面向企业信息化规划的安全架构开发模型设计

信息安全研究 ›› 2018, Vol. 4 ›› Issue (9): 825-835.

面向企业信息化规划的安全架构开发模型设计

丁禹哲¹,敬铅²,孙伟³

1. 中山大学数据科学与计算机学院
2. 中山大学电子与信息工程学院
3. 中山大学信息科学技术学院

收稿日期:2018-09-17 出版日期:2018-09-15 发布日期:2018-09-17
通讯作者: 丁禹哲
作者简介:丁禹哲中山大学本科生，软件工程专业. 敬铅 1980年，硕士，高级工程师，主要研究方向为信息化规划、数据治理与安全等. 孙伟 1974年，博士，教授，博士生导师，主要研究方向为网络安全和多媒体通信技术.

Design of security architecture development model for enterprise information planning

1.
2. School of Information Science and Technology, Sun Yatsen University

Received:2018-09-17 Online:2018-09-15 Published:2018-09-17

摘要/Abstract

摘要： 随着数据时代的到来，信息系统面临的安全攻击越来越多，损失也越来越大，信息安全问题伴随信息孤岛、数据共享等问题治理的开展也越来越突出。对于信息安全保护也就变的愈加困难，走传统“脚痛医脚、头痛医头”的方式很难系统性解决现存的安全问题。因此，必须从信息化规划和整体架构设计就开始分析和设计安全防范体系，真正实现“自顶而下”的企业信息化安全架构规划和设计，以指导信息化建设的信息安全工作。本文以现有主流企业信息化规划方法为基础，结合信息化规划中有关安全架构的模型、方法或框架，提出基于EISA和TOGAF ADM框架的SADM安全架构开发模型，以为开展企业信息化规划和架构设计提供参考，进而为后续建立安全架构开发方法体系开展前期探索。

关键词: 企业架构, 企业信息安全架构, 信息化规划, 架构开发方法, 安全架构开发模型

Abstract: With the advent of the information age, information systems are facing more and more security attacks, and the loss is also increasing, the information security issues accompanied with information island, data sharing and other issues of governance are becoming increasingly prominent. Information security protection has become increasingly difficult,and it is more difficult to solve the above problems systematically with taking stop-gap measures as before.Therefore, it is necessary to analyze and design the security system accompanied with the information planning and the framework design, so as to truly realize the "top-down" enterprise information security architecture planning and design,and guide the information security work. Based on the existing mainstream enterprise informationization planning methods and the related security architecture models, methods or frameworks in informationization planning, this paper proposes a SADM security architecture development model based on EISA and TOGAF ADM frameworks, which provides a reference for enterprise informationization planning and architecture design, and gives an early exploration for the follow-up establishment of the security architecture development method system.

Key words: EA, EISA, Informatization Planning, TOGAF ADM, SADM

丁禹哲敬铅孙伟. 面向企业信息化规划的安全架构开发模型设计[J]. 信息安全研究, 2018, 4(9): 825-835.

参考文献

[1] 周逸峰.金融机构信息系统安全架构规划和建设[D].上海：复旦大学,2014 [2] Aroms E. NIST Special Publication 800-53 Revision 3 Recommended Security Controls for Federal Information Systems and Organizations[M].Scotts Valley, California, US: CreateSpace, 2012 [3] 佚名.工信部将出台国家信息安全战略[J]. 工具技术, 2013(1):76-76 [4] 佚名. GB/T 22080-2008《信息技术安全技术信息安全管理体系要求》概要[J]. 信息技术与标准化, 2009(9):37-39. [5] Chair-M P, Ller H A, Program Chair-Onut V. Proceedings of the 26th Annual International Conference on Computer Science and Software Engineering[C]// Proc of International Conference on Computer Science and Software Engineering. IBM Corp. 2016. [6] 杨婕. 基于顶层设计思路的企业安全架构总体设计[J]. 信息通信, 2017(7):249-251. [7] 罗革新, 吕增江, 崔广印,等. 大型企业信息安全体系架构设计初探[J]. 勘探地球物理进展, 2008, 31(6):471-478. [8] 胡云强,谢宗晓.企业信息安全规划方法及其介绍[J].大众用电,2017(S1):98-102 [9] 春增军. 核电企业信息安全管理与保障研究[D].武汉：武汉大学,2013 [10]Bahmani F, Shariati M, Shams F. A survey of interoperability in Enterprise Information Security Architecture frameworks[C]// Proc of International Conference on Information Science and Engineering. IEEE, 2010:1794-1797 [11] 吴海燕, 于文轩. 基于企业架构的大学信息安全架构初探[C]// 中国高等教育学会教育信息化分会第十一次学术年会. 2012. [12] Rachamadugu V, Anderson J A. Managing Security and Privacy Integration across Enterprise Business Process and Infrastructure[C]// Proc of IEEE International Conference on Services Computing. IEEE Computer Society, 2008:351-358 [13] Korhonen J J, Yildiz M, Mykkänen J. Governance of Information Security Elements in Service-Oriented Enterprise Architecture[C]//Proc of International Symposium on Pervasive Systems, Algorithms, and Networks. IEEE, 2009:768-773. [14] Sun J, Chen Y. Intelligent Enterprise Information Security Architecture Based on Service Oriented Architecture[C]// Proc of International Seminar on Future Information Technology and Management Engineering. IEEE, 2008:196-200 [15] Group T O. Open group architecture framework TOGAF version 9[J]. 2010