电信科学 ›› 2013, Vol. 29 ›› Issue (11): 168-172.doi: 10.3969/j.issn.1000-0801.2013.11.029

• 运营创新论坛 • 上一篇    下一篇

基于业务流程粒度的安全风险管理分析及应用

谭彬   

  1. 中国移动通信集团广西有限公司信息安全管理中心 南宁530022
  • 出版日期:2013-11-20 发布日期:2017-07-04

Analysis and Application of Security Risk Management Based on Business Process Granularity

Bin Tan   

  1. Information Security Management Center, China Mobile Group Guangxi Co., Ltd., Nanning 530022, China
  • Online:2013-11-20 Published:2017-07-04

摘要:

现有以资产为核心的安全风险管理模型,不能满足业务风险管理的实际需要。通过建立基于业务流程粒度的安全风险管理模型,并在WAP、短信业务系统成功实施和应用,真正实现了基于业务流程粒度的风险管理。安全管理员和业务系统管理员可清晰了解业务系统各个流程环节的安全风险状况,有效聚焦和优先处理业务系统关键业务流程的安全告警和风险;安全主管可基于业务流程感知有针对性地对安全风险态势进行规划、制定和实施安全防护方案,真正满足企业对业务安全风险管理的需要,提高业务安全风险管理水平。

关键词: 安全风险管理, 业务流程, WAP系统, 短信业务系统

Abstract:

Existing assets as the core of the security risk management models, cannot meet the actual needs of business risk management. Through the establishment of security granularity based on business process risk management models, and the realization and application in the WAP, SMS systems, the business risk management was realized. Security administrators and business system administrators can clearly understand the security risk situation of business systems, effectively focus and prioritize critical business systems, business processes and the security alarm; based on perceived security risk posture, security officer may plan, develop and implement safety programs, to improve operational safety risk management.

Key words: security risk management, business process, WAP system, SMS system

No Suggested Reading articles found!