Journal of Information Security Reserach ›› 2024, Vol. 10 ›› Issue (4): 360-.

Previous Articles     Next Articles

Research on Banking DAO Digital Security Operation System

Li Dingwei, Lin Yeming, Sun Gang, and Yuan Yu#br#

#br#
  

  1. (Zheshang Bank Co., Ltd., Hangzhou 311200)
    (Zheyin Network Security Innovation Laboratory, Hangzhou 311200)

  • Online:2024-04-20 Published:2024-04-20

银行业DAO数字化安全运营体系研究

丁炜林叶明孙钢袁昱


  

  1. (浙商银行股份有限公司杭州311200)
    (浙银网络安全创新实验室杭州311200)

  • 通讯作者: 林叶明 工程师.主要研究方向为安全架构规划、网络安全防御体系建设、数据安全. wslinym@163.com
  • 作者简介:李丁炜 硕士.主要研究方向为网络安全、安全编排与自动化响应. 1687113490@qq.com 林叶明 工程师.主要研究方向为安全架构规划、网络安全防御体系建设、数据安全. wslinym@163.com 孙钢 硕士.主要研究方向为安全攻防、网络安全防御体系建设、数据安全. sun170moon@qq.com 袁昱 硕士.主要研究方向为网络安全防御体系建设、数据安全. tzyuanyu@126.com

Abstract: In the current era of explosive growth of network threats, with the digital reshaping of business models and sustained growth of business, the banking industry is facing problems such as redundant security equipment, heavy security operation tasks, and insufficient practical combat capabilities caused by the continuous expansion of network security defense lines. This paper analyzes the challenges faced by financial institutions in the banking industry in security operations, banking DAO(defence, ability and operation) digital security operation system integrating peace and war integration security operation mechanism has been proposed, with a focus on studying the threelevel architecture of deepening the protection foundation, atomization capability center, and digital operation center, as well as the implementation path of peace and war integration mechanism for normalized, highstrength, and uninterrupted protection targets.

Key words: network security operation, security device management, atomization, security orchestration automation and response, integration of peacetime and wartime

摘要: 在网络威胁呈爆发式增长的当下,随着业务模式数字化重塑与业务持续性增长,银行业面临因网络安全防线持续扩大所导致的安全设备冗杂、安全运营任务繁重、实战能力不足等问题.对银行业金融机构在安全运营中所面临的挑战进行分析,提出了融合平战一体化安全运营机制的银行业DAO(defence, ability and operation)数字化安全运营体系,重点研究纵深化防护基础、原子化能力中枢、数字化运营总台3层次架构,以及针对常态化、高强度、无间断防护目标的平战一体机制实施路径.

关键词: 网络安全运营, 安全设备管理, 原子化, 安全编排自动化和响应, 平战一体化

CLC Number: