CN101931525B - Information security management resource positioning method and system - Google Patents
Information security management resource positioning method and system Download PDFInfo
- Publication number
- CN101931525B CN101931525B CN2009101884282A CN200910188428A CN101931525B CN 101931525 B CN101931525 B CN 101931525B CN 2009101884282 A CN2009101884282 A CN 2009101884282A CN 200910188428 A CN200910188428 A CN 200910188428A CN 101931525 B CN101931525 B CN 101931525B
- Authority
- CN
- China
- Prior art keywords
- resource
- information
- personnel
- login
- resources
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 230000008520 organization Effects 0.000 claims abstract description 15
- 230000001419 dependent effect Effects 0.000 claims abstract description 4
- 230000008878 coupling Effects 0.000 claims description 8
- 238000010168 coupling process Methods 0.000 claims description 8
- 238000005859 coupling reaction Methods 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 7
- 230000008676 import Effects 0.000 claims description 7
- 238000012423 maintenance Methods 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 3
- 230000007547 defect Effects 0.000 abstract 1
- 238000012545 processing Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 241000700605 Viruses Species 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 238000000205 computational method Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 239000000047 product Substances 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 230000000153 supplemental effect Effects 0.000 description 1
Images
Abstract
The invention provides an information security management resource positioning method and an information security management resource positioning system. The resource positioning system comprises a personnel management module and a resource positioning module, wherein the personnel management module comprises a personnel information acquisition unit for acquiring personnel information and organization information of an enterprise from various logs and the logs containing the personnel information. By establishing a dynamic personnel information table and asset information table and a dynamic corresponding algorithm of personnel information and resource information thereof, the information security management resource positioning method and the information security management resource positioning system provided by the invention can solve the problem of inaccurate correspondence only dependent on IP in the prior art, and by marking the difference in the capacity of a computer, the capacity of the computer is positioned and matched with personnel, so the accuracy of information resource correspondence can be improved to a large extent; and through the method and the system, the information resource can be acquired from a plurality of systems, the defect of incompleteness of a single information source is overcome and the method and the system have high information updating speed and broad application range.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to a kind of information security management resource positioning method and system.
Background technology
Basic security protection products such as three period: A, the anti-virus at initial stage, fire compartment wall have been experienced in the development of China's information security, the protection of upper layer application such as B, internet behavior management afterwards, Anti-Spam, VPN, file encryption, the security setup control message that C, present stage set up.
At present at the various technology of information security every field and supporting solution thereof comparative maturity all, for example: fire compartment wall, anti-virus, VPN or the like.Each enterprise of technical solution at single technical field has also adopted a lot.But how the technology unification of every field is combined, and cooperate the thinking of safety management, and the security information of comprehensive every field, set up a perfect security setup control message, most important to the development of enterprise.
And set up one of perfect its most important work of security setup control message be: how the work of Enterprise Information Resources location is carried out.Prior art, its computer resource obtains corresponding present situation in the resource position fixing process: general just import information from AD, its information source is few, has only source of AD; The scope of application is few, has only when the user has the AD environment and could use; Corresponding inaccurate, mainly adopt IP address and user's correspondence, and the IP address change can be changed at any time too easily.In addition, when it imported the resource correspondence table, information can not upgrade in time, and the scope of application is few, uses corresponding result error bigger for a long time.
Thereby prior art is still waiting to improve and improve.
Summary of the invention
In view of above-mentioned the deficiencies in the prior art part, the object of the present invention is to provide a kind of information security management resource positioning method and system, it can solve and only rely on IP to come corresponding inaccurate drawback in the prior art, can improve the accuracy of information resources correspondence, and it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, applied widely.
In order to achieve the above object, the present invention has taked following technical scheme:
A kind of information security management resource navigation system comprises personal management module and resource locating module, and wherein, described personal management module comprises:
The personal information collecting unit is used for obtaining from multiple daily record and the daily record that comprises personal information the personal information and the organizational information of enterprise;
Institutional framework is set up the unit, is used to handle described personal information and organizational information and generates corresponding personal information table and organization table;
The institutional framework updating block is used for when described personal information and organizational information change, and described personal information table and organization table upgrade in time;
Described resource locating module comprises:
The collection of resources unit is used for obtaining the resource information data from plurality of devices, and periodically the described resource information data of obtaining is sent in the corresponding collection of resources importing table;
The resource updates unit is used for obtaining a specific resources information that identifies computer from collection of resources importing table and is written to the resource information table, and the described resource information table of regular update;
Resource and personnel's associative cell are used for described personal information table and described resource information table are carried out related, set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Described information security management resource navigation system, wherein, described personal management module also comprises:
Personnel's login and Password Management unit are used to verify user login information and leading subscriber encrypted message;
Personnel role and rights management unit are used to handle personnel at all levels's Role Management information and role-security management information;
Personnel's incident statistic unit is used for the dependent event that statistician's using system is handled.
Described information security management resource navigation system, wherein, described resource locating module also comprises:
The incident positioning unit is used to obtain each event data record, is associated with corresponding director with realization event;
Rm-cell is used to inquire about computer resource basic data maintenance and computer resource operating position.
Described information security management resource navigation system, wherein, it also comprises database module, described database module comprises:
Collection of resources imports table, is used for storing the resource data that obtains from each system of enterprise;
The resource information table is used for the underlying table data of storage resources positioning analysis;
Resource personnel's contingency table is used for storage resources and personnel's mapping table data;
The personal information table is used to store the personal information data of personal information or increase,
User's login system log information table is used for the daily record data of stored record user login system.
A kind of information security management resource positioning method wherein, comprises step:
A, from multiple daily record with comprise personal information and the organizational information that regularly obtains enterprise the daily record of personal information, and generate corresponding personal information table and organization table, and described personal information table of regular update and organization table according to described personal information and organizational information;
B, obtain resource information, and periodically the described resource information of obtaining is sent in the corresponding collection of resources importing table from plurality of devices;
C, the specific resources information that identifies computer of obtaining from collection of resources importing table are to the resource information table, and the described resource information table of regular update;
D, personal information table daily record that comprises personal information and the resource information table daily record that comprises resource information are analyzed, give different weights for each attribute according to the resource information of different described sign computers, and set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Described information security management resource positioning method, wherein, the described resource information table of the regular update among the described step C specifically comprises: C1, the resource of obtaining the number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; C2, the resource of obtaining no number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; Wherein said step C1 specifically comprises step:
C11, obtain the resource information of number of the account system from collection of resources importing table, and search the HostName and the IP of login account correspondence in the resource information, calculate up-to-date preceding 5 HostName of login record, judge whether to be same HostName, if, execution in step C16 then, otherwise carry out step C12;
C12, calculate up-to-date preceding 5 IP of login record, and judge whether to be same IP, if execution in step C16 then, otherwise execution in step C13;
C13, calculate maximum preceding 5 HostName of login record number of times, and judge whether HostName number of first login record and HostName number of second login record exist 10 times of gaps, if execution in step C16 then, otherwise execution in step C14;
C14, calculate maximum preceding 5 IP of login record number of times, and judge whether IP number of first login record and IP number of second login record exist 10 times of gaps, if, execution in step C16 then, otherwise execution in step C15;
C15, the maximum login records of up-to-date login record and number of times are associated the resource execution in step C16 that degree of incidence is maximum;
C16, the highest resource information combination of login coupling: number of the account+HostName+IP is written in the resource information table, and generates corresponding resource ID.
Described information security management resource positioning method, wherein, described step C also comprises: C17, search the personnel ID of HostName correspondence in described personal information table, and resource ID and personnel ID are increased newly be added to resource personnel contingency table simultaneously.
Described information security management resource positioning method, wherein, wherein said step C2 specifically comprises step:
C21, from collection of resources importing table obtain personnel's name and and this name corresponding resource information, judge whether this resource information exists in the resource information table;
C22, when not having this resource information in the resource information table, this resource information is newly-increased in the resource information table, and generate corresponding resource ID; And in the personal information table, search the personnel ID of name correspondence simultaneously, and according to the personnel ID of the name correspondence that in the personal information table, finds that resource ID+personnel ID is newly-increased to resource personnel contingency table, generate new resource and personnel's associated record; And when in the resource information table, having this resource information, do not handle.
A kind of information security management resource positioning method provided by the invention and system, by setting up the corresponding algorithm of dynamic personal information table and assets information table and dynamic personal information and resource information, can solve and only rely on the next corresponding inaccurate drawback of IP in the prior art, come to do the accuracy that the location coupling can provide the information resources correspondence to a great extent with personnel by the difference that indicates a computer " ability "; And it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, and its information updating is fast, and is applied widely.
Description of drawings
Fig. 1 is information security management resource navigation system structure that the embodiment of the invention the provides figure that rectifies;
Fig. 2 is the flow chart of data processing figure of the information security management resource navigation system personal management module that provides of the embodiment of the invention;
The flow chart of data processing figure that the information security management resource navigation system that Fig. 3 provides for the embodiment of the invention is total;
The information security management resource positioning method flow chart that Fig. 4 provides for the embodiment of the invention;
The information security management resource positioning method that Fig. 5 provides for the embodiment of the invention obtains the resource of number of the account system and carries out resource information table renewal flow chart from collection of resources importing table;
The information security management resource positioning method that Fig. 6 provides for the embodiment of the invention is as source resource flow chart of data processing figure during in no account number file;
Fig. 7 customizes the update algorithm flow chart for the information security management resource positioning method that the embodiment of the invention provides by configuration.
Embodiment
The embodiment of the invention provides a kind of information security management resource positioning method and system, the personnel's of a kind of log information by the collection various device, company organizational information is provided, provides security information analysis and information of managing safety management resource navigation system these two kinds of information combinations.
By the information of dynamic acquisition equipment from network environment, set up dynamic resource information table, dynamic personal information table, dynamic personal information and resource information correspondence table, i.e. resource personnel contingency table.
The update algorithm of dynamic staff information table: by from multiple daily record with comprise the daily record of personal information and regularly obtain corresponding personnel and organizational information, regular update personal information table.
Resource information table: by the log information that comes from the plurality of devices collection, according to the difference of " ability " that can designation equipment, regular update resource information table.
The corresponding algorithm of dynamic personal information and resource information: by analyzing from the daily record that comprises personal information and resource information, give different weights for each attribute according to the difference of representing the various attributes of computer " ability ", draw the corresponding relation of personal information and resource information.
For making purpose of the present invention, technical scheme and advantage clearer, clear and definite, below the utility model is further described with reference to the accompanying drawing embodiment that develops simultaneously.
The embodiment of the invention provides a kind of information security management resource navigation system, as shown in Figure 1, comprises personal management module 100, resource locating module 200 and database module 300.
Wherein, described personal management module comprises:
Personal information collecting unit 110 is used for obtaining from multiple daily record and the daily record that comprises personal information the personal information and the organizational information of enterprise; For example, when enterprise staff has added the AD domain server, and when often logining the territory, described personal information collecting unit can pass through the AD interface, obtains the personal information and the organizational information of enterprise from the AD server.Certainly, described personal information collecting unit of the present invention also can be from the HR(human resources) or the OA(office automation) etc. personal information and the organizational information that obtains enterprise the system database of number of the account arranged; In addition, described personal information collecting unit of the present invention can also obtain the personal information of enterprise from mailing system, also can directly obtain personnel and organizational information from the file that complete personal information and organizational information table data are provided.Like this, information source of the present invention is wide, can obtain the personal information data from the multiple equipment that comprises personal information.
Institutional framework is set up unit 120, is used to handle described personal information and organizational information and generates corresponding personal information table and organization table;
Institutional framework updating block 130 is used for when described personal information and organizational information change, and described personal information table and organization table upgrade in time after confirming;
Personnel's login and Password Management unit 140 are used to verify user login information and leading subscriber encrypted message; For example, the authentication login, password encryption, password is revised, and the keeper recovers password.
Personnel role and rights management unit 150 are used to handle personnel at all levels's Role Management information and role-security management information; For example, realize personnel role, Role Management, role-security management function.
Personnel's incident statistic unit 160 is used for the dependent event that statistician's using system is handled.For example, the record of statistician's using system virus killing, the record of statistician's using system online.
The flow chart of data processing of the invention described above information security management resource navigation system personal management module as shown in Figure 2.
The embodiment of the invention provides a kind of information security management resource navigation system, and as shown in Figure 1, its described resource locating module 200 comprises:
Collection of resources unit 210 is used for obtaining the resource information data from plurality of devices, and periodically the described resource information data of obtaining is sent in the corresponding collection of resources importing table; Described plurality of devices comprises the AD server, and HR or OA etc. have the system of number of the account etc., wherein, when the collection of resources unit obtains the log-on message (ADName+IP+HostName) of AD account number of enterprise from the AD server, needs two conditions: 1.Enterprise staff need add the territory, and must use the territory log into thr computer; 2. sending out strategy by domain server comes in the requirement territory computer photos and sending messages to server.In addition, when the collection of resources unit obtained the account number log-on message (number of the account+IP+ HostName) of enterprise in the system database from HR or OA, enterprise will provide HR, the data that the account number log form of OA is relevant.Can certainly from existing name and resource information tabulation, directly obtain name, IP(or HostName).Other situation can be according to the collection and the data processing function of detailed programs situation customization resource location.
Resource and personnel's associative cell 230 are used for described personal information table and described resource information table are carried out related, set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Rm-cell 250 is used to inquire about computer resource basic data maintenance and computer resource operating position.For example, operating position inquiry of resource base data maintenance and resource etc.
Information security management resource navigation system of the present invention, as shown in Figure 1, described database module 300 comprises:
Collection of resources imports table 310, is used for storing the resource data that obtains from each system of enterprise;
Resource information table 320 is used for the underlying table data of storage resources positioning analysis;
Resource personnel's contingency table 330 is used for storage resources and personnel's mapping table data;
Personal information table 340 is used to store the personal information data of personal information or increase,
User's login system log information table 350 is used for the daily record data of stored record user login system.
The embodiment of the invention provides a kind of information security management resource navigation system, and its total flow chart of data processing comprises step as shown in Figure 3:
410, the resource locating module obtains external resource information;
411, the resource locating module sends to the described resource information data of obtaining in the corresponding collection of resources importing table;
412, the specific resources information of obtaining a sign computer from collection of resources importing table is written in the resource information table;
Simultaneously, the personal management module is from multiple daily record and comprise personal information and the organizational information that obtains enterprise the daily record of personal information, as shown in Figure 1 420; And described personal information and organizational information sent to respectively organize in temporary table 421 and the personnel's temporary table 422, when the tissue of enterprise has change, be recorded in the organization change record sheet 423, personal information that the personal management module is obtained and organizational information all can generate corresponding organization table 424 and personal information table 425.Carry out resource information table 412 related with personal information table 425 more afterwards, to realize the correspondence of personal information and resource information, drive the steady lifting of implementing, improving of enterprise information security work and information security level with mechanism, reduced the enterprise information security maintenance cost by management, technology and physiognomy combination.
Based on said system, the embodiment of the invention also provides a kind of information security management resource positioning method, as shown in Figure 4, comprise step: 600, from multiple daily record with comprise personal information and the organizational information that regularly obtains enterprise the daily record of personal information, and generate corresponding personal information table and organization table, and described personal information table of regular update and organization table according to described personal information and organizational information; 700, obtain resource information from plurality of devices, and periodically the described resource information of obtaining is sent in the corresponding collection of resources importing table; 800, from collection of resources importing table, obtain a specific resources information that identifies computer to the resource information table, and the described resource information table of regular update; 900, personal information table daily record that comprises personal information and the resource information table daily record that comprises resource information are analyzed, give different weights for each attribute according to the resource information of different described sign computers, and set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Wherein, described resource information according to different described sign computers gives different weights for each attribute, being according to the difference of representing the various attributes of computer " ability " gives different weights for each attribute, its specific explanations is as follows: in network or in the IT management, the mode of a computer general-purpose of sign has: pass through computer of IP address designation by computer of host name identification 2. 1..
According to the complexity difference of these two kinds sign computer modes variation, give different weight (the ip address is very easy to change, and is cumbersome when host name is revised) for two kinds of modes, please see following giving an example.
The weight example:
| Sequence number | Weight | For example |
| Host | 6 | Wangez |
| IP | 4 | 10.0.0.157 |
Illustrate:, following several situation can occur: Host → people when analyzing the log information of getting from various device; Host+IP → people; IP → people; Or the like multiple situation.
Below calculate the weight Host → people 6 of various correspondences again according to every kind of situation; Host+IP → people 10; IP → people 4; ...
Thereby get the sign of the concrete employed computer of personnel surely according to the aggregate value of various weights.
It should be noted that in addition: 1. ordinary circumstance wherein the weight of host than the weight height of ip address.2. certain, weight also can have more the enterprise practical conditions adjustment further, the information security management resource positioning method that the embodiment of the invention provides, the source and the update algorithm thereof of its resource comprise, C1, the resource of obtaining the number of the account system from collection of resources importing table are carried out the resource information table and upgraded; C2, the resource that obtains no number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; The wherein said resource of obtaining the number of the account system from collection of resources importing table is carried out the renewal of resource information table, as shown in Figure 5, specifically comprises step: the resource information of 801, obtaining the number of the account system from collection of resources importing table; 802, search the HostName and the IP of login account correspondence in the resource information; 803, calculate up-to-date preceding 5 HostName of login record; 804, judge whether to be same HostName, if then execution in step 813, otherwise carry out steps 805; 805, calculate up-to-date preceding 5 IP of login record; 806, judge whether to be same IP, if execution in step 813 then, otherwise execution in step 807; 807, calculate maximum preceding 5 HostName of login record number of times; 808, judge whether HostName number of first login record and HostName number of second login record exist 10 times of gaps, if execution in step 813 then, otherwise execution in step 809; 809, calculate maximum preceding 5 IP of login record number of times; 810, judge whether IP number of first login record and IP number of second login record exist 10 times of gaps, if then execution in step 813, otherwise execution in step 811; 811, the maximum login records of up-to-date login record and number of times are associated; 812, resource execution in step 813 that degree of incidence is maximum; 813,814,815,816 and 817 steps, the resource information the highest the login coupling makes up: number of the account+HostName+IP is written in the resource information table, and generates corresponding resource ID.Exist if this resource information is combined in the resource information table, do not handle.
820,821,822 and 823 steps: in the personal information table, search the personnel ID of number of the account correspondence, and simultaneously the newly-increased resource personnel contingency table that is added to of resource ID 1+ personnel ID1.
Several embodiment specific as follows:
One, the treatment step that obtains data from the AD domain server is as follows:
The first step: import the table from collection of resources, calculate same login ADName, login up-to-date preceding 5 HostName, IP.Example is as follows:
| Login AD account number | Login HostName | Login time | Login IP | Login time |
| ADName1 | HostName1 | 2009-01-07 | IP1 | 2009-01-07 |
| ADName1 | HostName1 | 2009-01-06 | IP1 | 2009-01-06 |
| ADName1 | HostName1 | 2009-01-05 | IP1 | 2009-01-05 |
| ADName1 | HostName1 | 2009-01-04 | IP3 | 2009-01-04 |
| ADName1 | HostName1 | 2009-01-03 | IP3 | 2009-01-03 |
If preceding 5 up-to-date login HostName, IP is same HostName1, IP1, and then the highest resource information of coupling is combined as ADName1+HostName1+IP1, otherwise enters next step.
Second step: import the table from collection of resources, calculate same login ADName, preceding 5 HostName that login times is maximum, IP.Example is as follows:
| Login AD account number | Login HostName | Login times | Login IP | Login times |
| ADName1 | HostName1 | 20 | IP1 | 19 |
| ADName1 | HostName2 | 5 | IP2 | 6 |
| ADName1 | HostName3 | 2 | IP3 | 2 |
If preceding 5 maximum number of times login HostName, IP is HostName1, IP1, and login times be number two more than 10 times, then the highest resource information of coupling is combined as the ADName1+HostName1+IP1 that ranks the first, otherwise enters next step.
The 3rd step: up-to-date login is associated with maximum number of times logins, and the combination ADName1+HostName1+IP1 that degree of incidence is maximum mates the highest resource information as login, enters next step.
The 4th step:, and generate corresponding resource ID 1 the highest newly-increased being added in the resource information table of resource information combination ADName1+HostName1+IP1 of login coupling.Exist if this resource information is combined in the resource information table, do not handle.
The 5th step: in the personal information table, search the personnel ID1 of ADName1 correspondence, and simultaneously the newly-increased resource personnel contingency table that is added to of resource ID 1+ personnel ID1.
Certainly, refresh routine can be configured: configuration data comes origin system, is AD, HR, OA etc.Configuration cycle, the cycle is day, month, year etc., the beginning time of implementation etc.
1. work as source resource in OA, HR or other have account number system
Computational methods are the same, just the account number difference.
When source resource during in no account number file, as shown in Figure 6, data are carried out following processing:
The first step: obtain personnel's name from collection of resources importing table and reach and this name corresponding resource information, judge whether this resource information exists in the resource information table;
Second step: when not having this resource information in the resource information table that this resource information is newly-increased in the resource information table, and generate corresponding resource ID; And in the personal information table, search the personnel ID of name correspondence simultaneously, and according to the personnel ID of the name correspondence that in the personal information table, finds that resource ID+personnel ID is newly-increased to resource personnel contingency table, generate new resource and personnel's associated record; And when in the resource information table, having this resource information, do not handle.
3. other can customize update algorithm by configuration, as shown in Figure 7, realizes upgrading, and configuration comprises following content:
1) primary resource of the resource data of which system of source as enterprise is set, the resource data which system is set is resource as a supplement.
2) the resource key element related with personnel being set is what, when correlating factor is a plurality of, related sequencing is set.
3) basic factors and the renewable key element of resource updates are set.
4) cycle of the resource backstage service execution related with personnel, the time started.
Be provided with and generate the XML character string, the backstage service generates corresponding SQL statement according to the XML deploy content and carries out data processing operation.
The example explanation:
Import in the table in collection of resources, collected the daily record from two systems, data content is as follows:
System 1: account number+IP
System 2:IP+HostName
Background update resource method deploy content is as follows:
System 1 is the primary resource system, and system 2 is the supplemental resources system
Correlating factor is the account number of system 1
Basic factors are IP, and renewable key element is HostName
The program execution algorithm is as follows:
Search the IP HostName in system 2 in the system 1, and the IP+ HostName that is associated with is increased in the resource information table, generate resource ID 1
Search the personnel ID1 of the account number correspondence in the personal information table in the system 1
Resource ID 1+ personnel ID1 is increased to resource personnel contingency table, finishes one group of resource updates.
A kind of information security management resource positioning method and system that the embodiment of the invention provided, its resource is related with personnel, is related by resource information and personal information, realizes that computer corresponds to personnel.The resource information of the present invention method related with personal information comprises: related by algorithm realization resource and personnel:
The source AD, HR, OA etc. have the resource of account number system
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, also set up the related of resource and personnel by account number simultaneously.
The source no account number file resource
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, also set up the related of resource and personnel by name simultaneously.
3. originate other resource
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, set up the related of resource and personnel by the correlating factor of configuration simultaneously.
A kind of information security management resource positioning method and system that embodiment provided, the incident positioning unit of its setting is used to obtain each event data record, with realization event (as virus, online) corresponding director is arranged all.
Event correlation personnel's step comprises:
The first step: the incident positioning unit is by obtaining account direct correlation personnel
Second step: the incident positioning unit is by obtaining HostName associating information personnel
The 3rd step: the incident positioning unit is by obtaining IP associating information personnel
The 4th step: when above three kinds of situations did not all have related going up, the person liable of incident directly was designated this IP address.
A kind of information security management resource positioning method provided by the invention and system, by setting up the corresponding algorithm of dynamic personal information table and assets information table and dynamic personal information and resource information, can solve and only rely on the next corresponding inaccurate drawback of IP in the prior art, come to do the accuracy that the location coupling can provide the information resources correspondence to a great extent with personnel by the difference that indicates a computer " ability "; And it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, and is applied widely.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.
Claims (8)
1. an information security management resource navigation system comprises personal management module and resource locating module, it is characterized in that, described personal management module comprises:
The personal information collecting unit is used for obtaining from multiple daily record and the daily record that comprises personal information the personal information and the organizational information of enterprise;
Institutional framework is set up the unit, is used to handle described personal information and organizational information and generates corresponding personal information table and organization table;
The institutional framework updating block is used for when described personal information and organizational information change, and described personal information table and organization table upgrade in time;
Described resource locating module comprises:
The collection of resources unit is used for obtaining the resource information data from plurality of devices, and periodically the described resource information data of obtaining is sent in the corresponding collection of resources importing table;
The resource updates unit is used for obtaining a specific resources information that identifies computer from collection of resources importing table and is written to the resource information table, and the described resource information table of regular update;
Resource and personnel's associative cell are used for described personal information table and described resource information table are carried out related, set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
2. information security management resource navigation system according to claim 1 is characterized in that, described personal management module also comprises:
Personnel's login and Password Management unit are used to verify user login information and leading subscriber encrypted message;
Personnel role and rights management unit are used to handle personnel at all levels's Role Management information and role-security management information;
Personnel's incident statistic unit is used for the dependent event that statistician's using system is handled.
3. information security management resource navigation system according to claim 1 is characterized in that, described resource locating module also comprises:
The incident positioning unit is used to obtain each event data record, is associated with corresponding director with realization event;
Rm-cell is used to inquire about computer resource basic data maintenance and computer resource operating position.
4. according to each described information security management resource navigation system of claim 1 to 3, it is characterized in that it also comprises database module, described database module comprises:
Collection of resources imports table, is used for storing the resource data that obtains from each system of enterprise;
The resource information table is used for the underlying table data of storage resources positioning analysis;
Resource personnel's contingency table is used for storage resources and personnel's mapping table data;
The personal information table is used to store the personal information data of personal information or increase,
User's login system log information table is used for the daily record data of stored record user login system.
5. an information security management resource positioning method is characterized in that, comprises step:
A, from multiple daily record with comprise personal information and the organizational information that regularly obtains enterprise the daily record of personal information, and generate corresponding personal information table and organization table, and described personal information table of regular update and organization table according to described personal information and organizational information;
B, obtain resource information, and periodically the described resource information of obtaining is sent in the corresponding collection of resources importing table from plurality of devices;
C, the specific resources information that identifies computer of obtaining from collection of resources importing table are to the resource information table, and the described resource information table of regular update;
D, personal information table daily record that comprises personal information and the resource information table daily record that comprises resource information are analyzed, give different weights for each attribute according to the resource information of different described sign computers, and set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
6. information security management resource positioning method according to claim 5, it is characterized in that the described resource information table of the regular update among the described step C specifically comprises: C1, the resource of obtaining the number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; C2, the resource of obtaining no number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; Wherein said step C1 specifically comprises step:
C11, obtain the resource information of number of the account system from collection of resources importing table, and search the HostName and the IP of login account correspondence in the resource information, calculate up-to-date preceding 5 HostName of login record, judge whether to be same HostName, if, execution in step C16 then, otherwise carry out step C12;
C12, calculate up-to-date preceding 5 IP of login record, and judge whether to be same IP, if execution in step C16 then, otherwise execution in step C13;
C13, calculate maximum preceding 5 HostName of login record number of times, and judge whether HostName number of first login record and HostName number of second login record exist 10 times of gaps, if execution in step C16 then, otherwise execution in step C14;
C14, calculate maximum preceding 5 IP of login record number of times, and judge whether IP number of first login record and IP number of second login record exist 10 times of gaps, if, execution in step C16 then, otherwise execution in step C15;
C15, the maximum login records of up-to-date login record and number of times are associated the resource execution in step C16 that degree of incidence is maximum;
C16, the highest resource information combination of login coupling: number of the account+HostName+IP is written in the resource information table, and generates corresponding resource ID.
7. information security management resource positioning method according to claim 6, it is characterized in that, described step C also comprises: C17, search the personnel ID of HostName correspondence in described personal information table, and resource ID and personnel ID are increased newly be added to resource personnel contingency table simultaneously.
8. information security management resource positioning method according to claim 6 is characterized in that, wherein said step C2 specifically comprises step:
C21, from collection of resources importing table obtain personnel's name and and this name corresponding resource information, judge whether this resource information exists in the resource information table;
C22, when not having this resource information in the resource information table, this resource information is newly-increased in the resource information table, and generate corresponding resource ID; And in the personal information table, search the personnel ID of name correspondence simultaneously, and according to the personnel ID of the name correspondence that in the personal information table, finds that resource ID+personnel ID is newly-increased to resource personnel contingency table, generate new resource and personnel's associated record; And when in the resource information table, having this resource information, do not handle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101884282A CN101931525B (en) | 2009-11-23 | 2009-11-23 | Information security management resource positioning method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101884282A CN101931525B (en) | 2009-11-23 | 2009-11-23 | Information security management resource positioning method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101931525A CN101931525A (en) | 2010-12-29 |
| CN101931525B true CN101931525B (en) | 2011-08-31 |
Family
ID=43370462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101884282A Active CN101931525B (en) | 2009-11-23 | 2009-11-23 | Information security management resource positioning method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101931525B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426695B (en) * | 2013-08-28 | 2018-09-04 | 北京神州泰岳软件股份有限公司 | A kind of heterogeneous types equipment account management method and system |
| EP2938045B8 (en) * | 2014-05-20 | 2016-09-07 | Proxistore S.A. | Geopositioning method |
| CN106534222A (en) * | 2017-01-10 | 2017-03-22 | 深圳市思榕科技有限公司 | Password authority control login system |
| CN108959560B (en) * | 2018-07-03 | 2021-02-12 | 泰康保险集团股份有限公司 | Information processing method and device based on data table and electronic equipment |
| CN112732539A (en) * | 2020-11-17 | 2021-04-30 | 贵州电网有限责任公司 | Data responsibility adjustment early warning method and system based on personnel organization and post information transaction |
-
2009
- 2009-11-23 CN CN2009101884282A patent/CN101931525B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101931525A (en) | 2010-12-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020233255A1 (en) | Universal data model-based system for standardizing structure of medical data from multiple centers | |
| JP5623271B2 (en) | Information processing apparatus, authority management method, program, and recording medium | |
| CN105574657A (en) | Intelligent police actual combat comprehensive application platform | |
| CN106778253A (en) | Threat context aware information security Initiative Defense model based on big data | |
| US20140012800A1 (en) | Apparatus and method for providing application for processing big data | |
| US20100100412A1 (en) | Workflow management in a global support organization | |
| CN101931525B (en) | Information security management resource positioning method and system | |
| CN104966172A (en) | Large data visualization analysis and processing system for enterprise operation data analysis | |
| CN103631699A (en) | Log management system and method for log monitoring, acquiring and querying | |
| CN1615484A (en) | Method and system for integrated asset management | |
| CN102708466A (en) | Project management system | |
| WO2023015789A1 (en) | Facility maintenance method, apparatus and system, and storage medium | |
| CN111628896A (en) | IT operation and maintenance management method, device, equipment and computer storage medium | |
| CN106355489A (en) | Data center system and data processing method for management | |
| CN112559280A (en) | Data full link monitoring method based on data center station | |
| CN104298761A (en) | Implementation method for master data matching between heterogeneous software systems | |
| CN107562485A (en) | A kind of method and device of automatic data collection patch data | |
| CN112948353B (en) | Data analysis method, system and storage medium applied to DAstudio | |
| CN104182829A (en) | Instrument development reliability management and support system | |
| CN102194156A (en) | Method and system for sci-tech novelty retrieval | |
| CN110362626A (en) | One kind being based on the convenience-for-people inquiry system of block chain network and application method | |
| CN112751976B (en) | Agent association method, system, equipment and storage medium based on authentication log | |
| CN107908683A (en) | Wireless city big data off-line processing system and its big data processed offline method | |
| CN111680962A (en) | Comparison experiment management method for live-line detector | |
| CN112637378B (en) | User-based network address association method, system, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information security management resource positioning method and system Effective date of registration: 20130608 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2013990000360 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20140610 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2013990000360 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information security management resource positioning method and system Effective date of registration: 20140611 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2014990000456 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 518057, 9, 911 and 912, a software building No. 910, hi tech center, Nanshan District hi tech Zone, Shenzhen, Guangdong Patentee after: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Address before: 518057 Guangdong city of Shenzhen province Nanshan District Gao Xin Road SKYWORTH C building block 1604 Patentee before: SHENZHEN E-LINK INFORMATION TECHNOLOGY Co.,Ltd. |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20151117 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2014990000456 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| PM01 | Change of the registration of the contract for pledge of patent right |
Change date: 20151117 Registration number: 2014990000456 Pledgor after: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Pledgor before: SHENZHEN E-LINK INFORMATION TECHNOLOGY Co.,Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information security management resource positioning method and system Effective date of registration: 20151120 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2015990001026 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20170525 Granted publication date: 20110831 Pledgee: Shenzhen high tech investment and financing Company limited by guarantee Pledgor: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Registration number: 2015990001026 |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240318 Address after: B605, Lan Guang Technology Building, No. 27 Gaoxin North 6th Road, Songpingshan Community, Xili Street, Nanshan District, Shenzhen City, Guangdong Province, 518000 Patentee after: Shenzhen Huachuang Xin'an Technology Co.,Ltd. Country or region after: China Address before: Room 910, 911, and 912, Software Building, No. 9, Gaoxin Middle Road, Nanshan District, Shenzhen City, Guangdong Province, 518057 Patentee before: SHENZHEN E-LINK INFORMATION TECHNOLOGY CO.,LTD. Country or region before: China |