CN102496091A - Method for safely auditing basic components of product - Google Patents
Method for safely auditing basic components of product Download PDFInfo
- Publication number
- CN102496091A CN102496091A CN2011104390633A CN201110439063A CN102496091A CN 102496091 A CN102496091 A CN 102496091A CN 2011104390633 A CN2011104390633 A CN 2011104390633A CN 201110439063 A CN201110439063 A CN 201110439063A CN 102496091 A CN102496091 A CN 102496091A
- Authority
- CN
- China
- Prior art keywords
- user
- basic composition
- audit
- responsible
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to a method for safely auditing basic components of a product, which belongs to the technical field of safety protection and is characterized in that: the basic components of the safely audited product comprise safety manager responsibility, auditor manager responsibility, system manager responsibility and a client user. The invention aims at carrying out behavior auditing on a host machine of a local area network, and provides auditing data and auditing service support for evaluation of safety and risk of an information system of the local area network and perfection of safety strategy formulation. The method has very wide application prospect.
Description
Technical field
The present invention relates to a kind of method of security audit product basic composition, belong to the safety protection technique field.
Background technology
Along with networking and development of technologies thereof; Various infosystems have also obtained development rapidly; And be penetrated into fields of society extensively and profoundly; System just little by little expands to operation system large-scale, various, networking from traditional, single, small-sized operation system, and based on network application system also becomes main flow gradually.Security audit product basic composition is more clear, is convenient to known, and therefore, its application prospect is boundless.
Summary of the invention
The object of the invention is exactly the problems referred to above that exist in the existing technology in order to solve, a kind of method of security audit product basic composition.
The object of the invention is realized through following technical scheme:
A kind of method of security audit product basic composition relates to keyboard, and wherein: security audit product basic composition comprises that the safety officer is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
The method of above-mentioned a kind of security audit product basic composition, wherein: described safety officer is responsible for comprising user and client end subscriber.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described is to subscriber authorisation to the user, promptly revises user's authority, comprises that password is revised, locking, distributing user is to the access control right of file/process.
Further; The method of above-mentioned a kind of security audit product basic composition; Wherein: the operation behavior of described client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged, and the statistical study User operation log can generate and derive/print audit statement.Its administration behaviour receives security audit person's monitoring.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described by the responsible relevant audit of auditor keeper.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described audit is monitor system keeper, safety officer's behavior, whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization.It does not possess the authority of consulting the concerning security matters resource.
Further; The method of above-mentioned a kind of security audit product basic composition; Wherein: described system manager has been responsible for network configuration, system configuration, database journal, authentification of user, warning and response, can not consult daily record, can not consult the concerning security matters resource
Its administration behaviour personnel control that audited.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described network configuration has configurations such as the IP address, port agreement of server, switch, controller; System configuration have process learning management, database configuration, with the coordination of operating system, the configuration of process white list; Database journal has backup, delete database daily record; Authentification of user has user's account management (newly-built, deletion); Login times surpasses allowed band, and the locking user recovers release until user applies; Report to the police and respond regular collection and dispose, comprise safety officer, audit management person and user's unusual configuration; Report to the police and handle (user's abnormal behaviour, safety officer's abnormal behaviour, audit management person's abnormal behaviour), end abnormal process, end the user is served; The processing of reporting to the police is ended user's abnormal process again, is ended the user is served; Can not consult daily record, can not consult the concerning security matters resource, its administration behaviour personnel control that also audited.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described client user is meant that the entering LAN need be through authentication; Access rights are managed by the safety officer; Its behavior operation is gathered and audit, will receive corresponding restriction during abnormal behavior, intra vires; The inner resource of visit LAN also is the generation person of concerning security matters resource.
The outstanding advantage of technical scheme of the present invention is mainly reflected in: after adopting technical scheme of the present invention; Carry out behavior audit to the LAN main frame, for the security of assessment LAN Information system and risk with improve security strategy and formulate Audit data and auditing service support are provided.Its application prospect is boundless.
Embodiment
A kind of method of security audit product basic composition is characterized in that: the described safety officer of having is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
In conjunction with a preferred implementation of the present invention, described is to subscriber authorisation to the user, promptly revises user's authority, comprises that password is revised, locking, and distributing user is to the access control right of file/process; The operation behavior of client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged, and the statistical study User operation log can generate and derive/print audit statement.Its administration behaviour receives security audit person's monitoring, is responsible for relevant audit by the auditor keeper.
Further combine design, described audit is monitor system keeper, safety officer's behavior, and whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization.It does not possess the authority of consulting the concerning security matters resource.
Simultaneously, described client user be meant get into LAN need be through authentication,
Access rights are managed by the safety officer, and its behavior operation is gathered and audit, will receive corresponding restriction during abnormal behavior, and intra vires, the inner resource of visit LAN also is the generation person of concerning security matters resource.
After adopting this method, carry out the behavior audit to the LAN main frame, for the security of assessment LAN Information system and risk with improve security strategy and formulate Audit data and auditing service support are provided.Its application prospect is boundless.
Claims (9)
1. the method for a security audit product basic composition is characterized in that: the described safety officer of having is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
2. the method for a kind of security audit product basic composition according to claim 1 is characterized in that: described safety officer is responsible for comprising user and client end subscriber.
3. the method for a kind of security audit product basic composition according to claim 2; It is characterized in that: described is to subscriber authorisation to the user; Promptly revise user's authority, comprise that password is revised, locking, distributing user is to the access control right of file/process.
4. the method for a kind of security audit product basic composition according to claim 2; It is characterized in that: the operation behavior of described client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged; The statistical study User operation log; Can generate and derive/print audit statement, its administration behaviour receives security audit person's monitoring.
5. the method for a kind of security audit product basic composition according to claim 1 is characterized in that: described by the responsible relevant audit of auditor keeper.
6. the method for a kind of security audit product basic composition according to claim 5; It is characterized in that: described audit is monitor system keeper, safety officer's behavior, and whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization, and it does not possess the authority of consulting the concerning security matters resource.
7. the method for a kind of security audit product basic composition according to claim 1; It is characterized in that: described system manager has been responsible for network configuration, system configuration, database journal, authentification of user, warning and response; Daily record can not be consulted, the concerning security matters resource can not be consulted
Its administration behaviour personnel control that audited.
8. the method for a kind of security audit product basic composition according to claim 7 is characterized in that: described network configuration has configurations such as the IP address, port agreement of server, switch, controller; System configuration have process learning management, database configuration, with the coordination of operating system, the configuration of process white list; Database journal has backup, delete database daily record; Authentification of user has user's account management (newly-built, deletion); Login times surpasses allowed band, and the locking user recovers release until user applies; Report to the police and respond regular collection and dispose, comprise safety officer, audit management person and user's unusual configuration; Report to the police and handle (user's abnormal behaviour, safety officer's abnormal behaviour, audit management person's abnormal behaviour), end abnormal process, end the user is served; The processing of reporting to the police is ended user's abnormal process again, is ended the user is served; Can not consult daily record, can not consult the concerning security matters resource, its administration behaviour personnel control that also audited.
9. the method for a kind of security audit product basic composition according to claim 1; It is characterized in that: described client user is meant that the entering LAN need be through authentication, and access rights are managed by the safety officer, and its behavior operation is gathered and audited; To receive corresponding restriction during abnormal behavior; Intra vires, the inner resource of visit LAN also is the generation person of concerning security matters resource.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011104390633A CN102496091A (en) | 2011-12-26 | 2011-12-26 | Method for safely auditing basic components of product |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2011104390633A CN102496091A (en) | 2011-12-26 | 2011-12-26 | Method for safely auditing basic components of product |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102496091A true CN102496091A (en) | 2012-06-13 |
Family
ID=46187915
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2011104390633A Pending CN102496091A (en) | 2011-12-26 | 2011-12-26 | Method for safely auditing basic components of product |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102496091A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102799808A (en) * | 2012-06-18 | 2012-11-28 | 公安部交通管理科学研究所 | Monitoring method for safe use of storing process of database |
CN105468939A (en) * | 2015-11-24 | 2016-04-06 | 苏州铭冠软件科技有限公司 | Safety protection system of mobile terminal |
CN107977567A (en) * | 2016-10-25 | 2018-05-01 | 航天信息软件技术有限公司 | A kind of distribution method of application system administrator right |
CN108154354A (en) * | 2018-03-13 | 2018-06-12 | 南京审计大学 | Rural area three provides audit and supervision system |
CN108241960A (en) * | 2016-12-27 | 2018-07-03 | 天津曾琪科技有限公司 | A kind of OA collaborative office management systems |
CN108833363A (en) * | 2018-05-23 | 2018-11-16 | 文丹 | A kind of block chain right management method and system |
CN109241699A (en) * | 2018-07-27 | 2019-01-18 | 安徽云图信息技术有限公司 | Authorizing secure auditing system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1858740A (en) * | 2006-05-31 | 2006-11-08 | 武汉华工达梦数据库有限公司 | 'Three powers separation' safety method for data bank safety management |
CN101534300A (en) * | 2009-04-17 | 2009-09-16 | 公安部第一研究所 | System protection framework combining multi-access control mechanism and method thereof |
CN102034052A (en) * | 2010-12-03 | 2011-04-27 | 北京工业大学 | Operation system architecture based on separation of permissions and implementation method thereof |
CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
-
2011
- 2011-12-26 CN CN2011104390633A patent/CN102496091A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1858740A (en) * | 2006-05-31 | 2006-11-08 | 武汉华工达梦数据库有限公司 | 'Three powers separation' safety method for data bank safety management |
CN101534300A (en) * | 2009-04-17 | 2009-09-16 | 公安部第一研究所 | System protection framework combining multi-access control mechanism and method thereof |
CN102034052A (en) * | 2010-12-03 | 2011-04-27 | 北京工业大学 | Operation system architecture based on separation of permissions and implementation method thereof |
CN102184355A (en) * | 2011-04-11 | 2011-09-14 | 浪潮电子信息产业股份有限公司 | Method for realizing separation of three powers by using kernel technology |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102799808A (en) * | 2012-06-18 | 2012-11-28 | 公安部交通管理科学研究所 | Monitoring method for safe use of storing process of database |
CN102799808B (en) * | 2012-06-18 | 2015-04-01 | 公安部交通管理科学研究所 | Monitoring method for safe use of storing process of database |
CN105468939A (en) * | 2015-11-24 | 2016-04-06 | 苏州铭冠软件科技有限公司 | Safety protection system of mobile terminal |
CN105468939B (en) * | 2015-11-24 | 2018-12-14 | 苏州铭冠软件科技有限公司 | Mobile terminal safety guard system |
CN107977567A (en) * | 2016-10-25 | 2018-05-01 | 航天信息软件技术有限公司 | A kind of distribution method of application system administrator right |
CN108241960A (en) * | 2016-12-27 | 2018-07-03 | 天津曾琪科技有限公司 | A kind of OA collaborative office management systems |
CN108154354A (en) * | 2018-03-13 | 2018-06-12 | 南京审计大学 | Rural area three provides audit and supervision system |
CN108833363A (en) * | 2018-05-23 | 2018-11-16 | 文丹 | A kind of block chain right management method and system |
CN109241699A (en) * | 2018-07-27 | 2019-01-18 | 安徽云图信息技术有限公司 | Authorizing secure auditing system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102496091A (en) | Method for safely auditing basic components of product | |
CN109831327B (en) | IMS full-service network monitoring intelligent operation and maintenance support system based on big data analysis | |
CN112769825B (en) | Network security guarantee method, system and computer storage medium | |
CN103413088B (en) | A kind of computer document operation safety auditing system | |
CN109587174B (en) | Collaborative defense method and system for network protection | |
CN101252441B (en) | Acquired safety control method and system based on target capable of setting information safety | |
CN112329031A (en) | Data authority control system based on data center | |
CN113032710A (en) | Comprehensive audit supervisory system | |
CN103413083B (en) | Unit security protection system | |
CN103441926B (en) | Security gateway system of numerically-controllmachine machine tool network | |
CN101826993A (en) | Method, system and device for monitoring security event | |
CN103684922A (en) | Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method | |
CN101022360A (en) | Local network safety management method based on IEEE 802.1X protocol | |
CN204465588U (en) | A kind of host monitor based on server architecture and auditing system | |
CN104091098A (en) | Document operation safety auditing system | |
KR20140035146A (en) | Apparatus and method for information security | |
CN114157457A (en) | Authority application and monitoring method for network data information security | |
CN108833425A (en) | A kind of network safety system and method based on big data | |
CN102184355A (en) | Method for realizing separation of three powers by using kernel technology | |
CN114844676B (en) | Emergency handling system and method for network security threat of power monitoring system | |
CN107465688B (en) | Method for identifying network application permission of state monitoring and evaluating system | |
CN202111721U (en) | Network information security assurance system | |
최재현 et al. | A Study on the Real-time Cyber Attack Intrusion Detection Method | |
CN110930109A (en) | Information safety system based on social surface monitoring | |
CN110543762A (en) | Privileged account threat analysis system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120613 |