Shulou(Shulou.com)06/01 Report--

As far as security management is concerned, according to the eleven aspects of ISO27001, the first one is the so-called "security policy". Of course, the security policy here is not the same as the ACL policy of similar firewall devices, according to the author's understanding, it should be an overall, fundamental and comprehensive security management method or laws and regulations. Different levels have different security strategies, such as national level, industry level, enterprise level, departmental level and so on.

The level protection of information system is the fundamental strategy of information security management at the national level, and level protection requires that a security management center must be established at or above level 3 (inclusive). The specific requirements are as follows:

1. Monitor and alarm the operation status, network traffic and user behavior of communication lines, hosts, network equipment and application software, form records and keep them properly

two。 Relevant personnel should be organized to regularly analyze and review the monitoring and alarm records, find suspicious behavior, form an analysis report, and take necessary measures.

3. A security management center should be established to centrally manage security-related matters such as equipment status, malicious code, patch upgrades, security audit, and so on.

It can be seen that the Security Management Center (or Security Operations Center, referred to as SOC; hereafter uses the Security Operations Center) should be:

1. Unified security monitoring platform

two。 Unified security analysis and processing platform

3. Unified safety equipment management and control platform.

Well, in addition to the above characteristics, the security operations center should also be:

1. A centralized platform for the unified formulation, revision and release of security policies at the macro level of enterprises

two。 Unified management and control platform for centralized security policy at the micro level of the system

3. Unified management of centralized security organizations and unified training platform for security personnel

4. Centralized unified management platform for human resource security

5. A centralized security process unifies the creation, tracking and implementation of the platform.

However, in reality, there are these or those problems in the construction of security operations centers, which mainly include (only some relatively pure technical problems are listed here, and the safety awareness of managers is not analyzed):

1. Because of the traditional way of network management, there is a natural characteristic of system dispersion, which leads to the difficulty of unified and centralized management. In fact, this problem exists not only in security management, but also in IT management.

two。 Due to the existence of dispersion, it naturally causes difficulties in collecting and analyzing all kinds of original information.

3. It is due to the existence of decentralization, it is born for all kinds of security systems, equipment management and control is extremely difficult.

In addition, the construction of many systems is not born with a unified consideration of safety factors, to the later tinkering is also useless, always feel that "press the gourd, float the ladle."

It is precisely because of the above problems, resulting in great difficulties for the establishment of a unified security operation center at this stage, major industries and enterprises are also hesitant on this issue, even if the established enterprises also have few successful cases.

So, at this stage, especially when virtualization and cloud computing (personally, unless quantum computers can be put into commercial use as soon as possible, it will still be the cloud computing world in 5-15 years), the establishment of a security operations center has better objective conditions than ever before! You can set up a centralized security operation center with less money and energy than in the past!

First of all, cloud computing is born for centralized planning and deployment, which is reflected in the following aspects:

1. It is easy to carry out unified security planning for virtual computer systems running on nodes in the early stage.

two。 Easy to carry out centralized security system maintenance and residual information reuse control

3. It is easy to deploy all kinds of security systems or software that adapt to the virtualized environment (the author believes that this kind of security products should occupy a decisive position in the next few years.

Second, clouds, especially private clouds for enterprises, are inherently superior to traditional approaches in terms of security, which is reflected in:

1. It is easy to establish a unified key and certificate center

two。 It is easy to establish a unified identity authentication center

3. It is easy to establish a unified access control center, whether at the system, database or application level

Third, virtualization inherently has a decisive advantage in business continuity management, backup and recovery.

Finally, and more importantly, virtualization and cloud computing make it easier to support the following:

1. Centralized collection of security issues

two。 Centralized monitoring, analysis and handling of security issues

3. Centralized equipment security policy control

4. Centralized security audit.

Not finished, to be continued.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.