Summary of the invention
In view of above-mentioned the deficiencies in the prior art part, the object of the present invention is to provide a kind of information security management resource positioning method and system, it can solve and only rely on IP to come corresponding inaccurate drawback in the prior art, can improve the accuracy of information resources correspondence, and it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, applied widely.
In order to achieve the above object, the present invention has taked following technical scheme:
A kind of information security management resource navigation system comprises personal management module and resource locating module, and wherein, described personal management module comprises:
The personal information collecting unit is used for obtaining from multiple daily record and the daily record that comprises personal information the personal information and the organizational information of enterprise;
Institutional framework is set up the unit, is used to handle described personal information and organizational information and generates corresponding personal information table and organization table;
The institutional framework updating block is used for when described personal information and organizational information change, and described personal information table and organization table upgrade in time;
Described resource locating module comprises:
The collection of resources unit is used for obtaining the resource information data from plurality of devices, and periodically the described resource information data of obtaining is sent in the corresponding collection of resources importing table;
The resource updates unit is used for obtaining a specific resources information that identifies computer from collection of resources importing table and is written to the resource information table, and the described resource information table of regular update;
Resource and personnel's associative cell are used for described personal information table and described resource information table are carried out related, set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Described information security management resource navigation system, wherein, described personal management module also comprises:
Personnel's login and Password Management unit are used to verify user login information and leading subscriber encrypted message;
Personnel role and rights management unit are used to handle personnel at all levels's Role Management information and role-security management information;
Personnel's incident statistic unit is used for the dependent event that statistician's using system is handled.
Described information security management resource navigation system, wherein, described resource locating module also comprises:
The incident positioning unit is used to obtain each event data record, is associated with corresponding director with realization event;
Rm-cell is used to inquire about computer resource basic data maintenance and computer resource operating position.
Described information security management resource navigation system, wherein, it also comprises database module, described database module comprises:
Collection of resources imports table, is used for storing the resource data that obtains from each system of enterprise;
The resource information table is used for the underlying table data of storage resources positioning analysis;
Resource personnel's contingency table is used for storage resources and personnel's mapping table data;
The personal information table is used to store the personal information data of personal information or increase,
User's login system log information table is used for the daily record data of stored record user login system.
A kind of information security management resource positioning method wherein, comprises step:
A, from multiple daily record with comprise personal information and the organizational information that regularly obtains enterprise the daily record of personal information, and generate corresponding personal information table and organization table, and described personal information table of regular update and organization table according to described personal information and organizational information;
B, obtain resource information, and periodically the described resource information of obtaining is sent in the corresponding collection of resources importing table from plurality of devices;
C, the specific resources information that identifies computer of obtaining from collection of resources importing table are to the resource information table, and the described resource information table of regular update;
D, personal information table daily record that comprises personal information and the resource information table daily record that comprises resource information are analyzed, give different weights for each attribute according to the resource information of different described sign computers, and set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Described information security management resource positioning method, wherein, the described resource information table of the regular update among the described step C specifically comprises: C1, the resource of obtaining the number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; C2, the resource of obtaining no number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; Wherein said step C1 specifically comprises step:
C11, obtain the resource information of number of the account system from collection of resources importing table, and search the HostName and the IP of login account correspondence in the resource information, calculate up-to-date preceding 5 HostName of login record, judge whether to be same HostName, if, execution in step C16 then, otherwise carry out step C12;
C12, calculate up-to-date preceding 5 IP of login record, and judge whether to be same IP, if execution in step C16 then, otherwise execution in step C13;
C13, calculate maximum preceding 5 HostName of login record number of times, and judge whether HostName number of first login record and HostName number of second login record exist 10 times of gaps, if execution in step C16 then, otherwise execution in step C14;
C14, calculate maximum preceding 5 IP of login record number of times, and judge whether IP number of first login record and IP number of second login record exist 10 times of gaps, if, execution in step C16 then, otherwise execution in step C15;
C15, the maximum login records of up-to-date login record and number of times are associated the resource execution in step C16 that degree of incidence is maximum;
C16, the highest resource information combination of login coupling: number of the account+HostName+IP is written in the resource information table, and generates corresponding resource ID.
Described information security management resource positioning method, wherein, described step C also comprises: C17, search the personnel ID of HostName correspondence in described personal information table, and resource ID and personnel ID are increased newly be added to resource personnel contingency table simultaneously.
Described information security management resource positioning method, wherein, wherein said step C2 specifically comprises step:
C21, from collection of resources importing table obtain personnel's name and and this name corresponding resource information, judge whether this resource information exists in the resource information table;
C22, when not having this resource information in the resource information table, this resource information is newly-increased in the resource information table, and generate corresponding resource ID; And in the personal information table, search the personnel ID of name correspondence simultaneously, and according to the personnel ID of the name correspondence that in the personal information table, finds that resource ID+personnel ID is newly-increased to resource personnel contingency table, generate new resource and personnel's associated record; And when in the resource information table, having this resource information, do not handle.
A kind of information security management resource positioning method provided by the invention and system, by setting up the corresponding algorithm of dynamic personal information table and assets information table and dynamic personal information and resource information, can solve and only rely on the next corresponding inaccurate drawback of IP in the prior art, come to do the accuracy that the location coupling can provide the information resources correspondence to a great extent with personnel by the difference that indicates a computer " ability "; And it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, and its information updating is fast, and is applied widely.
Embodiment
The embodiment of the invention provides a kind of information security management resource positioning method and system, the personnel's of a kind of log information by the collection various device, company organizational information is provided, provides security information analysis and information of managing safety management resource navigation system these two kinds of information combinations.
By the information of dynamic acquisition equipment from network environment, set up dynamic resource information table, dynamic personal information table, dynamic personal information and resource information correspondence table, i.e. resource personnel contingency table.
The update algorithm of dynamic staff information table: by from multiple daily record with comprise the daily record of personal information and regularly obtain corresponding personnel and organizational information, regular update personal information table.
Resource information table: by the log information that comes from the plurality of devices collection, according to the difference of " ability " that can designation equipment, regular update resource information table.
The corresponding algorithm of dynamic personal information and resource information: by analyzing from the daily record that comprises personal information and resource information, give different weights for each attribute according to the difference of representing the various attributes of computer " ability ", draw the corresponding relation of personal information and resource information.
For making purpose of the present invention, technical scheme and advantage clearer, clear and definite, below the utility model is further described with reference to the accompanying drawing embodiment that develops simultaneously.
The embodiment of the invention provides a kind of information security management resource navigation system, as shown in Figure 1, comprises personal management module 100, resource locating module 200 and database module 300.
Wherein, described personal management module comprises:
Personal information collecting unit 110 is used for obtaining from multiple daily record and the daily record that comprises personal information the personal information and the organizational information of enterprise; For example, when enterprise staff has added the AD domain server, and when often logining the territory, described personal information collecting unit can pass through the AD interface, obtains the personal information and the organizational information of enterprise from the AD server.Certainly, described personal information collecting unit of the present invention also can be from the HR(human resources) or the OA(office automation) etc. personal information and the organizational information that obtains enterprise the system database of number of the account arranged; In addition, described personal information collecting unit of the present invention can also obtain the personal information of enterprise from mailing system, also can directly obtain personnel and organizational information from the file that complete personal information and organizational information table data are provided.Like this, information source of the present invention is wide, can obtain the personal information data from the multiple equipment that comprises personal information.
Institutional framework is set up unit 120, is used to handle described personal information and organizational information and generates corresponding personal information table and organization table;
Institutional framework updating block 130 is used for when described personal information and organizational information change, and described personal information table and organization table upgrade in time after confirming;
Personnel's login and Password Management unit 140 are used to verify user login information and leading subscriber encrypted message; For example, the authentication login, password encryption, password is revised, and the keeper recovers password.
Personnel role and rights management unit 150 are used to handle personnel at all levels's Role Management information and role-security management information; For example, realize personnel role, Role Management, role-security management function.
Personnel's incident statistic unit 160 is used for the dependent event that statistician's using system is handled.For example, the record of statistician's using system virus killing, the record of statistician's using system online.
The flow chart of data processing of the invention described above information security management resource navigation system personal management module as shown in Figure 2.
The embodiment of the invention provides a kind of information security management resource navigation system, and as shown in Figure 1, its described resource locating module 200 comprises:
Collection of resources unit 210 is used for obtaining the resource information data from plurality of devices, and periodically the described resource information data of obtaining is sent in the corresponding collection of resources importing table; Described plurality of devices comprises the AD server, and HR or OA etc. have the system of number of the account etc., wherein, when the collection of resources unit obtains the log-on message (ADName+IP+HostName) of AD account number of enterprise from the AD server, needs two conditions: 1.Enterprise staff need add the territory, and must use the territory log into thr computer; 2. sending out strategy by domain server comes in the requirement territory computer photos and sending messages to server.In addition, when the collection of resources unit obtained the account number log-on message (number of the account+IP+ HostName) of enterprise in the system database from HR or OA, enterprise will provide HR, the data that the account number log form of OA is relevant.Can certainly from existing name and resource information tabulation, directly obtain name, IP(or HostName).Other situation can be according to the collection and the data processing function of detailed programs situation customization resource location.
Resource updates unit 220 is used for obtaining a specific resources information that identifies computer from collection of resources importing table and is written to the resource information table, and the described resource information table of regular update; For example, from gather the importing table, select to represent the resource information of computer to be written in the resource information table, identify computer.And new resources personnel contingency table record more.
Resource and personnel's associative cell 230 are used for described personal information table and described resource information table are carried out related, set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Incident positioning unit 240 is used for realization event and is associated with corresponding director.For example, realization event (as virus, online) all has corresponding director.
Rm-cell 250 is used to inquire about computer resource basic data maintenance and computer resource operating position.For example, operating position inquiry of resource base data maintenance and resource etc.
Information security management resource navigation system of the present invention, as shown in Figure 1, described database module 300 comprises:
Collection of resources imports table 310, is used for storing the resource data that obtains from each system of enterprise;
Resource information table 320 is used for the underlying table data of storage resources positioning analysis;
Resource personnel's contingency table 330 is used for storage resources and personnel's mapping table data;
Personal information table 340 is used to store the personal information data of personal information or increase,
User's login system log information table 350 is used for the daily record data of stored record user login system.
The embodiment of the invention provides a kind of information security management resource navigation system, and its total flow chart of data processing comprises step as shown in Figure 3:
410, the resource locating module obtains external resource information;
411, the resource locating module sends to the described resource information data of obtaining in the corresponding collection of resources importing table;
412, the specific resources information of obtaining a sign computer from collection of resources importing table is written in the resource information table;
Simultaneously, the personal management module is from multiple daily record and comprise personal information and the organizational information that obtains enterprise the daily record of personal information, as shown in Figure 1 420; And described personal information and organizational information sent to respectively organize in temporary table 421 and the personnel's temporary table 422, when the tissue of enterprise has change, be recorded in the organization change record sheet 423, personal information that the personal management module is obtained and organizational information all can generate corresponding organization table 424 and personal information table 425.Carry out resource information table 412 related with personal information table 425 more afterwards, to realize the correspondence of personal information and resource information, drive the steady lifting of implementing, improving of enterprise information security work and information security level with mechanism, reduced the enterprise information security maintenance cost by management, technology and physiognomy combination.
Based on said system, the embodiment of the invention also provides a kind of information security management resource positioning method, as shown in Figure 4, comprise step: 600, from multiple daily record with comprise personal information and the organizational information that regularly obtains enterprise the daily record of personal information, and generate corresponding personal information table and organization table, and described personal information table of regular update and organization table according to described personal information and organizational information; 700, obtain resource information from plurality of devices, and periodically the described resource information of obtaining is sent in the corresponding collection of resources importing table; 800, from collection of resources importing table, obtain a specific resources information that identifies computer to the resource information table, and the described resource information table of regular update; 900, personal information table daily record that comprises personal information and the resource information table daily record that comprises resource information are analyzed, give different weights for each attribute according to the resource information of different described sign computers, and set up resource personnel contingency table, realize that computer corresponds to the people, and regular update resource personnel contingency table.
Wherein, described resource information according to different described sign computers gives different weights for each attribute, being according to the difference of representing the various attributes of computer " ability " gives different weights for each attribute, its specific explanations is as follows: in network or in the IT management, the mode of a computer general-purpose of sign has: pass through computer of IP address designation by computer of host name identification 2. 1..
According to the complexity difference of these two kinds sign computer modes variation, give different weight (the ip address is very easy to change, and is cumbersome when host name is revised) for two kinds of modes, please see following giving an example.
The weight example:
Sequence number | Weight | For example |
Host | 6 | Wangez |
IP | 4 | 10.0.0.157 |
Illustrate:, following several situation can occur: Host → people when analyzing the log information of getting from various device; Host+IP → people; IP → people; Or the like multiple situation.
Below calculate the weight Host → people 6 of various correspondences again according to every kind of situation; Host+IP → people 10; IP → people 4; ...
Thereby get the sign of the concrete employed computer of personnel surely according to the aggregate value of various weights.
It should be noted that in addition: 1. ordinary circumstance wherein the weight of host than the weight height of ip address.2. certain, weight also can have more the enterprise practical conditions adjustment further, the information security management resource positioning method that the embodiment of the invention provides, the source and the update algorithm thereof of its resource comprise, C1, the resource of obtaining the number of the account system from collection of resources importing table are carried out the resource information table and upgraded; C2, the resource that obtains no number of the account system from collection of resources importing table are carried out the resource information table and are upgraded; The wherein said resource of obtaining the number of the account system from collection of resources importing table is carried out the renewal of resource information table, as shown in Figure 5, specifically comprises step: the resource information of 801, obtaining the number of the account system from collection of resources importing table; 802, search the HostName and the IP of login account correspondence in the resource information; 803, calculate up-to-date preceding 5 HostName of login record; 804, judge whether to be same HostName, if then execution in step 813, otherwise carry out steps 805; 805, calculate up-to-date preceding 5 IP of login record; 806, judge whether to be same IP, if execution in step 813 then, otherwise execution in step 807; 807, calculate maximum preceding 5 HostName of login record number of times; 808, judge whether HostName number of first login record and HostName number of second login record exist 10 times of gaps, if execution in step 813 then, otherwise execution in step 809; 809, calculate maximum preceding 5 IP of login record number of times; 810, judge whether IP number of first login record and IP number of second login record exist 10 times of gaps, if then execution in step 813, otherwise execution in step 811; 811, the maximum login records of up-to-date login record and number of times are associated; 812, resource execution in step 813 that degree of incidence is maximum; 813,814,815,816 and 817 steps, the resource information the highest the login coupling makes up: number of the account+HostName+IP is written in the resource information table, and generates corresponding resource ID.Exist if this resource information is combined in the resource information table, do not handle.
820,821,822 and 823 steps: in the personal information table, search the personnel ID of number of the account correspondence, and simultaneously the newly-increased resource personnel contingency table that is added to of resource ID 1+ personnel ID1.
Several embodiment specific as follows:
One, the treatment step that obtains data from the AD domain server is as follows:
The first step: import the table from collection of resources, calculate same login ADName, login up-to-date preceding 5 HostName, IP.Example is as follows:
Login AD account number | Login HostName | Login time | Login IP | Login time |
ADName1 | HostName1 | 2009-01-07 | IP1 | 2009-01-07 |
ADName1 | HostName1 | 2009-01-06 | IP1 | 2009-01-06 |
ADName1 | HostName1 | 2009-01-05 | IP1 | 2009-01-05 |
ADName1 | HostName1 | 2009-01-04 | IP3 | 2009-01-04 |
ADName1 | HostName1 | 2009-01-03 | IP3 | 2009-01-03 |
If preceding 5 up-to-date login HostName, IP is same HostName1, IP1, and then the highest resource information of coupling is combined as ADName1+HostName1+IP1, otherwise enters next step.
Second step: import the table from collection of resources, calculate same login ADName, preceding 5 HostName that login times is maximum, IP.Example is as follows:
Login AD account number | Login HostName | Login times | Login IP | Login times |
ADName1 | HostName1 | 20 | IP1 | 19 |
ADName1 | HostName2 | 5 | IP2 | 6 |
ADName1 | HostName3 | 2 | IP3 | 2 |
| | | | |
| | | | |
If preceding 5 maximum number of times login HostName, IP is HostName1, IP1, and login times be number two more than 10 times, then the highest resource information of coupling is combined as the ADName1+HostName1+IP1 that ranks the first, otherwise enters next step.
The 3rd step: up-to-date login is associated with maximum number of times logins, and the combination ADName1+HostName1+IP1 that degree of incidence is maximum mates the highest resource information as login, enters next step.
The 4th step:, and generate corresponding resource ID 1 the highest newly-increased being added in the resource information table of resource information combination ADName1+HostName1+IP1 of login coupling.Exist if this resource information is combined in the resource information table, do not handle.
The 5th step: in the personal information table, search the personnel ID1 of ADName1 correspondence, and simultaneously the newly-increased resource personnel contingency table that is added to of resource ID 1+ personnel ID1.
Certainly, refresh routine can be configured: configuration data comes origin system, is AD, HR, OA etc.Configuration cycle, the cycle is day, month, year etc., the beginning time of implementation etc.
1. work as source resource in OA, HR or other have account number system
Computational methods are the same, just the account number difference.
When source resource during in no account number file, as shown in Figure 6, data are carried out following processing:
The first step: obtain personnel's name from collection of resources importing table and reach and this name corresponding resource information, judge whether this resource information exists in the resource information table;
Second step: when not having this resource information in the resource information table that this resource information is newly-increased in the resource information table, and generate corresponding resource ID; And in the personal information table, search the personnel ID of name correspondence simultaneously, and according to the personnel ID of the name correspondence that in the personal information table, finds that resource ID+personnel ID is newly-increased to resource personnel contingency table, generate new resource and personnel's associated record; And when in the resource information table, having this resource information, do not handle.
3. other can customize update algorithm by configuration, as shown in Figure 7, realizes upgrading, and configuration comprises following content:
1) primary resource of the resource data of which system of source as enterprise is set, the resource data which system is set is resource as a supplement.
2) the resource key element related with personnel being set is what, when correlating factor is a plurality of, related sequencing is set.
3) basic factors and the renewable key element of resource updates are set.
4) cycle of the resource backstage service execution related with personnel, the time started.
Be provided with and generate the XML character string, the backstage service generates corresponding SQL statement according to the XML deploy content and carries out data processing operation.
The example explanation:
Import in the table in collection of resources, collected the daily record from two systems, data content is as follows:
System 1: account number+IP
System 2:IP+HostName
Background update resource method deploy content is as follows:
System 1 is the primary resource system, and system 2 is the supplemental resources system
Correlating factor is the account number of system 1
Basic factors are IP, and renewable key element is HostName
The program execution algorithm is as follows:
Search the IP HostName in system 2 in the system 1, and the IP+ HostName that is associated with is increased in the resource information table, generate resource ID 1
Search the personnel ID1 of the account number correspondence in the personal information table in the system 1
Resource ID 1+ personnel ID1 is increased to resource personnel contingency table, finishes one group of resource updates.
A kind of information security management resource positioning method and system that the embodiment of the invention provided, its resource is related with personnel, is related by resource information and personal information, realizes that computer corresponds to personnel.The resource information of the present invention method related with personal information comprises: related by algorithm realization resource and personnel:
The source AD, HR, OA etc. have the resource of account number system
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, also set up the related of resource and personnel by account number simultaneously.
The source no account number file resource
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, also set up the related of resource and personnel by name simultaneously.
3. originate other resource
In the source and update algorithm thereof of aforesaid resource, set up or when upgrading in the resource information table resource information record, set up the related of resource and personnel by the correlating factor of configuration simultaneously.
A kind of information security management resource positioning method and system that embodiment provided, the incident positioning unit of its setting is used to obtain each event data record, with realization event (as virus, online) corresponding director is arranged all.
Event correlation personnel's step comprises:
The first step: the incident positioning unit is by obtaining account direct correlation personnel
Second step: the incident positioning unit is by obtaining HostName associating information personnel
The 3rd step: the incident positioning unit is by obtaining IP associating information personnel
The 4th step: when above three kinds of situations did not all have related going up, the person liable of incident directly was designated this IP address.
A kind of information security management resource positioning method provided by the invention and system, by setting up the corresponding algorithm of dynamic personal information table and assets information table and dynamic personal information and resource information, can solve and only rely on the next corresponding inaccurate drawback of IP in the prior art, come to do the accuracy that the location coupling can provide the information resources correspondence to a great extent with personnel by the difference that indicates a computer " ability "; And it can obtain described information resources from a plurality of systems, avoided the incomplete shortcoming of single information source, and is applied widely.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.