数据库审计系统应用实务

图书标准信息

• 作者 全球能源互联网研究院有限公司；张·A
• 出版社 中国电力出版社
• 出版时间 2021-03
• 版次 1
• ISBN 9787519852504
• 定价 10.00元
• 装帧 其他
• 开本 32开
• 纸张 胶版纸
• 页数 40页
• 字数 20千字

【内容简介】

为加强国家电网有限公司信息系统应用与数据库的安全防护，保证应用和数据库安全，公司建设了业务和数据库审计系统，旨在对业务人员访问系统的行为进行解析、分析、记录、汇总等，以实现事前规划预防，事中实时监视、违规行为响应，事后合规报告，事故追踪溯源，保障核心资产的安全运营，提升公司网络安全防护水平。

【作者简介】

张?A，全球能源互联网研究院有限公司信息通信研究所攻防与监测技术研究室主任。从事电力行业网络安全相关工作，涉及信息安全产品测评、信息安全系统实施、信息安全技术服务、网络安全体系研究，信息安全等级保护测评，网络安全监测体系研究等工作，取得信息安全技术人员上岗证书、国家注册ISMS审核员、信息安全等级保护测评师（高级）等专业证书。参与编制《电力监控系统安全防护规定》《电力行业等级保护测评基本要求》等行业、企业标准。牵头编写专著《电力行业信息安全等级保护基本要求释义》管理信息分册、生产控制分册，参与编写《电力信息安全审计工作指南》等专著

【目录】

目 录

编制说明

1 适用范围·································································· 1

2 规范性引用文件 ························································ 3

3 基本配置要求···························································· 5

3.1 设备配置要求 ··················································· 6

3.2 设备管理 ························································· 7

3.3 账户与口令 ······················································ 7

4 基本策略配置管理要求 ··············································· 9

4.1 审计范围 ······················································· 10

4.2 语句审计 ······················································· 14

4.3 权限审计 ······················································· 15

4.4 对象审计 ······················································· 16

4.5 核查审计策略 ················································· 174.6 以系统管理员角色登录检查································ 17

4.7 以审计管理员角色登录检查································ 18

5 专用审计策略配置规范 ·············································· 19

5.1 业务部门管理要求审计······································ 20

5.2 形成专用审计策略············································ 20

范例 1 营销专业专用审计策略配置规范 ··························· 21

范例 2 运检专业专用审计策略配置规范 ··························· 26

范例 3 财务专业专用审计策略配置规范 ··························· 29