CN103812682A - Safety audit method and device - Google Patents
Safety audit method and device Download PDFInfo
- Publication number
- CN103812682A CN103812682A CN201210457363.9A CN201210457363A CN103812682A CN 103812682 A CN103812682 A CN 103812682A CN 201210457363 A CN201210457363 A CN 201210457363A CN 103812682 A CN103812682 A CN 103812682A
- Authority
- CN
- China
- Prior art keywords
- extensive
- analysis
- module
- daily record
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Provided is a safety audit method and device. The safety audit method comprises the steps of performing statistic analysis generalization on acquired log information and obtaining event information produced by multiple systems; analyzing a processing result and obtained event information after the statistic analysis generalization according to a preset audit analysis strategy to obtain an analysis result. By adopting the safety audit method and device, safety audit is performed on behaviors of operation and maintenance persons in an operation and maintenance region in safety management platforms, and the operation and maintenance behaviors of the operation and maintenance region in the safety management platforms are standardized and securitized. In addition, managers can perform the safety audit on the operation behaviors of the operation and maintenance persons in various safety systems according to the analysis result, detects illegal events and performs follow-up processing, and accordingly the safety risk of the operation and maintenance behaviors is reduced.
Description
Technical field
The present invention relates to technology O&M safe practice, espespecially a kind of in multiple safety system situation, realize method and the device of security audit.
Background technology
Along with industry user's network configuration is increasingly sophisticated, concentrating of the concentrated drive data of business and application, various O&M systems are more and more, and O&M personnel are also more and more, and increasing for O&M personnel's mobility, the management of O&M system is but become increasingly complex.At present, also not for O&M area people, the operation behavior in multiple safety systems is not carried out the scheme of security audit, especially industry user at DLP, unified safety management platform solution (4A, comprise authentication (Authentication), account (Account), mandate (Authorization), audit (Audit)), the behavior of O&M operation is carried out in terminal and gate inhibition's login.
That is to say, at present, in multiple safety system situation, the security audit of the operation behavior of O&M area people in multiple safety system does not have specific implementation.Certainly exist like this O&M behavior safety risk.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method and device of security audit, can realize the security audit of the operation behavior of O&M area people in multiple safety system, thereby reduces O&M behavior safety risk.
For achieving the above object, technical scheme of the present invention is achieved in that
A method for security audit, comprising: the log information collecting is carried out to the extensive processing of statistical analysis; Obtain the event information that multisystem produces, according to the audit analysis strategy setting in advance, the event information of the extensive result after treatment of statistical analysis and acquisition is analyzed, obtain analysis result.
Before described method, also comprise: by log collector, log information is gathered.
In such scheme, set in advance the extensive strategy of daily record; Describedly the log information collecting is carried out to the extensive processing of statistical analysis comprise: according to the extensive strategy of the daily record setting in advance, the log information gathering is carried out to statistical analysis extensive, and the result of analyzing after extensive is stored according to dissimilar.
Described method also comprises: according to described analysis result, obtain the event breaking the rules.
A device for security audit, at least comprises the extensive module of daily record, administration module, daily record search module, and WEB SERVICE interface module, wherein,
Daily record search module, for receiving the event information of user's input;
The extensive module of daily record, has wherein set in advance the extensive strategy of daily record; For according to the extensive strategy of the daily record setting in advance, the log information gathering is carried out to statistical analysis extensive, and the result after extensive analysis is stored in data module according to dissimilar;
WEB SERVICE interface module, administration module, by WEB SERVICE interface module, docks with other system, and the event that other system is produced stores in data module;
Administration module, for realizing audit strategy management and auditing result management.
Described administration module is also for user management, user grouping management, organization's management, rights management, statistical analysis tactical management, analysis result management.
Described WEB SERVICE interface module adopts expandable mark language XML, or simple object access protocol is realized.
The technical scheme providing from the invention described above can be found out, by the present invention, security audit has been carried out in behavior to the O&M personnel in O&M region in each safety management platform, has guaranteed the standardization of O&M safety zone in the O&M behavior of each safety management platform, safe.Meanwhile, by analysis result, keeper can the operation behavior in multiple safety system carry out security audit to O&M area people, detects event in violation of rules and regulations and carries out subsequent treatment, thereby having reduced O&M behavior safety risk.
Accompanying drawing explanation
Fig. 1 is the structure composition schematic diagram of the present invention's device of realizing security audit;
Fig. 2 is the flow chart that the present invention realizes the method for security audit.
Embodiment
Fig. 1 is the structure composition schematic diagram of the present invention's device of realizing security audit, as shown in Figure 1, at least comprises the extensive module of daily record, administration module, daily record search module, and WEB SERVICE interface module, wherein,
Daily record search module, for gathering the event information of user's input, as beginning, end time that event occurs, the type of event, assembled log searching statement, accurately the location concrete IT daily record data relevant to event.The specific implementation of daily record search module belongs to those skilled in the art's conventional techniques means, the protection range being not intended to limit the present invention.
The extensive module of daily record, has wherein set in advance the extensive strategy of daily record.Be used for according to the extensive strategy of the daily record setting in advance, the IT daily record data gathering is carried out to statistical analysis extensive, obtain someone and (being attendant) certain time carried out certain generic operation, and the result after extensive analysis is stored in data module according to dissimilar.Wherein, the extensive strategy of daily record refers to according to whom, when, what place, what has been done to what this basic principle original I T daily record data has been carried out extensive, extract the data that more can allow people understand and can secondary analysis out.Can be to distinguish according to business according to dissimilar storage, if for example analysis is the daily record for gate inhibition, can examine attendant's work attendance information, this can take out work attendance in violation of rules and regulations; If what analyze is the event of DLP, can take out in violation of rules and regulations this type of file transfer, etc., that is to say according to dissimilar storage it is mainly the type of the event of dividing according to business.
WEB SERVICE interface module, administration module, by WEB SERVICE interface module, docks with other system, and the event that other system is produced stores in data module.By WEB SERVICE interface module, for each safety management platform provides IT log statistic analytic function, the interface interchange of standard can make newly-built platform access fast, has reduced existing platform retrofit work amount, transformation risk, saves improvement cost.Here, the event that other system produces refers to the time of other system, such as DLP system scan system is uploaded the file of download, produces the event that file transfer is divulged a secret; Gate control system generates personnel's work attendance information etc., and these can say event.The present invention can be deposited into these event information classification in memory module, as the initial data of other analyses.
WEB SERVICE interface be a platform independently, loose coupling, self-contained, application program based on programmable web, for two system communications, a system can be from the required data of another one system acquisition.Can use open extend markup language (XML) standard to describe, issue, find, coordinate and configure these application programs, for developing the application program of distributed interoperability, this technology is prior art, only need to define the standard information of two interfaces just, mainly need two kinds of technology: one is XML technology, XML is the great mode that transmits structural data on web, Web services will be with the reliably automatic mode operating data of one, HTML (HTML) can not meet the demands, and XML can make web services deal with data very easily, its content is very good with separating of expression.Another kind is Simple Object Access Protocol (SOAP) technology, SOAP uses XML message call remote method, it is mutual that web services can pass through the post of HTTP (HTTP) and get method and remote machine like this, and SOAP is more healthy and stronger and easy-to-use flexibly.For those skilled in the art, the conventional techniques means that above-mentioned two kinds of specific implementations of WEB SERVICE interface are those skilled in the art, the protection range that concrete methods of realizing is not intended to limit the present invention.
Administration module, for realizing user management, user grouping management, organization's management, rights management, statistical analysis tactical management, analysis result management, also comprises audit strategy management and auditing result management.Wherein, these users' essential information is mainly managed in user management.And system of the present invention is mainly used for these users' of standard behavior.With these user-dependent these users are what project team, what organization (producer), what the authority in this system is, these information are all user's essential informations.Statistical analysis tactical management is for management statistics analysis strategy, and as tactful type, whether rule, enable etc.Such as the rule of definition work attendance, when go to work, when to come off duty, what calculates late, and what calculates absence from work without reason etc., after defining, analyzes data by these rules, with the user's that audits behavior.And analysis result is exactly the result according to analysis of strategies.By such analysis, whom can inquire and violated what rule.For example when late someone is, and someone has divulged a secret etc. by transfer files.
Wherein, the same with statistical analysis policy management capability, audit strategy management is that audit analysis strategy is managed.The pre-configured audit analysis strategy of administration module, the result of memory module will be stored in after extensive from the extensive module of daily record, and produce and be written to the event information of memory module via WEB SERVICE interface module, analyze according to audit analysis strategy, to detect the event (being analysis result) breaking the rules, and store in memory module;
Auditing result management is to audit analysis result, i.e. audit analysis event carry out report form showing, or by modes such as system pop-up window and notes, analysis result is informed to O&M safety manager.Further, also for analysis result being retrieved according to the information such as Time To Event, policy name.
By apparatus of the present invention, security audit has been carried out in the behavior to the O&M personnel in O&M region in each safety management platform, has guaranteed the standardization of O&M safety zone in the O&M behavior of each safety management platform, safe.Meanwhile, by analysis result, keeper can the operation behavior in multiple safety system carry out security audit to O&M area people, detects event in violation of rules and regulations and carries out subsequent treatment, thereby having reduced O&M behavior safety risk.
Fig. 2 is the flow chart that the present invention realizes the method for security audit, and the inventive method comprises:
Step 200: the log information collecting is carried out to the extensive processing of statistical analysis.
Before this step, also comprise: by log collector, log information is gathered, specific implementation belongs to prior art, and it is not intended to limit the scope of the invention, and repeats no more here.
In this step, according to the extensive strategy of the daily record setting in advance, the IT daily record data gathering is that log information carries out statistical analysis extensive, obtain someone and (being attendant) certain time carried out certain generic operation, and the result after extensive analysis is stored in data module according to dissimilar.Wherein, the extensive strategy of daily record refers to according to whom, when, what place, what has been done to what this basic principle original I T daily record data has been carried out extensive, extract the data that more can allow people understand and can secondary analysis out.Can be to distinguish according to business according to dissimilar storage, if for example analysis is the daily record for gate inhibition, can examine attendant's work attendance information, this can take out work attendance in violation of rules and regulations; If what analyze is the event of DLP, can take out in violation of rules and regulations this type of file transfer, etc., that is to say according to dissimilar storage it is mainly the type of the event of dividing according to business.
Step 201: obtain the event information that multisystem produces, such as DLP, gate inhibition etc.
Step 202: according to the audit analysis strategy setting in advance, the event information of the extensive result after treatment of statistical analysis and acquisition is analyzed, obtained analysis result.
This step will be stored in the result of memory module after extensive from the extensive module of daily record, and produces and be written to the event information of memory module via WEB SERVICE interface module, analyzes, to detect the event breaking the rules according to audit analysis strategy.
By the inventive method, by analysis result, keeper can the operation behavior in multiple safety system carry out security audit to O&M area people, detects event in violation of rules and regulations and carries out subsequent treatment, thereby having reduced O&M behavior safety risk.
The inventive method also further comprises step 203: according to analysis result, obtain the event breaking the rules.Like this,
Further, user can also retrieve analysis result according to the information such as Time To Event, policy name.
The above, be only preferred embodiment of the present invention, is not intended to limit protection scope of the present invention.
Claims (7)
1. a method for security audit, is characterized in that, comprising:
The log information collecting is carried out to the extensive processing of statistical analysis;
Obtain the event information that multisystem produces, according to the audit analysis strategy setting in advance, the event information of the extensive result after treatment of statistical analysis and acquisition is analyzed, obtain analysis result.
2. method according to claim 1, is characterized in that, also comprises: by log collector, log information is gathered before the method.
3. method according to claim 1 and 2, is characterized in that, sets in advance the extensive strategy of daily record; Describedly the log information collecting carried out to the extensive processing of statistical analysis comprise:
According to the extensive strategy of the daily record setting in advance, the log information gathering is carried out to statistical analysis extensive, and the result after extensive analysis is stored according to dissimilar.
4. method according to claim 1 and 2, is characterized in that, the method also comprises: according to described analysis result, obtain the event breaking the rules.
5. a device for security audit, is characterized in that, at least comprises the extensive module of daily record, administration module, daily record search module, and WEB SERVICE interface module, wherein,
Daily record search module, for receiving the event information of user's input;
The extensive module of daily record, has wherein set in advance the extensive strategy of daily record; For according to the extensive strategy of the daily record setting in advance, the log information gathering is carried out to statistical analysis extensive, and the result after extensive analysis is stored in data module according to dissimilar;
WEB SERVICE interface module, administration module, by WEB SERVICE interface module, docks with other system, and the event that other system is produced stores in data module;
Administration module, for realizing audit strategy management and auditing result management.
6. device according to claim 5, is characterized in that, described administration module is also for user management, user grouping management, organization's management, rights management, statistical analysis tactical management, analysis result management.
7. according to the device described in claim 5 or 6, it is characterized in that, described WEB SERVICE interface module adopts expandable mark language XML, or simple object access protocol is realized.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210457363.9A CN103812682A (en) | 2012-11-14 | 2012-11-14 | Safety audit method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210457363.9A CN103812682A (en) | 2012-11-14 | 2012-11-14 | Safety audit method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103812682A true CN103812682A (en) | 2014-05-21 |
Family
ID=50708924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210457363.9A Pending CN103812682A (en) | 2012-11-14 | 2012-11-14 | Safety audit method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103812682A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326085A (en) * | 2016-08-16 | 2017-01-11 | 成都菜鸟网络技术有限公司 | Auditing method for electric power information log |
| CN106778136A (en) * | 2016-12-19 | 2017-05-31 | 广州市申迪计算机系统有限公司 | A kind of auditing method for screening the log-in events that detour |
| US20220083694A1 (en) * | 2020-09-11 | 2022-03-17 | Fujifilm Business Innovation Corp. | Auditing system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
-
2012
- 2012-11-14 CN CN201210457363.9A patent/CN103812682A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101257399A (en) * | 2007-12-29 | 2008-09-03 | 中国移动通信集团四川有限公司 | Service system united safe platform |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106326085A (en) * | 2016-08-16 | 2017-01-11 | 成都菜鸟网络技术有限公司 | Auditing method for electric power information log |
| CN106778136A (en) * | 2016-12-19 | 2017-05-31 | 广州市申迪计算机系统有限公司 | A kind of auditing method for screening the log-in events that detour |
| CN106778136B (en) * | 2016-12-19 | 2018-09-04 | 广州市申迪计算机系统有限公司 | A kind of auditing method for screening detour log-in events |
| US20220083694A1 (en) * | 2020-09-11 | 2022-03-17 | Fujifilm Business Innovation Corp. | Auditing system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104063473B (en) | A kind of database audit monitoring system and its method | |
| US10917417B2 (en) | Method, apparatus, server, and storage medium for network security joint defense | |
| CN104035404B (en) | The development approach of operation order real-time status monitoring | |
| CN101482987B (en) | Central control and management method for outdoor communication machine room door based on communication network | |
| CN106330919A (en) | Operation and maintenance safety auditing method and system | |
| CN105139139A (en) | Data processing method, device and system for operation and maintenance audit | |
| CN103606034A (en) | Official seal intelligent supervision method with special supervision system | |
| EP2299650A1 (en) | Method for recognising anomalies in a control network | |
| CN104318389A (en) | Campus dormitory prevention and evacuation safety management system | |
| CN103941652A (en) | Method and device suitable for security protection and security audit of various DCS production control systems | |
| CN101127133A (en) | Door access remote management method | |
| CN105589786A (en) | Management method and apparatus for Windows log | |
| CN103903077A (en) | Danger source supervision system and method | |
| CN103722915A (en) | Stamping machine with file conveying function | |
| CN110363014A (en) | A kind of auditing system of database | |
| CN103812682A (en) | Safety audit method and device | |
| CN101426008B (en) | Audit method and system based on back display | |
| CN102496091A (en) | Method for safely auditing basic components of product | |
| CN204680024U (en) | Computer security based on dynamic human face recognition technology is taken precautions against and early warning system | |
| CN102509057B (en) | Mark-based method for safely filtering unstructured data | |
| CN113132370A (en) | Universal integrated safety pipe center system | |
| US10567436B2 (en) | Recording remote access actions in video files | |
| CN103606035A (en) | Official seal intelligent supervision system | |
| CN103366433A (en) | System and method for monitoring state of one-card entrance guard in real time | |
| CN103198376A (en) | Police information network border accessing platform service improvement system where inner network acts as agent of outer network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140521 |
|
| RJ01 | Rejection of invention patent application after publication |