The Design And Implementation Of Large Enterprise Information Security Management Work Platform

A large enterprise,operates an important information system involving the national energy security and People's livelihood,not only need it conforms to the regulatory requirements from the competent authorities of the State,but also it has the internal security requirement of ensuring the smooth and safe operation of the core business application system.Consequenly,a set of management platform for information security need establish which helps out and implement the level of protection in the enterprise,the standard of compliance work,risk management work,safety inspection work,and promote the corresponding work within the whole enterprise implementation.Based on the present situation of information security and its demand,this thesis designs and develops a platform of information security management which meets the needs of the enterprise.To begin with,the application architecture,development architecture,database environment,software environment,main technical index and hardware configuration of the platform are analyzed in detail,and the basic environment of platform design,implementation and deployment is defined.Besides,the business requirements of the platform,business functions,the overall framework and the business process of each module are specifically analysis and designed as well as realizing the main functions.The main functional modules of the platform include Organization management module defining the organization system of the platform and the personnel role,the basic data management module of the storage enterprise,the level protection module of the important Information protection and management,the risk management module of the Enterprise risk assessment process,the safety Incident notification module controlling the Enterprise Security Incident Notification Process management,the emergency response module managing emergency plan of the enterprise and drill information,the Rectification plan module and the Security check module of the safety inspection work process management.For tracking The Enterprise Information Management department can supervise,inspect and guide the information security management of other departments and subsidiaries and branches through the platform.The platform adopts the current industry popular Java-related technical standards to achieve,selects the current popular spring as a lightweight container architecture implementation scheme,and uses Struts lightweight open source MVC framework,and MySQL 5.0 as a database management software.In addition,with B/S structure,uses the common browser as the client,and JavaEE to build the system server side.Based on the information of the number of risk points,the number of security incidents,the number of discovery points,the proportion of high-risk,and the completion of rectification task,the platform has summed up the information security performance KPI to carry out the risk assessment and the graphical display.It helps improve RBAC,add "group" function,introduce role template concept,and authorized subdivision to resource state.According to the standardization of WFMC for the workflow,the workflow engine is developed by itself.In order to ensure the security of the system,the design prevents the Cross-site scripting attack,SQL injection attacks,the execution of malicious files,the direct reference of objects,etc.,and the security of page components and sensitive data.Meanwhile,in order to ensure the stable operation of the system,the system has undergone BVT test,version test,performance test,concurrency test,pressure test,large data volume test,stability test and safety test.Through the test,the modules of the system are perfected and the performance is stable.And it has good feasibility and usability to meet the needs of the platform design and the information security management of large enterprises.