Best Practices Guide for Enterprise Network Security (Part 1)

Welcome to follow the original public account:

This series of articles is divided into 8 parts, mainly sharing the author's own experience and summary in the process of enterprise network security construction and operation and maintenance guarantee, including network security management, network security architecture, network security technology, and security practices, aiming to fully elaborate on all aspects of enterprise network security and provide practical guidelines for enterprise network security construction.

Table of Contents

Part I Cybersecurity Management

Part I Strategic Positioning and Organizational Structure of Cybersecurity

Part II Cybersecurity Laws and Standards

Part III Cybersecurity Management System

1. Overview of Cybersecurity Management System

2. Cybersecurity Standards, Regulations, Manuals

3. Cybersecurity Risk Assessment/Risk Management

4. Cybersecurity Emergency Management

5. Cybersecurity Critical Protection

6. Cybersecurity Training

7. Cybersecurity Planning Management

Part IV Security Performance Assessment

Part II Security Architecture

Part I Overall Architecture

Part II Enterprise Security Operation Center

1. Cybersecurity Infrastructure Layer

2. Cybersecurity Data Layer

3. Cybersecurity Analysis Layer

4. Cybersecurity Application Layer

5. Security Operation Center

Part III Enterprise Security Service Center

Part IV Cloud Security

1. Enterprise Cloud Computing

2. Enterprise Cloud Security

3. Cloud Security Summary

Part III Security Technology

1. Overview of Cybersecurity Technology

1. Cybersecurity Defense Theory

2. Overall Cybersecurity Strategy

3. Business Continuity and Disaster Recovery (BCM)

2. Cybersecurity Life Cycle

1. Security Design Phase

2. Security Research and Development Phase

3. Security Testing Phase

4. Security Operation Phase

5. Security Operation Phase

3. Cybersecurity Domain

1. Security Baseline

2. Physical Security Domain

3. Cybersecurity Domain

4. Host Security Domain

5. Application Security Domain

6. Data Security Domain

7. Business Security Domain

8. Content Security Domain

9. Mobile Security Domain

10. Cloud Security Domain

Part IV Cybersecurity Support and Assistance

1. System Operation and Maintenance

2. System Architecture

3. Others

Part IV Cybersecurity Practice

1. Cybersecurity Devices

1. Common Cybersecurity Devices

2. Enterprise Cybersecurity Architecture

2. Common Cybersecurity Threats and Attack Prevention

1. Types of Common Cybersecurity Threats

2. Prevention of Common Cybersecurity Attacks

3. Frontier Technology Research in Cybersecurity

Part V Summary

Appendix:

正文

With the popularization of the concept of 'digital economy', the digital transformation of enterprises has become one of the important opportunities for most enterprises to develop. In essence, the digital transformation of enterprises is actually a revolution in the existing, traditional ideology, business content, organizational structure, and even corporate operating strategy of enterprises. It is a revolution. Of course, when enterprises carry out digital transformation, they often have to be accompanied by huge capital investment, and sometimes the profit of the main business in a year may not be enough to cover the cost of purchasing a new system. But in the end, the fundamental purpose of doing business is still to make a profit, whether it is to adhere to the existing model or to carry out digital transformation, the ultimate goal is to achieve the continuous profit and profit growth of enterprises.

企业发展历程中的每一次变革、创新过程中，总是伴随着风险。风险管理、风险控制的效果如何，往往也是决定企业是否成功的重要因素之一。风险管控也是一个比较大的科学工程，是企业管理学科中讨论的最为激烈的热点之一。但本篇只截取风险管控中较小的一部分，“企业网络安全”这一主题进行讨论和阐述。通过在管理、架构、技术和实践四个方面阐述企业网络安全建设和保障，确保企业经营过程中网络安全稳定不出错，为企业数字化变革中，奠定坚实的网络安全基础，营造健康的网络安全环境。

2018年可以说是网络安全一个非常重要的年份，因为在这一年，网络安全达到了一个前所未有的新高度。自2017年6月1日网络安全法正式实施以来，2018年上半年，习总书记提出“没有网络安全就没有国家安全”，将网络安全提升为国家战略，网络空间成为继“海陆空天外”的第五空间。随着相关法律法规和政策制度的实施，网络安全与企业经营已经是直接相关、休戚相关。企业网络安全的缺失、网络安全相关事件的频发，已经不仅仅影响企业的正常经营，还会为企业经营者带来经济上和法律上的处罚。那作为企业，如何进行网络安全建设呢？结合本人在企业网络安全建设以及重大活动重保经验，试图从以下四个部分阐述企业网络安全建设，为企业经营者和IT管理者提供网络安全建设的实践指南。

1604466929_5fa238f191f91cf4a0890.png!small