Shulou(Shulou.com)06/01 Report--

At present, the popularity of security has risen to the level of national security, accompanied by a variety of security incidents with a range of influence, whether from international or domestic, so that security work has gradually become one of the important work items in enterprise management.

Today, the blogger will discuss with you how to make the Ministry of Security and the Department of Operations and maintenance work together efficiently.

At present, the relationship between the Department of Enterprise Security and the Department of Operations and maintenance in the enterprise management is as follows:

1. Death choking type

The Ministry of Security identified the security risks from the security perspective, and the operation and maintenance staff cut down the security requirements with the cost brought by operation and maintenance.

2. Peace of mind

The Ministry of Security and the Department of Operations and maintenance do not conflict with each other when dealing with the identified enterprise security risks, but they secretly push hands of Tai Chi, blogging each other and showing their skills of throwing pots.

3. Collaborative type

The Ministry of Security and the Department of Operations and maintenance jointly identify the vulnerability of assets in the enterprise system, and use scientific risk assessment methods to quantitatively and qualitatively analyze the risk. After identifying the risk items and grades, the two sides can formulate a risk disposal plan according to the importance and scope of influence of the actual business system, and classify the risks into acceptable risks, risks to be disposed of, and undisposable risks. Both sides responded positively and made joint progress.

Security is no small matter, security problems can not be ignored, because once a security incident occurs, it is almost not a small matter.

When bloggers are learning about security, and even when everyone is learning about security, they will adopt technical protection or management systems to improve their overall security protection capability. in fact, the core factor of whether security work can be implemented is whether senior leaders and decision-making leaders support security work, and whether there is a security policy and program in the whole environment.

At this point, it is necessary to praise the central or state-owned enterprises. In general, the general commander of the information security team will be the executive vice president or general manager, so the security work in the central or state-owned enterprises may be a cto management. If it is a collaborative relationship, the security work will generally be promoted in accordance with the risk disposal plan, and security issues can also be implemented.

So how to do a good job of security from the perspective of security and operation and maintenance respectively?

Department of Security

Bloggers, always advocated a sentence, people are the most important factor to do a thing, everything depends on man, so the requirements of people are the highest.

After all, "three points depend on technology and seven points on management".

How many vulnerabilities are exploited, xxx events are caused by improper human use and improper operation, and even the logic defects in the compiled code design of the program are loopholes.

Safety construction

On the enterprise information construction process, whether it has the same capacity as the operation and maintenance department of the security architecture design capabilities, specific landing safety management norms and the formation of relevant operational guidelines and baselines. We all do technology, especially inter-departmental cooperation. Only when we know ourselves and know each other can we be respected by our technical colleagues. What we fear most is that communication is not on the same channel.

Safety compliance

Whether the degree of understanding of the relevant compliance inspection items can be combined with their existing basic environment to formulate an executable improvement plan to guide the operation and maintenance department to land. (equal insurance 2.0 27000, industry-related compliance requirements, etc.)

Safety management

Whether the relevant management systems, norms and processes of management requirements can be set according to the current situation of the enterprise itself, and can play a constraint, prevention, and implementation in enterprise management. The system is to restrain people from doing things that violate the rules. Therefore, the system must be a strong enforceable regulation issued by selecting the good after being reviewed by senior leaders.

Safety education and training, induction training for newcomers, monthly assessment of security precautions, correlation between safety knowledge and personal kpi, and corresponding punishment for those who fail to pass the examination, so that safety awareness goes deep into everyone's heart and is beneficial to the development of safety work.

Safe operation

The ability of emergency response and emergency handling, that is, the sec or src of Internet companies, must be highly coordinated with the operation and maintenance department for emergency handling affairs, first of all, the emergency response personnel have the security ability, and the second is the overall coordination of resources and inter-departmental communication ability.

Emergency work must be established on the premise of emergency plans and emergency procedures to guide our work.

The progress of emergency work should be informed to the relevant stakeholders in a timely manner.

Emergency response reports should have emergency steps, risk analysis, risk management and preventive measures, and even high requirements require sample analysis. Need to review on time and improve the emergency response ability.

Audit and analyze the log and mirror traffic of the whole network, and extract abnormal behavior.

Safe operation and maintenance

Responsible for the operation and maintenance of the company's security equipment, formulate relevant security policies, and be responsible for the promotion and landing of security baselines such as network, host, database, middleware, data, cloud, etc. Cooperate with the security construction to complete the design of the corresponding security architecture. Regular audit of security policies to identify unreasonable policies.

Cooperate with the operation and maintenance department to complete the implementation of technical architecture support.

Web safety testing and product internal testing

This part of the work is very important for enterprises with external trading business and products, as well as for website groups published by influential organizations of social groups, with testing methods adapted to the current situation of the enterprise, proficient in the use of various security tools, familiar with sdl security development process, and develop automated testing tools. Having the ability of test and development is an important part of enterprise security.

Personal understanding of this aspect is still relatively superficial, but also ask the professionals to correct it.

With regard to the requirements of the operation and maintenance department, I do not look ugly. There are too many itil gods and itsm gods in the forum. Overall, with reference to the landing of ITIL best practices, it is still emphasized that people are the only major factor in doing a good job in operation and maintenance.

Planning, design, implementation, change, configuration management and knowledge base records should be perfect and complete.

With regard to the work of operation and maintenance, I still emphasize the issue of cmdb. Asset identification, whether it is security or operation and maintenance, is important, because we need to know what we have before we can make overall planning and take into account redundancy and disaster preparedness. Business sustainability and other issues.

As far as security is concerned, risk management can only be done by identifying the vulnerability of assets.

In the work of operation and maintenance, I suggest you take a look at bmc's itsm system, in which bbna (Network Automation tool) bppm (Host Automation tool) is helpful for network adaptation and self-discovery, and even apm application monitoring to improve operation and maintenance capabilities.

Recently, I am really too tired to write a technical blog. I must carefully make a technical blog when I have time, and I hope you will pay more attention to me.

Mr.wang

2018.6.1

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.