CN102496091A - Method for safely auditing basic components of product - Google Patents

Method for safely auditing basic components of product Download PDF

Info

Publication number
CN102496091A
CN102496091A CN2011104390633A CN201110439063A CN102496091A CN 102496091 A CN102496091 A CN 102496091A CN 2011104390633 A CN2011104390633 A CN 2011104390633A CN 201110439063 A CN201110439063 A CN 201110439063A CN 102496091 A CN102496091 A CN 102496091A
Authority
CN
China
Prior art keywords
user
basic composition
audit
responsible
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN2011104390633A
Other languages
Chinese (zh)
Inventor
宦奕奕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SUZHOU STYLE INFORMATION TECHNOLOGY CO LTD
Original Assignee
SUZHOU STYLE INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SUZHOU STYLE INFORMATION TECHNOLOGY CO LTD filed Critical SUZHOU STYLE INFORMATION TECHNOLOGY CO LTD
Priority to CN2011104390633A priority Critical patent/CN102496091A/en
Publication of CN102496091A publication Critical patent/CN102496091A/en
Pending legal-status Critical Current

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention relates to a method for safely auditing basic components of a product, which belongs to the technical field of safety protection and is characterized in that: the basic components of the safely audited product comprise safety manager responsibility, auditor manager responsibility, system manager responsibility and a client user. The invention aims at carrying out behavior auditing on a host machine of a local area network, and provides auditing data and auditing service support for evaluation of safety and risk of an information system of the local area network and perfection of safety strategy formulation. The method has very wide application prospect.

Description

A kind of method of security audit product basic composition
Technical field
The present invention relates to a kind of method of security audit product basic composition, belong to the safety protection technique field.
Background technology
Along with networking and development of technologies thereof; Various infosystems have also obtained development rapidly; And be penetrated into fields of society extensively and profoundly; System just little by little expands to operation system large-scale, various, networking from traditional, single, small-sized operation system, and based on network application system also becomes main flow gradually.Security audit product basic composition is more clear, is convenient to known, and therefore, its application prospect is boundless.
Summary of the invention
The object of the invention is exactly the problems referred to above that exist in the existing technology in order to solve, a kind of method of security audit product basic composition.
The object of the invention is realized through following technical scheme:
A kind of method of security audit product basic composition relates to keyboard, and wherein: security audit product basic composition comprises that the safety officer is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
The method of above-mentioned a kind of security audit product basic composition, wherein: described safety officer is responsible for comprising user and client end subscriber.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described is to subscriber authorisation to the user, promptly revises user's authority, comprises that password is revised, locking, distributing user is to the access control right of file/process.
Further; The method of above-mentioned a kind of security audit product basic composition; Wherein: the operation behavior of described client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged, and the statistical study User operation log can generate and derive/print audit statement.Its administration behaviour receives security audit person's monitoring.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described by the responsible relevant audit of auditor keeper.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described audit is monitor system keeper, safety officer's behavior, whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization.It does not possess the authority of consulting the concerning security matters resource.
Further; The method of above-mentioned a kind of security audit product basic composition; Wherein: described system manager has been responsible for network configuration, system configuration, database journal, authentification of user, warning and response, can not consult daily record, can not consult the concerning security matters resource
Its administration behaviour personnel control that audited.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described network configuration has configurations such as the IP address, port agreement of server, switch, controller; System configuration have process learning management, database configuration, with the coordination of operating system, the configuration of process white list; Database journal has backup, delete database daily record; Authentification of user has user's account management (newly-built, deletion); Login times surpasses allowed band, and the locking user recovers release until user applies; Report to the police and respond regular collection and dispose, comprise safety officer, audit management person and user's unusual configuration; Report to the police and handle (user's abnormal behaviour, safety officer's abnormal behaviour, audit management person's abnormal behaviour), end abnormal process, end the user is served; The processing of reporting to the police is ended user's abnormal process again, is ended the user is served; Can not consult daily record, can not consult the concerning security matters resource, its administration behaviour personnel control that also audited.
Further, the method for above-mentioned a kind of security audit product basic composition, wherein: described client user is meant that the entering LAN need be through authentication; Access rights are managed by the safety officer; Its behavior operation is gathered and audit, will receive corresponding restriction during abnormal behavior, intra vires; The inner resource of visit LAN also is the generation person of concerning security matters resource.
The outstanding advantage of technical scheme of the present invention is mainly reflected in: after adopting technical scheme of the present invention; Carry out behavior audit to the LAN main frame, for the security of assessment LAN Information system and risk with improve security strategy and formulate Audit data and auditing service support are provided.Its application prospect is boundless.
Embodiment
A kind of method of security audit product basic composition is characterized in that: the described safety officer of having is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
In conjunction with a preferred implementation of the present invention, described is to subscriber authorisation to the user, promptly revises user's authority, comprises that password is revised, locking, and distributing user is to the access control right of file/process; The operation behavior of client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged, and the statistical study User operation log can generate and derive/print audit statement.Its administration behaviour receives security audit person's monitoring, is responsible for relevant audit by the auditor keeper.
Further combine design, described audit is monitor system keeper, safety officer's behavior, and whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization.It does not possess the authority of consulting the concerning security matters resource.
Simultaneously, described client user be meant get into LAN need be through authentication,
Access rights are managed by the safety officer, and its behavior operation is gathered and audit, will receive corresponding restriction during abnormal behavior, and intra vires, the inner resource of visit LAN also is the generation person of concerning security matters resource.
After adopting this method, carry out the behavior audit to the LAN main frame, for the security of assessment LAN Information system and risk with improve security strategy and formulate Audit data and auditing service support are provided.Its application prospect is boundless.

Claims (9)

1. the method for a security audit product basic composition is characterized in that: the described safety officer of having is responsible for, the auditor keeper is responsible for, the system manager is responsible for and the client user.
2. the method for a kind of security audit product basic composition according to claim 1 is characterized in that: described safety officer is responsible for comprising user and client end subscriber.
3. the method for a kind of security audit product basic composition according to claim 2; It is characterized in that: described is to subscriber authorisation to the user; Promptly revise user's authority, comprise that password is revised, locking, distributing user is to the access control right of file/process.
4. the method for a kind of security audit product basic composition according to claim 2; It is characterized in that: the operation behavior of described client end subscriber is to pay close attention to the user whether the unauthorized operation behavior is arranged; The statistical study User operation log; Can generate and derive/print audit statement, its administration behaviour receives security audit person's monitoring.
5. the method for a kind of security audit product basic composition according to claim 1 is characterized in that: described by the responsible relevant audit of auditor keeper.
6. the method for a kind of security audit product basic composition according to claim 5; It is characterized in that: described audit is monitor system keeper, safety officer's behavior, and whether the operation of being responsible for auditing system keeper and safety officer is consistent with examination and approval document; Generate statistical report form, analysis statisticaling data is regularly reported correlation circumstance to safe and secret management organization, and it does not possess the authority of consulting the concerning security matters resource.
7. the method for a kind of security audit product basic composition according to claim 1; It is characterized in that: described system manager has been responsible for network configuration, system configuration, database journal, authentification of user, warning and response; Daily record can not be consulted, the concerning security matters resource can not be consulted
Its administration behaviour personnel control that audited.
8. the method for a kind of security audit product basic composition according to claim 7 is characterized in that: described network configuration has configurations such as the IP address, port agreement of server, switch, controller; System configuration have process learning management, database configuration, with the coordination of operating system, the configuration of process white list; Database journal has backup, delete database daily record; Authentification of user has user's account management (newly-built, deletion); Login times surpasses allowed band, and the locking user recovers release until user applies; Report to the police and respond regular collection and dispose, comprise safety officer, audit management person and user's unusual configuration; Report to the police and handle (user's abnormal behaviour, safety officer's abnormal behaviour, audit management person's abnormal behaviour), end abnormal process, end the user is served; The processing of reporting to the police is ended user's abnormal process again, is ended the user is served; Can not consult daily record, can not consult the concerning security matters resource, its administration behaviour personnel control that also audited.
9. the method for a kind of security audit product basic composition according to claim 1; It is characterized in that: described client user is meant that the entering LAN need be through authentication, and access rights are managed by the safety officer, and its behavior operation is gathered and audited; To receive corresponding restriction during abnormal behavior; Intra vires, the inner resource of visit LAN also is the generation person of concerning security matters resource.
CN2011104390633A 2011-12-26 2011-12-26 Method for safely auditing basic components of product Pending CN102496091A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011104390633A CN102496091A (en) 2011-12-26 2011-12-26 Method for safely auditing basic components of product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011104390633A CN102496091A (en) 2011-12-26 2011-12-26 Method for safely auditing basic components of product

Publications (1)

Publication Number Publication Date
CN102496091A true CN102496091A (en) 2012-06-13

Family

ID=46187915

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011104390633A Pending CN102496091A (en) 2011-12-26 2011-12-26 Method for safely auditing basic components of product

Country Status (1)

Country Link
CN (1) CN102496091A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799808A (en) * 2012-06-18 2012-11-28 公安部交通管理科学研究所 Monitoring method for safe use of storing process of database
CN105468939A (en) * 2015-11-24 2016-04-06 苏州铭冠软件科技有限公司 Safety protection system of mobile terminal
CN107977567A (en) * 2016-10-25 2018-05-01 航天信息软件技术有限公司 A kind of distribution method of application system administrator right
CN108154354A (en) * 2018-03-13 2018-06-12 南京审计大学 Rural area three provides audit and supervision system
CN108241960A (en) * 2016-12-27 2018-07-03 天津曾琪科技有限公司 A kind of OA collaborative office management systems
CN108833363A (en) * 2018-05-23 2018-11-16 文丹 A kind of block chain right management method and system
CN109241699A (en) * 2018-07-27 2019-01-18 安徽云图信息技术有限公司 Authorizing secure auditing system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1858740A (en) * 2006-05-31 2006-11-08 武汉华工达梦数据库有限公司 'Three powers separation' safety method for data bank safety management
CN101534300A (en) * 2009-04-17 2009-09-16 公安部第一研究所 System protection framework combining multi-access control mechanism and method thereof
CN102034052A (en) * 2010-12-03 2011-04-27 北京工业大学 Operation system architecture based on separation of permissions and implementation method thereof
CN102184355A (en) * 2011-04-11 2011-09-14 浪潮电子信息产业股份有限公司 Method for realizing separation of three powers by using kernel technology

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1858740A (en) * 2006-05-31 2006-11-08 武汉华工达梦数据库有限公司 'Three powers separation' safety method for data bank safety management
CN101534300A (en) * 2009-04-17 2009-09-16 公安部第一研究所 System protection framework combining multi-access control mechanism and method thereof
CN102034052A (en) * 2010-12-03 2011-04-27 北京工业大学 Operation system architecture based on separation of permissions and implementation method thereof
CN102184355A (en) * 2011-04-11 2011-09-14 浪潮电子信息产业股份有限公司 Method for realizing separation of three powers by using kernel technology

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799808A (en) * 2012-06-18 2012-11-28 公安部交通管理科学研究所 Monitoring method for safe use of storing process of database
CN102799808B (en) * 2012-06-18 2015-04-01 公安部交通管理科学研究所 Monitoring method for safe use of storing process of database
CN105468939A (en) * 2015-11-24 2016-04-06 苏州铭冠软件科技有限公司 Safety protection system of mobile terminal
CN105468939B (en) * 2015-11-24 2018-12-14 苏州铭冠软件科技有限公司 Mobile terminal safety guard system
CN107977567A (en) * 2016-10-25 2018-05-01 航天信息软件技术有限公司 A kind of distribution method of application system administrator right
CN108241960A (en) * 2016-12-27 2018-07-03 天津曾琪科技有限公司 A kind of OA collaborative office management systems
CN108154354A (en) * 2018-03-13 2018-06-12 南京审计大学 Rural area three provides audit and supervision system
CN108833363A (en) * 2018-05-23 2018-11-16 文丹 A kind of block chain right management method and system
CN109241699A (en) * 2018-07-27 2019-01-18 安徽云图信息技术有限公司 Authorizing secure auditing system

Similar Documents

Publication Publication Date Title
CN102496091A (en) Method for safely auditing basic components of product
CN109831327B (en) IMS full-service network monitoring intelligent operation and maintenance support system based on big data analysis
CN112769825B (en) Network security guarantee method, system and computer storage medium
CN103413088B (en) A kind of computer document operation safety auditing system
CN109587174B (en) Collaborative defense method and system for network protection
CN101252441B (en) Acquired safety control method and system based on target capable of setting information safety
CN112329031A (en) Data authority control system based on data center
CN113032710A (en) Comprehensive audit supervisory system
CN103413083B (en) Unit security protection system
CN103441926B (en) Security gateway system of numerically-controllmachine machine tool network
CN101826993A (en) Method, system and device for monitoring security event
CN103684922A (en) Outlet information privacy checking detection platform system based on SDN (self-defending network) and detection method
CN101022360A (en) Local network safety management method based on IEEE 802.1X protocol
CN204465588U (en) A kind of host monitor based on server architecture and auditing system
CN104091098A (en) Document operation safety auditing system
KR20140035146A (en) Apparatus and method for information security
CN114157457A (en) Authority application and monitoring method for network data information security
CN108833425A (en) A kind of network safety system and method based on big data
CN102184355A (en) Method for realizing separation of three powers by using kernel technology
CN114844676B (en) Emergency handling system and method for network security threat of power monitoring system
CN107465688B (en) Method for identifying network application permission of state monitoring and evaluating system
CN202111721U (en) Network information security assurance system
최재현 et al. A Study on the Real-time Cyber​​ Attack Intrusion Detection Method
CN110930109A (en) Information safety system based on social surface monitoring
CN110543762A (en) Privileged account threat analysis system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20120613