The hottest enterprise intranet security three poi

Internal security: three technologies and seven management

1 security is the ultimate purpose of internal management

in order to increase the reliability of the network (for the security of the transmission system), routing backup and redundant backup are often selected; In order to avoid the termination and collapse of services (for the sake of service security - information availability), clustering, hot backup and disaster recovery are also common choices; For storage security, people use passwords, and some manufacturers can only output force value audit, authority and other controls; In order to spread safety, people use information filtering, tracking, registration and other management controls; In order to be safe in use, people use technical means such as physical examination, vulnerability detection, intrusion detection, active defense and virus prevention to prevent information leakage, infection, spying, interception, tampering, fraudulent use, etc

combined with the reference manual of ISO17799, from our exposure to the network management needs of units in all walks of life, through comprehensive analysis, we can roughly draw this verifiable conclusion: network management, especially the internal management of a unit, no matter what kind of needs it is for, its ultimate purpose can be implemented to the security needs. In other words, internal management is always considered for security, which can be explained by security requirements

2 good management requires scientific management regulations. In the detailed reference manual of ISO17799, we can roughly see that security, especially information security, is a system engineering. In this system engineering, "three points of technology, seven points of management". In the whole network, terminal computers account for more than 90% of network nodes, which is obviously the focus and difficulty of security management, especially information security management. Terminal computer security management is a hot spot rising in recent years, and the corresponding products and technologies bloom. However, no matter how good the information security protection system is, if it is not matched by a good management system and management strategy, it will also be in vain

"management system and management strategy" is a concentration of "seven point management", which can also be called the essence. However, how to formulate a good management system and management strategy to guide the internal management of a unit

there is no absolute standard for a good management system and strategy. However, a good management system and strategy should at least be based on the actual situation of the unit, can reflect the changes of the actual situation of the unit in time, has good operability, and consists of scientific management terms

3 the key point of the introduction of scientific management regulations lies in the support of data collection points

scientific terms are supported by sound information, which is reflected by timely required data. Therefore, to formulate a good management clause and management strategy, a key point is to collect enough data in time. These data can accurately reflect key information, which provides decision-making basis for managers' management and provides basis for the operation of system terms

how can we collect the data needed in time

in the vast amount of data, we should find useful data, which is reflected in the data collection points, that is, how to design and collect useful data points to reflect the information we need. This constitutes the key to the whole management, and it is also the key to produce good management systems and strategies, so that the management systems and strategies have good operability

the design of data collection points is bound to follow such a philosophy: knowledge drives information, and information drives data

therefore, data collection point design engineering is like reverse engineering in software engineering, which must include the collective crystallization of public knowledge that designers can query and private knowledge of other managers

4 data collection point design of Baoxin ecop

Baoxin network patrol ecop is a set of internal security. This standard has a great impact on the operation management software in the world. In the data collection points required for design and management, Baoxin information security development department has done a lot of public knowledge collection work

the design of data acquisition points should take into account the basic characteristics of data acquisition, such as ease, stability, practicality, representativeness and so on. At the same time, considering the means of data collection itself, and considering the combination of automatic collection and manual entry

for example, in the manual collection and management data collection point, a collection frame with Sn number of computer factory is designed in ecop. In a relatively standardized internal management, there are many data points of asset management, and many units give their own numbers to terminal computers. However, the asset numbers of these terminal computers are easy to change and lose. Baoxin suggested that users use the SN number to represent a terminal computer. During the implementation of management, users began to understand the benefits of this data collection point to management

sn number is the only one in the world, which naturally indicates the only computer that has left the factory. Moreover, the SN number of a computer is not easy to be changed or worn out. Almost 100% of computers, even if they are retired, the SN number remains good. In internal management, as long as the data point is collected, the computer can be easily located during data query. Although the owner of the computer has been changed, if we use Sn as an index to query its historical preservation records, we can quickly find its change history and track the use history and change records of the computer. In account management, the data point plays an important role in positioning and identification

this management method has been recognized by a large number of customers. Units with strong demand for internal asset management have begun to use this data collection point for management

after communicating with a number of managers with many years of management experience, they agreed that the time of information disclosure events or safety events in violation of management regulations mostly occurred outside normal working hours. This is the private knowledge of managers with rich management experience

according to this private knowledge, Baoxin and the user jointly designed the data collection point of legal startup time, and completed the automatic collection of illegal startup time data according to jgj144 (2) 004 technical specification for external wall external insulation engineering a.7 tensile strength test method

at the same time, in order to remind and avoid false alarm, ecop also designs an automatic shutdown function to display the experimental force, cylinder displacement, loading rate and deformation experimental data on the computer screen for the reason of the operator's work (Midway out)