| In this thesis, based on Fujian telecom value-added service system daily maintenance of security problems in the in-depth study, according to the Sarbanes-Oxley Act(SOX)and telecom network operation and maintenance requirements of the design and deployment of operational safety audit system, realizes the Fujian telecommunication network operation and maintenance of compliance, meet the Commission on the listed company IT audit requirements.The thesis according analyzing and exploration the risks of operation and maintenance procedure and used key technique in telecom operator level, IT introcontrol methods are investigated, which are used in constructing network and managing operation and maintenance. With experience of over 10 years in operation and maintenance division of telecom operator, security risks, the common evasion measures and shortages are analyzed. Put forward A set of 4A ( Authentication, Account, Authorization, Audit ) as the core, centralized management as the basis, identity management as premise, access control method, operation audit to ensure the multi-level, three-dimensional security service operations management solutions.The premise is through the centralized management of equipment and management personnel account, equipment account for authentication, authorization, and audit. control of all personnel, to operation management system as the only sign entrance, assure all through the audit by safety. Access control, to achieve account grouping authorization and order filtering. Through the audit, to realize the command line and RDP management mode and to playback, in order to achieve a comprehensive audit.By the way, reference the Sarbanes-Oxley Act and the telecommunications industry safety management regulations, according to the development trend of maintenance and operation, common protocol in-depth study, eventually determine solution implementation framework and function module. |
PDF Full Text Request