Design and Implementation of Security Compliance Auditing System Based on Host
|School||Beijing University of Posts and Telecommunications|
|Keywords||risk assessment security audit classified protection information security host security|
With the global information technology and information technology continues to evolve, the application of information technology in all areas of the continuous advancement of information security has become increasingly important, the information security situation is becoming increasingly difficult to ensure that information systems and computer network security, particularly in an important basis for national facilities, information systems security, information technology has become a process of major issues that must be addressed. The traditional risk assessment and compliance audits requires a lot of take a lot of human resources, general consultants from the project team on a regular basis over the system risk assessment or audit, an audit takes a long cycle times between the reusable resources audit low. Information security auditing technology, information security audit has become a normalization information Danwei’s work, and information security audit of the human cost of limiting the frequency of the audit, current risk assessment system needed products, systematic, software, automation, customers need a complete configured, you can achieve on a regular basis, regular risk assessment and audit automation systems, real-time monitoring and control information system security risk and compliance situation.Based on the analysis of internal and external security audit, based on in-depth study and collection of a variety of advantages and disadvantages of security testing tools on the host system security audit conducted interviews of potential users and market research, and write the corresponding functional requirements, try to make it powerful and easy to use; then use the basic software engineering methods and theory, combined with years of experience in information security, risk-based approach and level of protection methods of assessment, and field research, visiting a number of industry characteristics distinct units, full analysis of the user’s security needs, designed and implemented a host of automation for risk assessment and safety audit system. This system helps the user level of protection in the risk assessment and self-evaluation in the automation instead of manual testing, thereby reducing the number of personnel costs, effective assistance to the development of information security.