面向企业信息化规划的安全架构开发模型设计
|
摘要
随着数据时代的到来,信息系统面临的安全攻击越来越多,损失也越来越大,信息安全问题伴随信息孤岛、数据共享等问题治理的开展也越来越突出.对于信息安全保护也就变得愈加困难,走传统"脚痛医脚、头痛医头"的方式很难系统性解决现存的安全问题.因此,必须从信息化规划和整体架构设计就开始分析和设计安全防范体系,真正实现"自顶而下"的企业信息化安全架构规划和设计,以指导信息化建设的信息安全工作.以现有主流企业信息化规划方法为基础,结合信息化规划中有关安全架构的模型、方法或框架,提出基于EISA和TOGAF ADM框架的SADM安全架构开发模型,为开展企业信息化规划和架构设计提供参考,进而为后续建立安全架构开发方法体系开展前期探索.
With the advent of the information age,information systems are facing more and more security attacks and increasing loss,the information security issues accompanied with information island,data sharing and other issues of governance are becoming increasingly prominent.Information security protection has become increasingly difficult,and it is more difficult to solve the above problems systematically with taking stop-gap measures as before.Therefore,it is necessary to analyze and design the security system accompanied with the information planning and the framework design,so as to truly realize the "top-down"enterprise information security architecture planning and design,and guide the information security work.Based on the existing mainstream enterprise informationization planning methods and the related security architecture models,methods or frameworks in informationization planning,this paper proposes a SADM security architecture development model based on EISA and TOGAF ADM frameworks,which provides a reference for enterprise informationization planning and architecture design,and gives an early exploration for the follow-up establishment of the security architecture development method system.
With the advent of the information age,information systems are facing more and more security attacks and increasing loss,the information security issues accompanied with information island,data sharing and other issues of governance are becoming increasingly prominent.Information security protection has become increasingly difficult,and it is more difficult to solve the above problems systematically with taking stop-gap measures as before.Therefore,it is necessary to analyze and design the security system accompanied with the information planning and the framework design,so as to truly realize the "top-down"enterprise information security architecture planning and design,and guide the information security work.Based on the existing mainstream enterprise informationization planning methods and the related security architecture models,methods or frameworks in informationization planning,this paper proposes a SADM security architecture development model based on EISA and TOGAF ADM frameworks,which provides a reference for enterprise informationization planning and architecture design,and gives an early exploration for the follow-up establishment of the security architecture development method system.
引文
[1]周逸峰.金融机构信息系统安全架构规划和建设[D].上海:复旦大学,2014
[2]Aroms E.NIST Special Publication 800-53 Revision 3Recommended Security Controls for Federal Information Systems and Organizations[M].Scotts Valley,US:CreateSpace,2012
[3]佚名.工信部将出台国家信息安全战略[J].工具技术,2013(1):76-76
[4]中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会.信息技术安全技术信息安全管理体系要求:GB T 22080-2008[S].北京:信息技术与标准化编辑部,2008
[5]Tudor K.Information Security Architecture an Integrated Approach to Security in an Organization[M].Lorida,UA:CRC Press,2000
[6]杨婕.基于顶层设计思路的企业安全架构总体设计[J].信息通信,2017(7):249-251
[7]胡云强,谢宗晓.企业信息安全规划方法及其介绍[J].大众用电,2017(S1):98-102
[8]罗革新,吕增江,崔广印,等.大型企业信息安全体系架构设计初探[J].勘探地球物理进展,2008,31(6):471-478
[9]春增军.核电企业信息安全管理与保障研究[D].武汉:武汉大学,2013
[10]Bahmani F,Shariati M,Shams F.A survey of interoperability in enterprise information security architecture frameworks[C]Proc of Int Conf on Information Science and Engineering.Piscataway,NJ:IEEE,2010:1794-1797
[11]吴海燕,于文轩.基于企业架构的大学信息安全架构初探[J].武汉大学学报:理学版,2012,58(S1):102-106
[12]Rachamadugu V,Anderson J A.Managing security and privacy integration across enterprise business process and infrastructure[C]Proc of IEEE Int Conf on Services Computing.Los Alamitos,CA:IEEE Computer Society,2008:351-358
[13]Korhonen J J,Yildiz M,Mykknen J.Governance of information security elements in service-oriented enterprise architecture[C]Proc of Int Symp on Pervasive Systems,Algorithms,and Networks.Piscataway,NJ:IEEE,2009:768-773
[14]Sun J,Chen Y.Intelligent enterprise information security architecture based on service oriented architecture[C]Proc of Int Seminar on Future Information Technology and Management Engineering.Piscataway,NJ:IEEE,2008:196-200
[15]Harrison R.TOGAF*9 Fpimdatopm Stidu Giode[M].Holland:Van Haren Publishing,2013
[2]Aroms E.NIST Special Publication 800-53 Revision 3Recommended Security Controls for Federal Information Systems and Organizations[M].Scotts Valley,US:CreateSpace,2012
[3]佚名.工信部将出台国家信息安全战略[J].工具技术,2013(1):76-76
[4]中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会.信息技术安全技术信息安全管理体系要求:GB T 22080-2008[S].北京:信息技术与标准化编辑部,2008
[5]Tudor K.Information Security Architecture an Integrated Approach to Security in an Organization[M].Lorida,UA:CRC Press,2000
[6]杨婕.基于顶层设计思路的企业安全架构总体设计[J].信息通信,2017(7):249-251
[7]胡云强,谢宗晓.企业信息安全规划方法及其介绍[J].大众用电,2017(S1):98-102
[8]罗革新,吕增江,崔广印,等.大型企业信息安全体系架构设计初探[J].勘探地球物理进展,2008,31(6):471-478
[9]春增军.核电企业信息安全管理与保障研究[D].武汉:武汉大学,2013
[10]Bahmani F,Shariati M,Shams F.A survey of interoperability in enterprise information security architecture frameworks[C]Proc of Int Conf on Information Science and Engineering.Piscataway,NJ:IEEE,2010:1794-1797
[11]吴海燕,于文轩.基于企业架构的大学信息安全架构初探[J].武汉大学学报:理学版,2012,58(S1):102-106
[12]Rachamadugu V,Anderson J A.Managing security and privacy integration across enterprise business process and infrastructure[C]Proc of IEEE Int Conf on Services Computing.Los Alamitos,CA:IEEE Computer Society,2008:351-358
[13]Korhonen J J,Yildiz M,Mykknen J.Governance of information security elements in service-oriented enterprise architecture[C]Proc of Int Symp on Pervasive Systems,Algorithms,and Networks.Piscataway,NJ:IEEE,2009:768-773
[14]Sun J,Chen Y.Intelligent enterprise information security architecture based on service oriented architecture[C]Proc of Int Seminar on Future Information Technology and Management Engineering.Piscataway,NJ:IEEE,2008:196-200
[15]Harrison R.TOGAF*9 Fpimdatopm Stidu Giode[M].Holland:Van Haren Publishing,2013