52ky 发表于 2022-9-10 17:01:25

制定和实施网络安全事件响应计划

网络环境日益杂乱,网络攻击的技术水平和把戏在不断增加和提升,乃至超过了同期的安全防备技术水平;再加上安全防备工作傍边所涉及到人,往往会呈现百密一疏的状况。因而,就算我们拟定了最适合的安全防备策略,使用了最先进的安全技术和产品,但是,依然不能确保所要维护的对象的肯定安全。这也就说明,安全事情还是有可能会呈现的。俗话说得好,不怕一万,只怕假如,假如安全事情假如真的呈现了,我们该如何应对呢?事实证明,事前拟定一个卓有成效的网络安全事情呼应方案(在这篇文章后续描绘中简称事情呼应方案),能够在呈现实践的安全事情之后,帮助你及你的安全管理团队准确识别事情类型,及时维护日志等依据文件,并从中找出受到攻击的原因,在妥善修正后再将系统投入正常运行。有时,乃至还可以通过分析保留的日志文件,通过其中的任何相关攻击的蛛丝马迹找到详细的攻击者,并将他(她)依法从事。

(The network environment is becoming more and more cluttered, and the technical level and tricks of network attacks are constantly increasing and improving, even surpassing the level of security prevention technology in the same period; coupled with the people involved in security prevention work, there is often a situation where there are hundreds of secrets. Therefore, even if we formulate the most suitable security prevention strategy and use the most advanced security technologies and products, we still cannot ensure the certain security of the objects to be maintained. This also shows that security matters may still appear. As the saying goes, don’t be afraid of 10,000, just be afraid of what if, if a security incident really occurs, how should we deal with it? Facts have proved that formulating an effective network security incident response plan in advance (referred to as the incident response plan in the subsequent description of this article) can help you and your security management team accurately identify the type of incident after presenting the actual security incident, and timely. Maintain the log and other supporting documents, find out the reason for the attack, and put the system into normal operation after proper correction. Sometimes, it is even possible to find a detailed attacker by analyzing the retained log files for clues of any relevant attacks in them, and to engage him or her in accordance with the law.)




页: [1]
查看完整版本: 制定和实施网络安全事件响应计划