CN111787112A - Safety audit method based on mail content - Google Patents
Safety audit method based on mail content Download PDFInfo
- Publication number
- CN111787112A CN111787112A CN202010637854.6A CN202010637854A CN111787112A CN 111787112 A CN111787112 A CN 111787112A CN 202010637854 A CN202010637854 A CN 202010637854A CN 111787112 A CN111787112 A CN 111787112A
- Authority
- CN
- China
- Prior art keywords
- module
- auditing
- user
- wire
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/103—Formatting, i.e. changing of presentation of documents
- G06F40/117—Tagging; Marking up; Designating a block; Setting of attributes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/30—Semantic analysis
Abstract
The invention discloses a safety auditing method based on mail content, which specifically comprises the following steps: s1, carrying out real-time monitoring and auditing on mails sent by enterprises in the mail platform system through an auditing monitoring system, firstly making an auditing strategy for mail data before auditing the mails through an auditing strategy generating module, and sending the auditing strategy to a processor for storage; s2, the information acquisition module is used for acquiring the mail information sent by the mail platform system, the invention relates to the security audit technology field. The mail content-based security audit method can provide a safe and reliable audit method for a mail platform system, does not need to use an external security filter mechanism, reduces certain economic cost, identifies and extracts sensitive data words in mails, monitors the operation behaviors of users in real time and locks abnormal users in time, improves the reliability of security audit, and prevents the problem of secret leakage by mail transmission.
Description
Technical Field
The invention relates to the technical field of security audit, in particular to a security audit method based on mail content.
Background
Safety audit is a new concept, it refers to that the professional auditor carries out the system and independent check and verification to the related activities or behaviors under the computer network environment according to the related laws and regulations, the entrustment of property owner and the authorization of the administration authority, and makes the corresponding evaluation, the safety audit is the systematic method for evaluating the safety by testing the conformity degree of the company information system to a set of determination standards, the safety audit involves four basic elements: the control method comprises the steps of performing consistency comparison on various security control measures of the enterprise and a preset security standard, determining whether each control measure exists, is executed, is effective in preventing the vulnerability, and evaluates the dependence degree of the security measures of the enterprise, obviously, the security audit is taken as a special audit project, and auditors are required to have stronger professional technical knowledge and skills.
Safety audit is used as a supplement of a traditional information safety protection means, and is one of indispensable measures in an information safety system, along with the development of internet technology, more and more netizens choose to transmit and communicate information through mails, and meanwhile, the mails easily become one of ways for enterprises to divulge secrets, so that professional auditors are required to audit the mails sent out by the enterprises, and in the prior art, additional safety filtering products are used for monitoring and processing, the required cost is higher, and the filtering mechanism causes the problems of low auditing efficiency and poor flexibility under the condition of more mail contents, so that important confidential files are easy to leak and spread, and therefore, aiming at the problems, the invention provides a safety auditing method based on the mail contents.
Disclosure of Invention
Technical problem to be solved
Aiming at the defects of the prior art, the invention provides a safety auditing method based on mail content, which solves the problems that when an extra filtering mechanism is adopted to audit a mail, the needed economic cost is high, and under the condition of more mail content, the auditing efficiency is low, the flexibility is poor, and important confidential files are easy to leak and spread.
(II) technical scheme
In order to achieve the purpose, the invention is realized by the following technical scheme: a safety auditing method based on mail content specifically comprises the following steps:
s1, carrying out real-time monitoring and auditing on mails sent by enterprises in the mail platform system through an auditing monitoring system, firstly making an auditing strategy for mail data before auditing the mails through an auditing strategy generating module, and sending the auditing strategy to a processor for storage;
s2, the information acquisition module is used for acquiring mail information sent by the mail platform system, the keyword identification module is used for comparing and marking divulging keywords identified in advance in the processor, the divulging keywords are sent to the analysis processing module, the analysis processing module is used for analyzing and processing the inlet air of the acquired mail information, and an analysis result is finally obtained according to the proportion of sensitive data;
s3, analyzing the internet surfing behavior of the user when uploading the mail by the user behavior analysis module, stopping the mail uploading behavior of the user immediately by the user side locking module when detecting the abnormal internet surfing behavior of the user, and closing the user side;
s4, according to S2 and S3, sending the divulgence data transmitted by the abnormal user and the basic information of the user to the divulgence record library through the audit management center, storing the divulgence data and the basic information, and sending the information recorded in the divulgence record library to the public security service center through the investigation evidence obtaining module when public security investigation is needed so as to facilitate subsequent investigation processing;
and S5, if the audit management center does not monitor that the mail information contains the leaked data, controlling the secure transmission module through the processor to enable the mail to be normally transmitted.
Preferably, in step S1, the mail platform system is wirelessly connected to the audit monitoring system in a bidirectional manner, and the output end of the audit policy generation module is electrically connected to the input end of the processor through a wire.
Preferably, in step S2, the input end of the information obtaining module is electrically connected to the input end of the keyword identification module through a wire, and the output end of the keyword identification module is electrically connected to the input end of the analysis processing module through a wire.
Preferably, in step S3, the output end of the user behavior analysis module is electrically connected to the input end of the user side locking module through a wire.
Preferably, in step S4, the output end of the audit management center is electrically connected to the input end of the divulgence record library through a wire, and the divulgence record library is connected to the investigation evidence-obtaining module in a wireless manner in a bidirectional manner.
Preferably, in step S4, the input end of the investigation evidence obtaining module is electrically connected to the output end of the audit management center through a wire, and the output end of the investigation evidence obtaining module is electrically connected to the input end of the wireless communication module through a wire.
Preferably, in step S4, the input end of the wireless communication module is electrically connected to the output end of the audit management center through a wire, and the wireless communication module is wirelessly connected to the public security service center in a bidirectional manner.
(III) advantageous effects
The invention provides a safety auditing method based on mail content. The method has the following beneficial effects: the safety auditing method based on the mail content is characterized in that the mails sent by enterprises in a mail platform system are monitored and audited in real time through an auditing monitoring system through S1, an auditing strategy for mail data is firstly formulated through an auditing strategy generating module before the mails are audited, and the auditing strategy is sent to a processor for storage; s2, the information acquisition module is used for acquiring mail information sent by the mail platform system, the keyword identification module is used for comparing and marking divulging keywords identified in advance in the processor, the divulging keywords are sent to the analysis processing module, the analysis processing module is used for analyzing and processing the inlet air of the acquired mail information, and an analysis result is finally obtained according to the proportion of sensitive data; s3, analyzing the internet surfing behavior of the user when uploading the mail by the user behavior analysis module, stopping the mail uploading behavior of the user immediately by the user side locking module when detecting the abnormal internet surfing behavior of the user, and closing the user side; s4, according to S2 and S3, sending the divulgence data transmitted by the abnormal user and the basic information of the user to the divulgence record library through the audit management center, storing the divulgence data and the basic information, and sending the information recorded in the divulgence record library to the public security service center through the investigation evidence obtaining module when public security investigation is needed so as to facilitate subsequent investigation processing; s5, if the mail information is not monitored by the audit management center to have divulged data, the safe transmission module is controlled by the processor to enable the mail to be normally transmitted, a safe and reliable audit method can be provided for the mail platform system, an external safe filtering mechanism is not needed, certain economic cost is reduced, sensitive data words in the mail are identified and extracted, the operation behavior of a user is monitored in real time, abnormal users are locked in time, the reliability of safe audit is improved, and the problem of divulging the secret by using mail transmission is prevented.
Drawings
FIG. 1 is a schematic block diagram of the architecture of the system of the present invention;
FIG. 2 is a block diagram of the audit monitoring system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, an embodiment of the present invention provides a technical solution: a safe audit method based on mail content can provide a safe and reliable audit method for a mail platform system, an external safe filtering mechanism is not needed, certain economic cost is reduced, sensitive data words in mails are identified and extracted, operation behaviors of users are monitored in real time, abnormal users are locked in time, reliability of safe audit is improved, and the problem of secret leakage by mail transmission is prevented, and the method specifically comprises the following steps:
s1, carrying out real-time monitoring and auditing on mails sent by enterprises in the mail platform system through an auditing monitoring system, firstly making an auditing strategy for mail data before auditing the mails through an auditing strategy generating module, and sending the auditing strategy to a processor for storage;
s2, the information acquisition module is used for acquiring mail information sent by the mail platform system, the keyword identification module is used for comparing and marking divulging keywords identified in advance in the processor, the divulging keywords are sent to the analysis processing module, the analysis processing module is used for analyzing and processing the inlet air of the acquired mail information, and an analysis result is finally obtained according to the proportion of sensitive data;
s3, analyzing the internet surfing behavior of the user when uploading the mail by the user behavior analysis module, stopping the mail uploading behavior of the user immediately by the user side locking module when detecting the abnormal internet surfing behavior of the user, and closing the user side;
s4, according to S2 and S3, sending the divulgence data transmitted by the abnormal user and the basic information of the user to the divulgence record library through the audit management center, storing the divulgence data and the basic information, and sending the information recorded in the divulgence record library to the public security service center through the investigation evidence obtaining module when public security investigation is needed so as to facilitate subsequent investigation processing;
and S5, if the audit management center does not monitor that the mail information contains the leaked data, controlling the secure transmission module through the processor to enable the mail to be normally transmitted.
In the invention, in step S1, the mail platform system realizes bidirectional connection with the audit monitoring system through wireless, the output end of the audit strategy generation module is electrically connected with the input end of the processor through a wire, the processor is a central processing unit which is used as the operation and control core of the computer system and is the final execution unit of information processing and program operation, the CPU has made great development on the extension of logic structure, operation efficiency and function since the generation, and the model of the central processing unit is ARM 9.
In step S2, the input terminal of the information acquisition module is electrically connected to the input terminal of the keyword identification module through a wire, and the output terminal of the keyword identification module is electrically connected to the input terminal of the analysis processing module through a wire.
In step S3, the output terminal of the user behavior analysis module is electrically connected to the input terminal of the user side locking module through a wire.
In the invention, in step S4, the output end of the audit management center is electrically connected with the input end of the leakage record library through a wire, and the leakage record library is in bidirectional connection with the investigation evidence-obtaining module through wireless.
In step S4, the input terminal of the investigation and evidence obtaining module is electrically connected to the output terminal of the audit management center through a wire, and the output terminal of the investigation and evidence obtaining module is electrically connected to the input terminal of the wireless communication module through a wire.
In the invention, in step S4, the input end of a wireless communication module is electrically connected with the output end of an audit management center through a wire, the wireless communication module realizes bidirectional connection with a public security service center through wireless, the wireless communication module is widely applied to the fields of vehicle monitoring, remote control, remote measurement, small wireless networks, wireless meter reading, access control systems, cell paging, industrial DATA acquisition systems, wireless tags, identity recognition, non-contact RF smart cards, small wireless DATA terminals, safety fire protection systems, wireless remote control systems, biological signal acquisition, hydrological weather monitoring, robot control, wireless 232 DATA communication, wireless 485/422 DATA communication, digital audio, digital image transmission and the like, and the model of the wireless communication module is DATA-6106.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. A safety auditing method based on mail content is characterized in that: the method specifically comprises the following steps:
s1, carrying out real-time monitoring and auditing on mails sent by enterprises in the mail platform system through an auditing monitoring system, firstly making an auditing strategy for mail data before auditing the mails through an auditing strategy generating module, and sending the auditing strategy to a processor for storage;
s2, the information acquisition module is used for acquiring mail information sent by the mail platform system, the keyword identification module is used for comparing and marking divulging keywords identified in advance in the processor, the divulging keywords are sent to the analysis processing module, the analysis processing module is used for analyzing and processing the inlet air of the acquired mail information, and an analysis result is finally obtained according to the proportion of sensitive data;
s3, analyzing the internet surfing behavior of the user when uploading the mail by the user behavior analysis module, stopping the mail uploading behavior of the user immediately by the user side locking module when detecting the abnormal internet surfing behavior of the user, and closing the user side;
s4, according to S2 and S3, sending the divulgence data transmitted by the abnormal user and the basic information of the user to the divulgence record library through the audit management center, storing the divulgence data and the basic information, and sending the information recorded in the divulgence record library to the public security service center through the investigation evidence obtaining module when public security investigation is needed so as to facilitate subsequent investigation processing;
and S5, if the audit management center does not monitor that the mail information contains the leaked data, controlling the secure transmission module through the processor to enable the mail to be normally transmitted.
2. A method for secure auditing based on mail content according to claim 1, where: in step S1, the mail platform system is wirelessly connected to the audit monitoring system in a bidirectional manner, and the output terminal of the audit policy generation module is electrically connected to the input terminal of the processor through a wire.
3. A method for secure auditing based on mail content according to claim 1, where: in step S2, the input terminal of the information obtaining module is electrically connected to the input terminal of the keyword identification module through a wire, and the output terminal of the keyword identification module is electrically connected to the input terminal of the analysis processing module through a wire.
4. A method for secure auditing based on mail content according to claim 1, where: in step S3, the output terminal of the user behavior analysis module is electrically connected to the input terminal of the user side locking module through a wire.
5. A method for secure auditing based on mail content according to claim 1, where: in the step S4, the output end of the audit management center is electrically connected to the input end of the divulgence record library through a wire, and the divulgence record library is in bidirectional connection with the investigation evidence-obtaining module through wireless.
6. A method for secure auditing based on mail content according to claim 1, where: in step S4, the input terminal of the investigation evidence obtaining module is electrically connected to the output terminal of the audit management center through a wire, and the output terminal of the investigation evidence obtaining module is electrically connected to the input terminal of the wireless communication module through a wire.
7. A method for secure auditing based on mail content according to claim 1, where: in the step S4, the input end of the wireless communication module is electrically connected to the output end of the audit management center through a wire, and the wireless communication module is wirelessly connected to the public security service center in a bidirectional manner.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637854.6A CN111787112A (en) | 2020-07-03 | 2020-07-03 | Safety audit method based on mail content |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010637854.6A CN111787112A (en) | 2020-07-03 | 2020-07-03 | Safety audit method based on mail content |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111787112A true CN111787112A (en) | 2020-10-16 |
Family
ID=72759623
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010637854.6A Pending CN111787112A (en) | 2020-07-03 | 2020-07-03 | Safety audit method based on mail content |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111787112A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598673A (en) * | 2022-05-09 | 2022-06-07 | 太平金融科技服务(上海)有限公司深圳分公司 | Electronic mailbox system, mailbox processing method, device and computer equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188196A1 (en) * | 2000-06-02 | 2003-10-02 | Jeong-Hwan Choi | E-mail security audit system for company security |
| CN101895578A (en) * | 2010-07-06 | 2010-11-24 | 国都兴业信息审计系统技术(北京)有限公司 | Document monitor and management system based on comprehensive safety audit |
| US20160142350A1 (en) * | 2014-11-18 | 2016-05-19 | Commvault Systems, Inc. | Storage and management of mail attachments |
| CN106656728A (en) * | 2015-10-30 | 2017-05-10 | 国家电网公司 | Mail detection and monitoring system |
| CN109218168A (en) * | 2018-09-26 | 2019-01-15 | 江苏神州信源系统工程有限公司 | The blocking-up method and device of sensitive e-mail messages |
| CN110611608A (en) * | 2019-09-29 | 2019-12-24 | 武汉思普崚技术有限公司 | WEB mail auditing method and system |
-
2020
- 2020-07-03 CN CN202010637854.6A patent/CN111787112A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030188196A1 (en) * | 2000-06-02 | 2003-10-02 | Jeong-Hwan Choi | E-mail security audit system for company security |
| CN101895578A (en) * | 2010-07-06 | 2010-11-24 | 国都兴业信息审计系统技术(北京)有限公司 | Document monitor and management system based on comprehensive safety audit |
| US20160142350A1 (en) * | 2014-11-18 | 2016-05-19 | Commvault Systems, Inc. | Storage and management of mail attachments |
| CN106656728A (en) * | 2015-10-30 | 2017-05-10 | 国家电网公司 | Mail detection and monitoring system |
| CN109218168A (en) * | 2018-09-26 | 2019-01-15 | 江苏神州信源系统工程有限公司 | The blocking-up method and device of sensitive e-mail messages |
| CN110611608A (en) * | 2019-09-29 | 2019-12-24 | 武汉思普崚技术有限公司 | WEB mail auditing method and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114598673A (en) * | 2022-05-09 | 2022-06-07 | 太平金融科技服务(上海)有限公司深圳分公司 | Electronic mailbox system, mailbox processing method, device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107577939B (en) | Data leakage prevention method based on keyword technology | |
| CN101751535B (en) | Data loss protection through application data access classification | |
| CN110851872B (en) | Risk assessment method and device for private data leakage | |
| CN114021184A (en) | Data management method and device, electronic equipment and storage medium | |
| CN108390857B (en) | Method and device for exporting file from high-sensitivity network to low-sensitivity network | |
| CN113469857A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN113792308A (en) | Government affair sensitive data oriented security behavior risk analysis method | |
| CN110826094A (en) | Information leakage monitoring method and device | |
| CN111787112A (en) | Safety audit method based on mail content | |
| CN204680024U (en) | Computer security based on dynamic human face recognition technology is taken precautions against and early warning system | |
| CN110874483A (en) | Method and device for preventing personal information from being leaked | |
| CN101819617A (en) | Software defect based method for quantificationally estimating software credibility | |
| KR20110037578A (en) | The integration security monitoring system and method thereof | |
| CN114168830A (en) | Public opinion data processing system and method, computer storage medium and electronic equipment | |
| CN116739596A (en) | Blockchain-based transaction supervision method, device, equipment, medium and product | |
| CN111221802A (en) | Digital asset risk management and control system and method based on big data | |
| KR102304237B1 (en) | compliance management system through automatic diagnosis of infrastructure asset threat and method therefor | |
| KR102304231B1 (en) | compliance management support system using hierarchical structure and method therefor | |
| CN115994791A (en) | Risk judgment method based on integral user state snapshot and quantitative analysis | |
| CN113282506A (en) | Test data acquisition method, device, equipment and computer readable storage medium | |
| CN102024104A (en) | Computer safety inspecting and scoring method | |
| CN117390679B (en) | Intelligent monitoring method for secret-related information carrier | |
| CN116186718B (en) | Reinforcing test method based on kernel protection server data | |
| CN117034305A (en) | Sensitive information identification method, device, computer equipment and readable storage medium | |
| KR20230131665A (en) | System for data recording and management using qr code |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20201016 |
|
| WD01 | Invention patent application deemed withdrawn after publication |