CN115277061A - Network security service management system and method - Google Patents
Network security service management system and method Download PDFInfo
- Publication number
- CN115277061A CN115277061A CN202210661852.XA CN202210661852A CN115277061A CN 115277061 A CN115277061 A CN 115277061A CN 202210661852 A CN202210661852 A CN 202210661852A CN 115277061 A CN115277061 A CN 115277061A
- Authority
- CN
- China
- Prior art keywords
- management
- module
- unit
- monitoring
- technical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention relates to a network security service management system and method, the system includes management module, technical module, coordination module and ability module; the technical module is used for monitoring various safety matters existing in the network in real time and uploading monitoring results to the management module; the management module is used for analyzing and processing the monitoring result to generate backlog; the cooperative module is used for performing task decomposition on the items to be transacted to generate a plurality of subtasks and distributing the subtasks to corresponding work groups, the work group cooperative technology module executes the subtasks, and the cooperative module uploads the executed feedback result to the management module; the capacity module integrates various business elements to complete business capacity accumulation and conversion, and provides business support for other modules in a management enabling, technical enabling and collaborative enabling mode. Through system integration of a plurality of modules, a network security service system is effectively constructed, and the problems of fragmentation of security services, management disjointing, serious dependence on personal experience and capability and the like are solved.
Description
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a network security service management system and a network security service management method.
Background
In the field of network security services, a decision layer lacks a system and a method for security systematization planning, construction, operation, management and decision, so that the fragmentation of security services, headache and headache of feet are caused, and major security events occur without knowing how to decide and handle; problems that safety management is disconnected with safety technology, managers and technicians are not cooperated and the like occur in a management layer, so that the situation of occurrence is not intuitively known enough in the upper layer, how to deal with the problems is unclear, information is asynchronous, management is delayed, and work is passive; the execution layer only attaches importance to the use of security products, and depends on security management and process operation, so that the situation of being broken in the network is frequently caused. The above problems of the network security service are usually solved by using traditional decision management means and methods to decide, manage and execute three layers of problems depending on personal experience and ability or consulting suggestions provided by third parties.
By utilizing the traditional management method, the network security service depends heavily on personal experience and ability or suggestions provided by a third party, systematic system support and digital technology support are lacked, and the planning, construction, operation, management and decision of the network security service cannot be effectively and comprehensively realized systematically, and the network security service cannot be adapted to a digital transformation strategy and cannot guarantee scientific decision, systematic management and effective execution of the security service.
Disclosure of Invention
The invention aims to provide a network security service management system and a method thereof, which aim to solve the problems that the network security service seriously depends on personal experience and ability or suggestions provided by a third party by using the traditional management means and method and lacks systematic system support and digital technology support, and the technical problems to be solved by the invention are realized by the following technical scheme:
in one aspect, the present invention provides a network security service management system, including: the system comprises a management module, a technical module and a coordination module;
the technical module is used for monitoring various safety matters existing in the network in real time and uploading monitoring results to the management module;
the management module is used for analyzing and processing the monitoring result to generate backlogs and sending the backlogs to the coordination module;
the cooperation module is used for performing task decomposition on the to-be-handled items to generate a plurality of subtasks and distributing the subtasks to corresponding work groups, the work groups cooperate with the technical module to execute the subtasks, and the cooperation module uploads the executed feedback results to the management module.
Preferably, the technical module comprises a compliance monitoring unit, an event monitoring unit and a risk monitoring unit;
the compliance monitoring unit is used for monitoring violation problems and compliance defects in the network in real time;
the event monitoring unit is used for monitoring various security events occurring in the network in real time, wherein the security events include but are not limited to network intrusion events, encryption lasso events and data leakage events;
the risk monitoring unit is used for overall process technology monitoring for identifying, evaluating and responding to potential security risks in the network, wherein the potential security risks include but are not limited to vulnerability risks and asset vulnerability risks.
Preferably, the management module comprises a decision management unit, a transaction management unit, a target management module and a supervision management module;
the decision management unit is used for managing important matters concerned by the decision layer;
the affair management unit is used for managing daily superior reporting affairs, subordinate monitoring and reporting affairs and other department business collaborative affairs;
the target management unit is used for managing target formulation and task decomposition of a safety business department;
the supervision and management unit is used for overall planning, supervision and hierarchical management of safety business of the headquarter to subordinate departments.
Preferably, the coordination module includes a transaction coordination unit, a group management unit, a task execution unit, and a planning and arranging unit;
the event coordination unit is used for completing closed loop of event disposal for various backlogs generated by the management module and the technical module in a multi-party coordination and task decomposition mode;
the group management unit is used for managing a work group established for completing related matters, and the work group is a work unit formed by internal and external business related personnel and used for completing a specific matter/task;
the task execution unit is used for decomposing the backlog into a plurality of subtasks and delivering the subtasks to the related work group for execution;
the preplan arrangement unit is used for predefining related preplans before service decision, transaction management or task execution, and the preplans comprise decision preplans, management preplans and execution preplans.
Preferably, the system further comprises a capability module for applying relevant element capabilities to the management module, the technical module and the collaboration module by way of management enabling, technical service and collaboration enabling.
Preferably, the capability module includes, but is not limited to, a team element unit, a resource element unit, a technical element unit, a system element unit, a standard element unit, a plan element unit, a flow element unit, a knowledge element unit, and a digital element unit;
the team element unit is used for carrying out organization, construction and management, post responsibility, talent selection and educational culture of a safety business department through identity management and personnel management;
the resource element unit is used for providing various platform resources, product resources, data resources, tool resources, supply chain resources and ecological resources used by the security service;
the technical element unit is used for providing contents related to technology in security business, wherein the contents include but are not limited to security compliance, IT infrastructure protection, advanced threat countermeasure, technical means and technical methods used in business and data security;
the system element unit is used for providing a handling rule or an action rule which is commonly followed by the safety business department;
the standard element unit is used for providing a whole set of service operation scheme, specification and index established around the target;
the plan element unit is used for providing a scheme formulated before business decision, transaction management and task execution;
the process element unit is used for defining, arranging, executing and optimizing the workflow involved in the safety service full life cycle;
the knowledge element unit is used for providing basic data accumulated in the operation process of the security service;
the digital element unit is used for providing the capability of helping the security service to complete digital transformation and an index for measuring the digital maturity of the security service.
On the other hand, the invention also provides a network security service management method, which comprises the following steps:
monitoring various safety items existing in the network in real time through a technical module, and uploading a monitoring result to a management module;
the management module analyzes and processes the monitoring result to generate backlogs and sends the backlogs to the coordination module;
the cooperation module carries out task decomposition on the to-be-handled items to generate a plurality of subtasks, the subtasks are distributed to corresponding work groups, the work groups cooperate with the technical module to execute the subtasks, and the cooperation module uploads the executed feedback results to the management module.
Preferably, the step of analyzing and processing the monitoring result by the management module to generate backlogs, and sending the backlogs to the coordination module by the management module includes:
analyzing the monitoring result to obtain the importance level of the monitoring result;
if the importance level of the monitoring result is very important, starting a leader decision-making process to determine a leader plan, and generating the backlog according to the determined leader plan;
if the importance level of the monitoring result is general importance, starting a management approval process to determine a management plan, and generating the backlog according to the determined management plan;
and if the importance level of the monitoring result is common importance, starting an automatic processing flow to determine an execution plan, and generating the backlog according to the determined execution plan.
In still another aspect, the present invention provides an electronic device, including: a processor and a memory having computer readable instructions stored thereon which, when executed by the processor, implement the network security traffic management method as described above.
In yet another aspect, the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the network security service management method as described above.
Compared with the prior art, the network security service management system and the method can effectively realize the construction of a network security service system, organically, completely and efficiently operate the network security service through a systematic system and a digital technology, and avoid the defects of lack of system support and excessive dependence on experience and capability of people in the traditional situation; the problems of compliance, event and risk monitoring are solved through a technical module, and the connection problem of technology and management is solved through monitoring and reporting; through the decision management of the management module, the decision plan is scientific, the problem that the headache and foot pain of the headache doctor cannot be solved, how to deal with the problem is not known, various transactions are disclosed and streamlined through the transaction management, the problems of service fragmentation, information asynchronization, management lag and work passivity are avoided, and through the target management, the problem that the management layer can only see the target and the result and cannot perform fine management on the execution process is solved by utilizing a digital process operation mode; through the cooperation module, the problems of upper and lower cooperation, inner and outer cooperation, left and right cooperation and man-machine cooperation are effectively solved, and the execution of the affairs and tasks falls to the ground more efficiently; through the accumulation, transformation and energization of various elements of the capability module, the capability and level of security business can be continuously improved so as to deal with the challenges of various security compliance, the challenges of various threats and the challenges of digital transformation.
Drawings
FIG. 1 is a schematic diagram of a network security service management system according to some embodiments of the present invention;
FIG. 2 is a schematic structural diagram of another embodiment of a network security service management system according to the present invention;
FIG. 3 is a flow diagram illustrating some embodiments of a network security service management method of the present invention;
FIG. 4 is a flowchart illustrating some embodiments of step 200 of a method for network security service management according to the present invention;
fig. 5 is a flowchart illustrating some embodiments of step 300 of a network security service management method according to the present invention.
Detailed Description
It should be noted that, in the present application, the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In one aspect, as shown in fig. 1, an embodiment of the present invention provides a network security service management system, including: a management module 10, a technical module 20 and a coordination module 30;
the technical module 20 is used for monitoring various safety matters existing in the network in real time and uploading monitoring results to the management module 10;
the management module 10 is configured to analyze the monitoring result to generate backlogs, and send the backlogs to the coordination module 30;
the cooperation module 30 is configured to perform task decomposition on an item to be transacted to generate a plurality of subtasks, and allocate the subtasks to corresponding work groups, where the work group cooperation technique module executes the subtasks, and the cooperation module 30 uploads an executed feedback result to the management module 10.
The embodiment of the invention provides a network security service management system, which comprises the following components: the system comprises a technical module, a management module and a coordination module, wherein the technical module solves the problem of disjointed technology and management through reporting means such as compliance monitoring, event monitoring, risk monitoring and the like; the management module solves the problem of decision management from top to bottom through the modes of decision management, transaction management, target management, supervision management and the like; the cooperation module solves the problems of up-and-down cooperation of a decision layer, a management layer and an execution layer, cross-organization internal-external cooperation, cross-department transverse cooperation, human and product/equipment/machine cooperation and the like through management cooperation and technical cooperation. The network security service management system of the embodiment of the invention can effectively construct a network security service system through the system integration of the three modules, and solves the problems of fragmentation, disjointed management, serious dependence on personal experience and capability and the like of the security service.
In some embodiments, referring to fig. 1, the technical module 20 in the network security service management system of the present invention includes a compliance monitoring unit, an event monitoring unit, and a risk monitoring unit;
the compliance monitoring unit is used for monitoring violation problems and compliance defects in the network in real time; the compliance includes but is not limited to relevant contents required by various safety regulations of countries, industries and enterprises, and specifically, a quantifiable compliance baseline is set according to various compliance requirements, and then the baseline comparison is performed with safety data provided by relevant safety products existing in clients, so that compliance monitoring is realized.
The event monitoring unit is used for monitoring various security events occurring in the network in real time, wherein the security events include but are not limited to network intrusion events, encryption lasso events and data leakage events; generally, a security big data platform is utilized, detection and analysis tools or products such as threat information are combined to find threat alarms, alarm analysis and judgment are carried out through the big data platform, and the coming and going arteries of events are backtracked, so that monitoring of various security events is realized.
The risk monitoring unit is used for overall process technology monitoring for identifying, evaluating and responding to potential security risks in the network, wherein the potential security risks include but are not limited to vulnerability risks and asset vulnerability risks. The vulnerability information of various assets is collected by using tools or methods such as asset vulnerability management, intrusion simulation attack, vulnerability test, penetration test and the like, weak links of network security protection are found, and then risk assessment is carried out, so that risk monitoring is realized.
The technical module in the network security service management system of the embodiment of the invention uploads the monitoring result to the management module in a monitoring and reporting mode, and the decision management layer can start a plan of relevant decision management after receiving the relevant monitoring result through the management module so as to complete the service closed loop from decision, management to execution.
In some embodiments, referring to fig. 1, the management module 10 in the network security service management system of the present invention includes a decision management unit, a transaction management unit, a target management module, and a supervision management module;
the decision management unit is used for managing important matters concerned by the decision layer; the decision management unit is used for managing important items such as important targets, important events, important projects, supervision projects, leadership and the like concerned by a decision layer, and can be realized by project management, decision processes, a coordination module, an auxiliary decision support tool and the like.
The affair management unit is used for managing daily superior reporting affairs, inferior monitoring reporting affairs and other department business collaborative affairs; the transaction management unit can complete transaction flow and task execution through the office process and the coordination module.
The target management unit is used for managing target formulation and task decomposition of the safety business department; the target formulation comprises formulation of weighing indexes such as KPI or OKR, monitoring and managing the execution process of the target formulation, and can be realized by target management and assessment modes such as KPI or OKR.
The supervision and management unit is used for the headquarter to carry out overall planning, supervision and hierarchical management on safety services of subordinate departments. The method can be realized by routine report, index monitoring, patrol, inspection, spot check, interview, questionnaire and the like;
the network security service management system of the embodiment of the invention can comprehensively manage a decision-making layer, a management layer and an execution layer in multiple aspects of important matters, daily matters, service targets, execution processes, hierarchical management and the like through the management module, and can know the operation condition of the technical module in time through a monitoring management mode.
In some embodiments, referring to fig. 1, the coordination module 30 in the network security service management system of the present invention includes a transaction coordination unit, a group management unit, a task execution unit, and a planning and arranging unit;
the event coordination unit is used for completing closed loop of event disposal for various backlogs generated by the management module and the technical module in a multi-party coordination and task decomposition mode;
the group management unit is used for managing a work group established for completing related matters, wherein the work group consists of internal and external business related personnel and is a work unit for completing a specific matter/task;
the task execution unit is used for decomposing the backlog into a plurality of subtasks and delivering the subtasks to the related work group for execution and completion;
the plan arranging unit is used for predefining related plans before business decision, business management or task execution, wherein the plans comprise decision plans, management plans and execution plans. Before business decision, transaction management or task execution, the related plans are defined in advance, so that the decision, management and execution processes are more scientific, streamlined and efficient.
The cooperation module in the network security service management system of the embodiment of the invention organically links the management module and the technical module through the management cooperation and technical cooperation modes, thereby effectively solving the problems of up-and-down cooperation of a decision layer, a management layer and an execution layer, cross-organization inside-and-outside cooperation, cross-department transverse cooperation, human and product/equipment/machine cooperation and the like; after the monitoring result is reported to the management module, a leader decision-making, management approval or automatic process is triggered to generate backlogs, then the backlogs are decomposed into a plurality of subtasks through the collaboration module and distributed to related task teams, the related tasks are executed by matching with the technical module, and finally the backlogs are completed and the result is fed back.
In some embodiments, referring to fig. 1 and fig. 2, the network security service management system of the present invention further includes a capability module 40, wherein the capability module 40 is configured to apply related element capabilities to the management module 10, the technical module 20, and the coordination module 30 by means of management enabling, technical service, and coordination enabling.
The network security service management system of the embodiment of the invention has the following system architecture: the system comprises a technical module, a management module, a coordination module and a capability module; the technical module solves the problem of disjointed technology and management through reporting means such as compliance monitoring, event monitoring, risk monitoring and the like; the management module solves the problem of decision management from top to bottom through the modes of decision management, transaction management, target management, supervision management and the like; the cooperation module solves the problems of up-and-down cooperation of a decision layer, a management layer and an execution layer, cross-organization internal-external cooperation, cross-department transverse cooperation, human and product/equipment/machine cooperation and the like through management cooperation and technical cooperation; the capacity module integrates the service elements such as team, technology, resource, system, standard, plan, process, knowledge, digitalization and the like to complete the accumulation and conversion of service capacity, and provides capacity support for other three modules in a management enabling, technology enabling and collaborative enabling mode; through the system integration of the four modules, a network security service system can be effectively constructed, and the problems of fragmentation of security services, disjointed management, serious dependence on personal experience and capability and the like are solved.
In some embodiments, referring to fig. 1, the capability module 40 in the network security service management system of the present invention includes, but is not limited to, a team element unit, a resource element unit, a technology element unit, an institution element unit, a standard element unit, a plan element unit, a process element unit, a knowledge element unit, and a digital element unit;
the team element unit is used for carrying out organization, construction and management, post responsibility, talent selection and educational culture of a safety business department through identity management and personnel management;
the resource element unit is used for providing various platform resources, product resources, data resources, tool resources, supply chain resources and ecological resources used by the security service; management may be provided by interfacing with systems such as supply chain and ecological management, by interfacing with platforms, products, data, tools, etc.
The technical element unit is used for providing contents related to technology in security business, wherein the contents include but are not limited to security compliance, IT infrastructure protection, advanced threat countermeasure, technical means and technical methods used in business and data security; the techniques described herein can be translated into readable and machine-readable content via a variety of rules, features, policies, intelligence, models, engines, and the like.
The system element unit is used for providing a transaction procedure or an action rule which is commonly followed by the safety business department; such as a safety management system, an equipment management system, a personnel assessment system and the like, can be enriched and optimized continuously through a system document management mode.
The standard element unit is used for providing a whole set of service operation scheme, specification and index established around the target; the definition, optimization and adjustment of the relevant standards can be realized through scheme design, specification formulation, index quantification and the like.
The plan element unit is used for providing a plan formulated before business decision, transaction management and task execution; the method can be managed and realized by scene definition, plan arrangement, script editing and the like.
The process element unit is used for defining, arranging, executing and optimizing the workflow related to the safety service full life cycle; here, it can be realized by means of workflow management and arrangement.
The knowledge element unit is used for providing basic data accumulated in the operation process of the security service; by further extracting, processing and analyzing the basic data, a huge business knowledge graph is gradually formed, and the storage, processing, analysis, visualization and the like of knowledge data can be realized in the modes of knowledge graphs, big data analysis, graph databases and the like.
The digital element unit is used for providing the capability of helping the security service to complete digital transformation and an index for measuring the digital maturity of the security service. Finally, the digital visualization, analysis, management and decision making of the whole process whole scene of the security service are realized, and the method can be realized by collecting various data generated by the four modules in the using process and further by means of visualization analysis, modeling analysis, index analysis, decision modeling and the like.
The capacity module in the network security service management system of the embodiment of the invention is the core capacity of the network security service, including but not limited to the support of the capacity elements, and the capacity module can apply the capacity of the relevant elements to the business fields of management modules, technical modules, coordination modules and the like in a management enabling mode, a technical service mode and a coordination enabling mode.
In summary, in the network security service management system according to the embodiment of the present invention, a network security service system is abstracted to four modules, namely, a technology module, a management module, a coordination module and a capability module, and the four modules are respectively configured to form a set of system in a monitoring reporting/monitoring management mode, a management coordination mode/technology coordination mode, a management enabling mode/technology enabling mode/coordination enabling mode, and finally, the set of system is used to carry out the overall operation of the network security service system. The network security service management system of the embodiment of the invention can effectively realize the construction of a network security service system, and the network security service is organically, completely and efficiently operated through a systematic system and a digital technology, so that the defects of lack of system support and excessive dependence on experience and capability of people in the traditional situation are avoided; the problems of compliance, event and risk monitoring are solved through a technical module, and the connection problem of technology and management is solved through monitoring and reporting; through the decision management of the management module, the decision plan is scientific, the problem that the headache and foot pain of the headache doctor cannot be solved, how to deal with the problem is not known, various transactions are disclosed and streamlined through the transaction management, the problems of service fragmentation, information asynchronization, management lag and work passivity are avoided, and through the target management, the problem that the management layer can only see the target and the result and cannot perform fine management on the execution process is solved by utilizing a digital process operation mode; through the cooperation module, the problems of upper and lower cooperation, inner and outer cooperation, left and right cooperation and man-machine cooperation are effectively solved, and the execution of the affairs and tasks falls to the ground more efficiently; through the accumulation, transformation and energization of various elements of the capability module, the capability and level of security business can be continuously improved so as to deal with the challenges of various security compliance, the challenges of various threats and the challenges of digital transformation.
On the other hand, referring to fig. 3, an embodiment of the present invention further provides a network security service management method, including:
step 100: monitoring various safety items existing in the network in real time through a technical module, and uploading a monitoring result to a management module;
step 200: the management module analyzes and processes the monitoring result to generate backlogs and sends the backlogs to the coordination module;
step 300: the cooperation module carries out task decomposition on the items to be transacted to generate a plurality of subtasks, the subtasks are distributed to corresponding work groups, the work group cooperation technology module executes the subtasks, and the cooperation module uploads the executed feedback results to the management module.
The specific details of each module of the network security service management method have been described in detail in the corresponding network security service management system, and therefore are not described herein again.
In some embodiments, referring to fig. 4, step 200 of the network security service management method in the present invention includes:
step 201: analyzing the monitoring result to obtain the importance level of the monitoring result;
step 2021: if the importance level of the monitoring result is very important, starting a leader decision-making process to determine a leader plan, and generating backlogs according to the determined leader plan;
step 2022: if the importance level of the monitoring result is general importance, starting a management approval process to determine a management plan, and generating backlog according to the determined management plan;
step 2023: and if the importance level of the monitoring result is common importance, starting an automatic processing flow to determine an execution plan, and generating backlogs according to the determined execution plan.
In some embodiments, referring to fig. 5, for a specific process of step 300 of the network security service management method in the present invention, for a received backlog, the received backlog is first decomposed into a plurality of subtasks by the coordination module to form a set of subtasks, then each subtask is allocated to a plurality of task teams (i.e., work groups), the coordination module executes related tasks, and finally the backlog is completed and a result is fed back.
In another aspect, an embodiment of the present invention further provides an electronic device, including: the network security service management system comprises a processor and a memory, wherein the memory stores computer readable instructions, and the computer readable instructions realize the network security service management method of the embodiment when being executed by the processor.
Specifically, the memory and the processor can be general-purpose memory and processor, which are not limited specifically, and when the processor executes computer-readable instructions stored in the memory, the network security service management method according to the foregoing embodiment can be executed.
In still another aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the network security service management method described in the foregoing embodiment.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable storage medium, and the storage medium may include: a flash disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic or optical disk, or the like.
It should be noted that the above detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the present application. As used herein, the singular is intended to include the plural unless the context clearly dictates otherwise. Furthermore, it will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the terms so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in other sequences than those illustrated or otherwise described herein.
Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements explicitly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For ease of description, spatially relative terms such as "over 8230 \ 8230;,"' over 8230;, \8230; upper surface "," above ", etc. may be used herein to describe the spatial relationship of one device or feature to another device or feature as shown in the figures. It will be understood that the spatially relative terms are intended to encompass different orientations of the device in use or operation in addition to the orientation depicted in the figures. For example, if a device in the figures is turned over, devices described as "above" or "on" other devices or configurations would then be oriented "below" or "under" the other devices or configurations. Thus, the exemplary terms "at 8230; \8230; 'above" may include both orientations "at 8230; \8230;' above 8230; 'at 8230;' below 8230;" above ". The device may also be oriented in other different ways, such as by rotating it 90 degrees or at other orientations, and the spatially relative descriptors used herein interpreted accordingly.
In the above detailed description, reference is made to the accompanying drawings, which form a part hereof. In the drawings, like numerals typically identify like components, unless context dictates otherwise. The illustrated embodiments described in the detailed description, drawings, and claims are not meant to be limiting. Other embodiments may be utilized, and other changes may be made, without departing from the spirit or scope of the subject matter presented here.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A network security traffic management system, comprising: the system comprises a management module, a technical module and a coordination module;
the technical module is used for monitoring various safety matters existing in the network in real time and uploading monitoring results to the management module;
the management module is used for analyzing and processing the monitoring result to generate backlogs and sending the backlogs to the coordination module;
the cooperation module is used for performing task decomposition on the to-be-handled items to generate a plurality of subtasks and distributing the subtasks to corresponding work groups, the work groups cooperate with the technical module to execute the subtasks, and the cooperation module uploads the executed feedback results to the management module.
2. The network security traffic management system of claim 1, wherein the technical modules comprise a compliance monitoring unit, an event monitoring unit, and a risk monitoring unit;
the compliance monitoring unit is used for monitoring violation problems and compliance defects in the network in real time;
the event monitoring unit is used for monitoring various security events occurring in the network in real time, wherein the security events include but are not limited to network intrusion events, encryption lasso events and data leakage events;
the risk monitoring unit is used for overall process technology monitoring for identifying, evaluating and responding to potential security risks in the network, wherein the potential security risks include but are not limited to vulnerability risks and asset vulnerability risks.
3. The network security service management system according to claim 2, wherein the management module comprises a decision management unit, a transaction management unit, an object management module and a supervision management module;
the decision management unit is used for managing important matters concerned by the decision layer;
the affair management unit is used for managing daily superior notification affairs, subordinate monitoring and reporting affairs and other department business cooperative affairs;
the target management unit is used for managing target formulation and task decomposition of a safety business department;
the supervision and management unit is used for overall planning, supervision and hierarchical management of safety business of the headquarter to subordinate departments.
4. The network security service management system according to claim 3, wherein the coordination module includes a transaction coordination unit, a group management unit, a task execution unit, and a planning unit;
the item cooperation unit is used for completing a closed loop of item disposal for various items to be handled generated by the management module and the technical module in a multi-party cooperation and task decomposition mode;
the group management unit is used for managing a work group established for completing related matters, and the work group is a work unit formed by internal and external business related personnel and used for completing a specific matter/task;
the task execution unit is used for decomposing the backlog into a plurality of subtasks and delivering the subtasks to the related work group for execution and completion;
the preplan arrangement unit is used for predefining related preplans before service decision, transaction management or task execution, and the preplans comprise decision preplans, management preplans and execution preplans.
5. A network security traffic management system according to any of claims 1-4, characterized in that the system further comprises a capability module for applying relevant element capabilities to the management module, the technical module and the coordination module by means of management enabling, technical service and coordination enabling.
6. The network security business management system of claim 5, wherein the capability module includes but is not limited to a team element unit, a resource element unit, a technical element unit, an institutional element unit, a standard element unit, a plan element unit, a process element unit, a knowledge element unit, and a digital element unit;
the team element unit is used for carrying out organization, construction and management, post responsibility, talent selection and education culture of a safety business department through identity management and personnel management;
the resource element unit is used for providing various platform resources, product resources, data resources, tool resources, supply chain resources and ecological resources used by the security service;
the technical element unit is used for providing contents related to technology in security business, wherein the contents include but are not limited to security compliance, IT infrastructure protection, advanced threat countermeasure, technical means and technical methods used in business and data security;
the system element unit is used for providing a handling rule or an action rule which is commonly followed by the safety business department;
the standard element unit is used for providing a whole set of service operation scheme, specification and index established around the target;
the plan element unit is used for providing a plan formulated before business decision, transaction management and task execution;
the process element unit is used for defining, arranging, executing and optimizing the workflow involved in the safety service full life cycle;
the knowledge element unit is used for providing basic data accumulated in the operation process of the security service;
the digital element unit is used for providing the capability of helping the security service to complete digital transformation and an index for measuring the digital maturity of the security service.
7. A method for managing network security services, comprising:
monitoring various safety items existing in the network in real time through a technical module, and uploading a monitoring result to a management module;
the management module analyzes and processes the monitoring result to generate backlogs and sends the backlogs to the coordination module;
the cooperation module carries out task decomposition on the to-be-handled items to generate a plurality of subtasks, the subtasks are distributed to corresponding work groups, the work groups cooperate with the technical module to execute the subtasks, and the cooperation module uploads the executed feedback results to the management module.
8. The network security service management method according to claim 7, wherein the step of the management module analyzing and processing the monitoring result to generate backlogs and sending the backlogs to the coordination module includes:
analyzing the monitoring result to obtain the importance level of the monitoring result;
if the importance level of the monitoring result is very important, starting a leader decision-making process to determine a leader plan, and generating the backlog according to the determined leader plan;
if the importance level of the monitoring result is general importance, starting a management approval process to determine a management plan, and generating the backlog according to the determined management plan;
and if the importance level of the monitoring result is common importance, starting an automatic processing flow to determine an execution plan, and generating the backlog according to the determined execution plan.
9. An electronic device, comprising: a processor and a memory, the memory having stored thereon computer readable instructions which, when executed by the processor, implement the network security traffic management method of claim 7 or 8.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the network security traffic management method according to claim 7 or 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210661852.XA CN115277061A (en) | 2022-06-13 | 2022-06-13 | Network security service management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210661852.XA CN115277061A (en) | 2022-06-13 | 2022-06-13 | Network security service management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115277061A true CN115277061A (en) | 2022-11-01 |
Family
ID=83759676
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210661852.XA Pending CN115277061A (en) | 2022-06-13 | 2022-06-13 | Network security service management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115277061A (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
| CN104378365A (en) * | 2014-10-30 | 2015-02-25 | 广东电子工业研究院有限公司 | Safety management center capable of conducting collaborative analysis |
| US20160098655A1 (en) * | 2014-10-01 | 2016-04-07 | Raghu Varadan | Interactive business lifecycle management system |
| US20170223045A1 (en) * | 2014-06-03 | 2017-08-03 | Fujitsu Technology Solutions Intellectual Property Gmbh | Method of forwarding data between computer systems, computer network infrastructure and computer program product |
| KR20200072857A (en) * | 2018-12-13 | 2020-06-23 | 이경아 | System and method for it infra operation and management |
| CN111343128A (en) * | 2018-12-18 | 2020-06-26 | 上海汽车集团股份有限公司 | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle |
| CN111917769A (en) * | 2020-07-30 | 2020-11-10 | 中盈优创资讯科技有限公司 | Automatic handling method and device of security event and electronic equipment |
| WO2021105760A1 (en) * | 2019-11-26 | 2021-06-03 | Saudi Arabian Oil Company | Devices, networks, and artificial intelligence systems for site safety and tracking |
| CN113191517A (en) * | 2021-05-07 | 2021-07-30 | 北京金融资产交易所有限公司 | Integrated management system |
-
2022
- 2022-06-13 CN CN202210661852.XA patent/CN115277061A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103425776A (en) * | 2013-08-15 | 2013-12-04 | 电子科技大学 | Multi-user repository cooperation method |
| US20170223045A1 (en) * | 2014-06-03 | 2017-08-03 | Fujitsu Technology Solutions Intellectual Property Gmbh | Method of forwarding data between computer systems, computer network infrastructure and computer program product |
| US20160098655A1 (en) * | 2014-10-01 | 2016-04-07 | Raghu Varadan | Interactive business lifecycle management system |
| CN104378365A (en) * | 2014-10-30 | 2015-02-25 | 广东电子工业研究院有限公司 | Safety management center capable of conducting collaborative analysis |
| KR20200072857A (en) * | 2018-12-13 | 2020-06-23 | 이경아 | System and method for it infra operation and management |
| CN111343128A (en) * | 2018-12-18 | 2020-06-26 | 上海汽车集团股份有限公司 | Network safety monitoring equipment and network safety monitoring system applied to motor vehicle |
| WO2021105760A1 (en) * | 2019-11-26 | 2021-06-03 | Saudi Arabian Oil Company | Devices, networks, and artificial intelligence systems for site safety and tracking |
| CN111917769A (en) * | 2020-07-30 | 2020-11-10 | 中盈优创资讯科技有限公司 | Automatic handling method and device of security event and electronic equipment |
| CN113191517A (en) * | 2021-05-07 | 2021-07-30 | 北京金融资产交易所有限公司 | Integrated management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Corallo et al. | Cybersecurity in the context of industry 4.0: A structured classification of critical assets and business impacts | |
| KR100755000B1 (en) | Security risk management system and method | |
| WO2011063269A1 (en) | Method and apparatus for risk visualization and remediation | |
| Jäntti et al. | Defining the relationships between IT service management and IT service governance | |
| Tyuleneva | Problems and prospects of regional mining industry digitalization | |
| Hoffmann et al. | Evaluation of information safety as an element of improving the organization's safety management | |
| WO2010031699A1 (en) | Governing service identification in a service oriented architecture ('soa') governance model | |
| CN116957341A (en) | Intelligent safety risk management and control system based on steel mill | |
| Julia et al. | Challenges in Integrating Product-IT into Enterprise Architecture–a case study | |
| Wangen et al. | A comparison between business process management and information security management | |
| Özdağoğlu et al. | Monitoring the software bug‐fixing process through the process mining approach | |
| KR20060058186A (en) | Information technology risk management system and method the same | |
| Jäntti et al. | Exploring the role of IT service management and IT service governance within IT governance | |
| CN110782378A (en) | Community operation service platform, community management method, community management equipment and storage medium | |
| CN115277061A (en) | Network security service management system and method | |
| CN115208699A (en) | Safety arrangement and automatic response method | |
| Shan et al. | The emergency response decision support system framework | |
| Panevski | Some standardized peculiarity in defining the processes/stages providing input data for Intelligent Security Systems development–peripheral security systems | |
| Leal et al. | How Agile Organizations Use Metrics: A Systematic Literature Mapping | |
| Di Giacomo et al. | Using security and dependability patterns for reaction processes | |
| Popa | Requirements for Development of an Assessment System for IT&C Security Audit | |
| Hammad | An improvement Of Blockchain and data mining in project Managemen | |
| Oyoo | Collaboration-Based Automatic Data Validation Framework for Enterprise Asset Management | |
| Valle et al. | Towards a method and a guiding tool for conducting process mining projects | |
| Bialas | Computer support in business continuity and information security management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |