How to establish a perfect technical support system to ensure the security of information system

A complete information security system should be a combination of people, management and security technology, which are indispensable. The construction of information security system needs to provide security countermeasures, mechanisms and measures to ensure its information security from these three levels, emphasizing multi-layer protection in a security system. To construct the information security system of provincial cooperatives, we must first solve the problem of "people" and establish a perfect information management and security organization structure; Secondly, solve the relationship between "people" and "technology" and establish a layered information security strategy, including programmatic strategy, security system, security guide and operation process; Finally, the problems of "people" and "technology (operation)" are solved, and the security guarantee ability of the network is improved through various security mechanisms.

The information security architecture of the provincial association planning and construction can be summarized from the following four aspects.

Safety organization (personnel) system

It mainly includes the establishment of organization, staffing, management system construction, daily operation process management, personnel selection, education and training. Security management is different from general network management. It is necessary to analyze the security status of hosts, networks, systems and applications from daily security information, so as to know what measures should be taken to ensure future security.

Security policy system

It is mainly through establishing a complete information security policy system, improving the security awareness and technical level of security managers, perfecting various security policies and mechanisms, and applying various security technical measures and information security management to realize multi-layer protection of the network, prevent the occurrence of information security incidents, reduce the possibility of network attacks, improve the ability to deal with security incidents, and minimize the losses caused by information security incidents.

Safety technical system

The core of the security technology system is to build a security technology support platform for active defense, deep defense and three-dimensional defense. By adopting the world's leading technologies and products in an all-round way, the risk control and management are strengthened, and the protected objects are divided into many defense fields such as network infrastructure, network boundary, terminal computing environment and supporting infrastructure, and various security links such as early warning, protection, detection, response and recovery are fully realized in these fields to provide users with all-round and multi-level protection.

Secure operating system

System security operation management is the driving and executing link of the whole system security system. To establish an effective information security guarantee system, we need to strengthen the role of security organization and management under the guidance of system security strategy and rely on system security technology to fully implement system security operation and guarantee.