Journal of Information Security Reserach ›› 2022, Vol. 8 ›› Issue (11): 1141-.
Previous Articles
Online:
Published:
顾磊
(中国石油化工集团有限公司信息和数字化管理部北京100020)
通讯作者:
作者简介:
Abstract: Network security in the new era is no longer a oneman fight, especially for a certain type of industry such as energy, chemical, electric power and other industries have gradually become important targets of foreign hacker organizations. Therefore, in terms of future defense capability building, we need to unite together to achieve threat intelligence sharing within the industry. However, as a central enterprise, we must first do our own joint defense and control, and realize intelligence sharing, threat linkage and emergency response within Sinopec at first. Sinopec conscientiously implements the work deployment requirements of national risk prevention and mitigation, strengthens the construction of internal network security management and control system, strictly controls the integration of information system design and construction phase with internal control, and continuously strengthens the rigid constraints of informatization. Network security management and network security protection technology are equally important. With management as the guide and technology as the support, we will jointly weave Sinopec’s network security protection network, effectively implement network security work, form an endogenous cohesion of network security, and build Sinopec’s “5+2” cybersecurity risk control and handling mechanism, promote the coordinated development of overall network security and informatization work.
Key words: joint defense and control, threat intelligence, network combat, cyber attack, mechanism establishment
摘要: 新时代下的网络安全已经不再是单打独斗,尤其是针对某一类行业而言,能源、化工、电力等行业也逐渐成为国外黑客组织的重要打击目标.所以在未来的防御能力建设上需要行业内各部门联合起来一致对外,实现行业内的威胁情报共享.但是作为央企内部首先要做好自身的联防联控,在中国石化内部首先实现情报共享、威胁联动和应急处置.中国石化认真贯彻落实国家风险防范化解的工作部署要求,强化内部网络安全管控体系建设,严格把控信息系统设计和建设阶段与内控的结合,不断强化信息化刚性约束.网络安全管理与网络安全防护技术并重,以管理为先导、以技术为支撑,共同编织中国石化的网络安全防护大网,有效抓实网络安全工作,形成网络安全内生聚合力,打造中国石化“5+2”的网络安全风险联防联控机制,推动整体网络安全和信息化工作的协调发展.
关键词: 联防联控, 威胁情报, 实战化, 网络攻击, 机制建立
顾磊. 建立中国石化网络安全风险管控和处置机制研究[J]. 信息安全研究, 2022, 8(11): 1141-.
0 / / Recommend
Add to citation manager EndNote|Ris|BibTeX
URL: http://www.sicris.cn/EN/
http://www.sicris.cn/EN/Y2022/V8/I11/1141
参考文献 [1]曾弘瑞. 三同步安全管理新思路[J]. 信息化建设, 2012, 11(10): 1215[2]周培培, 赵永明. 新时代我国网络意识形态安全治理的实践理路[J]. 南昌师范学院学报, 2022, 3(5): 2426[3]马晓亮. 网络安全攻防实战技术与效果分析[J]. 信息安全研究, 2021, 7(8): 763772[4]王超, 赵英明, 陈勋, 等. 铁路关键信息基础设施安全防护框架设计[J]. 铁路计算机应用, 2022, 5(3): 2538[5]王鹃. 网络空间安全学科人才培养探索与[J]. 信息安全研究, 2016, 2(11): 10491050[6]李丁夏. 面向攻防实战的网络安全防护体系[J]. 网络安全技术与应用, 2022, 3(5): 2538
Network Security of LargeTraffic Retrospective Analysis System for Serving Critical Informational Infrastructures