| With the acceleration of the development of information industry and the increase of the precious information resource, the enterprise's decision-making and key operation benefit from information system, meanwhile, depend on network as well as data and information from database much more, the facts show, information is the lifeline of modern enterprises.Unfortunately, however, information security events in enterprises regular happen, for instance, virus outbreak abroad, hackers intrude, server doesn't work, loosing data and so on, that may bring loss which can not be redeemed. Hence, information security defense in enterprises becomes more important and urgent.Can enterprises get it done once and for ever when they spend a mass of funds to construct information security? Can the intensity of information security be direct ratio to the funds that has been invested. The answer certainly is "not always". It must be known that information security defense is a systemic project, accord with "cask theory", has its own particularity. Therefore, the enterprises must follow some definite principle, and then mark out and implement a whole information security solving scheme aimed to the enterprise's facts.Having a background of material practice in the enterprise's information security defense and the construct of management console, this paper analyses and studies each aspects of the enterprise's information security defense strictly. Handle some important technology flexibly, for example, firewall technology, intrusion detection technology, anti-virus based on network technology, putting data on records, network management software, log audit, CA building and identify-attesting technology and so on. Plan information security layout as a whole according to information circumstance, design holistic solving scheme, and put it into practice factually, finally we get a good effect, pass the experts' check and accept, also get the enterprises' recognition. At the same time, the writer concludes a little experience about information security construct in enterprises.The writer still design a information security management console in enterprises (it also can be called "enterprises' information security management system" or "enterprises' network security management information base"), and carry out coding, debugging and put in practice, the effect is satisfying. This console integrates various network security infrastructure and information security software, can look up information about security and operate security resource quickly. Grounded on SQL Server 2000 database, the console adopts B/S structure ,uses ASP.NET and C# to program. The design of console has traits of common and applicability, it has dynamic menu, customize conveniently, operate flexibly, react rapidly, it is a necessary means of enterprises' information security management. The idea and thought of the console's design is creationary to some extent, and has its considerable value in reference to other enterprises, electronic commerce and electronic government affairs.In the writer's view, information security is not only a kind of technology, but also a question of management; information security defense is dynamic process, just like "while the priest climbs a post, the devil climbs ten", it is without ending.
|
PDF Full Text Request