through the whole life cycle of the project, unified management of project safety measures in each stage from project establishment, research and development, online operation and maintenance is achieved, and management efficiency and safety of the project are improved.
The modules or units described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
Fig. 5 is a flowchart of an information system security operation management method in an embodiment of the present invention, where the embodiment is used for full-flow management from project establishment to operation, as shown in fig. 5, the method includes the following steps:
and S510, recording the basic information of the item through a basic information module.
And S520, managing the basic information of the project through the application system module.
And S530, managing the safety information, the baseline acceptance information, the record information and the authentication information of the project through the compliance management module.
And S540, managing the security of the data uploaded by the user and the system data after the project is on line through the data security management module.
And S550, managing the personal privacy information of the user corresponding to the project through the privacy protection module.
And S560, managing the security vulnerability of the project through the security tool module.
In an optional embodiment of the present invention, the information system security operation management method may further include: the information known in the item stage in the basic information of the item is recorded by the basic information module when the item is established, and other information in the basic information of the item is recorded by the basic information module when the item is received on line.
In an optional embodiment of the present invention, the information system security operation management method may further include: and managing the sub-project information through the application system module, wherein the sub-project information comprises the type, the access address, the server information and the system function information of the sub-project.
In an optional embodiment of the present invention, in the information system security operation management method: the types of the sub-items include any one of a web application type, a PC application type, an APP application type, a wechat public sign application type, an applet application type, and an H5 page application type.
In an optional embodiment of the present invention, the information system security operation management method may further include: setting security level information of the project through a security information management unit, and managing the security level information of the project; managing the safety baseline of the project through a baseline acceptance information management unit, and executing acceptance operation according to the set safety control item when the project is accepted; the related safety certification of the project, such as level protection filing, level protection grading, ICP filing and international networking filing, is managed through the filing information management unit; the authentication information and the authentication state of the item are managed by an authentication information management unit.
In an optional embodiment of the present invention, the information system security operation management method may further include: after the project is on-line through the data security management module, identity authentication is carried out on a user accessing the project, and encrypted transmission and encrypted storage are adopted for personal and private data uploaded by the user; for items which issue the Internet and access internal resources, adopting HTTPS and TLS to carry out encryption transmission; the data-based backup strategy performs backup processing on data saved in a database or files saved in a file system.
In an optional embodiment of the present invention, the information system security operation management method may further include: managing the storage position of data, the backup strategy of the data, the data scale, the registration information of a user, the daily activity of the user and the download quantity of the user through a data information unit; managing the type of the data, the security level of the data and the security duration of the data through a data classification and classification unit; the key type and the key name of the data are managed by the cryptographic application unit.
In an optional embodiment of the present invention, in the information system security operation management method, the data type includes any one of personal user data, enterprise user data, order data, product data, device data, platform data, and other data; the security level of the data includes any one of sensitive, trade secret, internal, and public.
In an optional embodiment of the present invention, the information system security operation management method may further include: and recording the information of the fault and the information security temporal state in a log and alarm mode through the security tool module so as to protect the security of the test data and the source code.
For the specific description of each step, reference may be made to the description of the above embodiments.
In the embodiment of the invention, the basic information of a project is recorded through a basic information module, the basic information of the project is managed through an application system module, the safety information, the baseline acceptance information, the record information and the authentication information of the project are managed through a compliance management module, the safety of data uploaded by a user and system data after the project is online is managed through a data safety management module, the personal privacy information of the user corresponding to the project is managed through a privacy protection module, and the security loophole of the project is managed through a safety tool module, so that the unified management, execution, self-test and self-check of the safety measures, the repair and modification of the information safety loophole, the rationality of the system safety measures and the like in the stages from project establishment, research and development, online to operation and maintenance are managed through the whole life cycle of the project, the safety risk of product information is reduced, and the management efficiency of the project is improved.
The foregoing description is only a preferred embodiment of the invention and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure in the embodiments of the present invention is not limited to the specific combinations of the above-described features, but also encompasses other embodiments in which any combination of the above-described features or their equivalents is possible without departing from the spirit of the disclosure. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present invention are mutually replaced to form the technical solution.
Claims (10)
1. An information system security operation management platform, wherein the platform is used for full-flow management from project establishment to operation, and the platform comprises:
the basic information module is used for recording the basic information of the project;
the application system module is used for managing the basic information of the project;
the compliance management module is used for managing the safety information, the baseline acceptance information, the record information and the authentication information of the project;
the data security management module is used for managing the security of the data uploaded by the user and the system data after the project is online;
the privacy protection module is used for managing the personal privacy information of the user corresponding to the project;
and the safety tool module is used for managing the security vulnerability of the project.
2. The platform of claim 1,
the basic information module is specifically configured to record information that is known in an item stage in the basic information of the item when the item is established, and record other information in the basic information of the item when the item is received on line.
3. The platform of claim 1, wherein the items further comprise corresponding sub-items;
the application system module is further used for managing the sub-project information, and the sub-project information comprises the type, the access address, the server information and the system function information of the sub-project.
4. The platform of claim 3, wherein the types of the sub-items comprise any one of a web application type, a PC application type, an APP application type, a WeChat public number application type, an applet application type, and an H5 Page application type.
5. The platform of claim 1, wherein the compliance management module comprises:
a security information management unit for setting security level information of the project and managing the security level information of the project;
the base line acceptance information management unit is used for managing the safety base line of the project and executing acceptance operation according to the set safety control item when the project is accepted;
the record information management unit is used for managing the grade protection record, the grade protection grading, the ICP record and the international networking record of the project;
and the authentication information management unit is used for managing the authentication information and the authentication state of the item.
6. The platform of claim 1, wherein the data security management module is specifically configured to:
after the project is online, identity authentication is carried out on a user accessing the project, and encrypted transmission and encrypted storage are adopted for personal and private data uploaded by the user; for items which issue the Internet and access internal resources, adopting HTTPS and TLS to carry out encryption transmission; the data-based backup strategy performs backup processing on data saved in a database or files saved in a file system.
7. The platform of claim 1 or 6, wherein the data security management module comprises:
the data information unit is used for managing the storage position of the data, the backup strategy of the data, the data scale, the registration information of the user, the daily activity amount of the user and the downloading amount of the user;
the data classification and classification unit is used for managing the type of the data, the security level of the data and the security duration of the data;
and the password application unit is used for managing the key type and the key name of the data.
8. The platform of claim 7,
the data type comprises any one of personal user data, enterprise user data, order data, product data, equipment data, platform data and other data;
the security level of the data includes any one of sensitive, trade secret, internal, and public.
9. The platform of claim 1,
the safety tool module is specifically used for recording fault and information safety temporal information in a log and alarm mode so as to protect the safety of test data and source codes.
10. An information system security operation management method is used for full-flow management from project establishment to operation, and comprises the following steps:
recording the basic information of the project through a basic information module;
managing basic information of the project through an application system module;
managing the safety information, the baseline acceptance information, the record information and the authentication information of the project through a compliance management module;
managing the security of the data uploaded by the user and the system data after the project is online through a data security management module;
managing personal privacy information of the user corresponding to the project through a privacy protection module;
and managing the security vulnerability of the project through a security tool module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110717720.XA CN113343266A (en) | 2021-06-28 | 2021-06-28 | Information system safety operation management platform and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110717720.XA CN113343266A (en) | 2021-06-28 | 2021-06-28 | Information system safety operation management platform and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113343266A true CN113343266A (en) | 2021-09-03 |
Family
ID=77479188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110717720.XA Pending CN113343266A (en) | 2021-06-28 | 2021-06-28 | Information system safety operation management platform and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113343266A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116383856A (en) * | 2023-05-24 | 2023-07-04 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103927631A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation |
| US20180189734A1 (en) * | 2016-12-29 | 2018-07-05 | Dropbox, Inc. | Presenting project data managed by a content managemnet system |
| CN110443048A (en) * | 2019-07-04 | 2019-11-12 | 广州海颐信息安全技术有限公司 | Data center looks into number system |
| CN112100215A (en) * | 2020-09-08 | 2020-12-18 | 福建中信网安信息科技有限公司 | Protection progress inquiry system based on level protection integrated management platform |
| CN112329031A (en) * | 2020-10-27 | 2021-02-05 | 国网福建省电力有限公司信息通信分公司 | Data authority control system based on data center |
| CN112529535A (en) * | 2020-12-17 | 2021-03-19 | 中国航空工业集团公司成都飞机设计研究所 | Software management method oriented to full life cycle |
-
2021
- 2021-06-28 CN CN202110717720.XA patent/CN113343266A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103927631A (en) * | 2014-04-30 | 2014-07-16 | 南方电网科学研究院有限责任公司 | Safety integrated management platform based on electric system quality system, risk assessment and safety testing and evaluation |
| US20180189734A1 (en) * | 2016-12-29 | 2018-07-05 | Dropbox, Inc. | Presenting project data managed by a content managemnet system |
| CN110443048A (en) * | 2019-07-04 | 2019-11-12 | 广州海颐信息安全技术有限公司 | Data center looks into number system |
| CN112100215A (en) * | 2020-09-08 | 2020-12-18 | 福建中信网安信息科技有限公司 | Protection progress inquiry system based on level protection integrated management platform |
| CN112329031A (en) * | 2020-10-27 | 2021-02-05 | 国网福建省电力有限公司信息通信分公司 | Data authority control system based on data center |
| CN112529535A (en) * | 2020-12-17 | 2021-03-19 | 中国航空工业集团公司成都飞机设计研究所 | Software management method oriented to full life cycle |
Non-Patent Citations (4)
| Title |
|---|
| 广东省地方税务局: "《广东地税年鉴 2008年》", 31 December 2008, 北京:中国税务出版社 * |
| 王宇飞: "信息安全企业项目管理流程及框架研究", 《中国优秀硕士学位论文全文数据库 (信息科技辑)》 * |
| 郑建辉等, 北京:北京理工大学出版社 * |
| 陆勤: "基于信息安全管理模型的高校信息系统管理平台研发", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116383856A (en) * | 2023-05-24 | 2023-07-04 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
| CN116383856B (en) * | 2023-05-24 | 2023-08-29 | 豪符密码检测技术(成都)有限责任公司 | Safety and effectiveness detection method for data safety protection measures |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Kissel | Glossary of key information security terms | |
| WO2019089646A1 (en) | System and method for validation of distributed data storage systems | |
| EP2043328A2 (en) | Methods and apparatus for detecting fraud with time based computer tags | |
| Liu et al. | A survey of payment card industry data security standard | |
| Salim | Cyber safety: A systems thinking and systems theory approach to managing cyber security risks | |
| US11783349B2 (en) | Compliance management system | |
| Egan et al. | Cyber operational risk scenarios for insurance companies | |
| Alfarisi et al. | Risk assessment in fleet management system using OCTAVE allegro | |
| CN113343266A (en) | Information system safety operation management platform and method | |
| CN111769956B (en) | Service processing method, device, equipment and medium | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data | |
| US20200285768A1 (en) | Method for determining and displaying the security state of data | |
| CN110505205B (en) | Cloud platform encryption and decryption service access method and access system | |
| Robinson | Insights on Cloud Security Management | |
| Basson | The right to privacy: how the proposed POPI Bill will impact data security in a Cloud Computing environment | |
| Wang et al. | Securing big data in the cloud with integrated auditing | |
| Kazemi et al. | Analysis of Scalability and Risks in Cloud Computing | |
| Patil et al. | Cloud Forensics: A Framework for Digital Forensic in Cloud Based Environment by Identifying SLA Breaches by Cloud Actors | |
| CN115134143B (en) | Global Internet of things equipment authentication method, device and storage medium | |
| CN111292093B (en) | Risk control method and system based on double block chains | |
| Mishra | AWS Security and Management Services | |
| US20230401503A1 (en) | Compliance management system | |
| Osaji | Framework Compliance Assessment Report Version 1.0 | |
| Zafar | Security Quality Requirements Engineering (SQUARE) Method Evaluation: A Case Study Using Smart Grid Customer Domain By | |
| Miller | Security Assessment of Cloud-Based Healthcare Applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210903 |