《Protecting enterprise’s data securityupdating network system in LT Company.doc》由会员分享,可在线阅读,更多相关《Protecting enterprise’s data securityupdating network system in LT Company.doc(27页珍藏版)》请在三一办公上搜索。
1、Protecting enterprises data security by updating network system in LT CompanySubmitted by Li ZhaohuiStudent ID number 092011010255Supervised by Hu JintaoA thesis submitted in partial fulfillment of the requirements of the degree of Bachelor of ArtsThe Institute of Online EducationBeijing Foreign Stu
2、dies University论 文 摘 要摘要 (中文)LT公司自从创建以来,已经过去3年了;公司从不到10人的小型团队,发展壮大到如今500人左右的中型企业。我们目前已经拥有了自己的仓储物流中心和呼叫中心。在公司总部,我们有200人左右的核心团队,包括数据中心,运营部,人事部,行政部和财务部,组织机构基本健全。就在我们公司快速发展的同时,我们也注意到企业信息安全管理存在着很多漏洞和缺陷。而我们也遭遇到多起来自外部的黑客攻击和内部人员窃取商业资料的事件。 由于过去并没有足够重视信息安全为公司带来的影响和损失,因此我们向公司提出了信息安全升级项目,并获得了批准。公司支持此项目,并要求多个部门的
3、协同合作完成项目。我们不仅获得了有效的预算支持,完成了现有的系统环境硬件方面的升级改造;同时也调动了公司内的技术专家在系统软件部署上做了大量工作。与此同时,行政部与人力资源部协同合作,共同完善了企业信息安全管理的规章制度与保密协议。 在公司全体成员的共同努力之下,我们依照如下步骤顺利完成了任务:成立项目小组,前期协同调研、汇总分析、制定最优方案,按计划实施,定期召开项目例会,向全公司推行新政策法规,完成项目并长期监控。这里要感谢公司全体成员为此所做的努力,尤其感谢CEO对此事的大力支持,行政部门和HR部的默契配合。另外,特别感谢信息部的工程师为公司选定的最优的解决方案,与其他公司对比,我们不仅
4、节约了大额预算,而且获得了更高的安全防御能力。 本次信息安全升级是一个非常值得推荐的实际应用案例,也是我们公司在发展过程中获得的宝贵经验和财富。关键词:网络安全 信息泄露 安全防御 Abstract (English)LT E-commerce Company has been created for three years; it becomes the medium-sized industrial enterprise of 500 employees from 10 in the past. Now we have our own warehousing, logistics cent
5、er and call center. In the head office, there is the core team of 200 employees, include five departments: operations department, finance department, human resources department, administration department and data center.At present, LT Company is developing rapidly; and is preparing for going public.
6、 In last six months, we met multiple events of hacker attack and internal information leaking. We realized that there are many leaks in our information management system. Then, for developing smoothly and having a healthy network environment, we applied the network upgrade plan, and got permission.
7、By a series of research, investigation and analysis, HR and administrative department cooperate with us to achieve this project together. In the effort of all team members, we achieved the task smoothly according these procedures: establish project team, the collaborative research, summary analysis,
8、 the optimal scheme formulate and carry out, regular conference, new policies and regulations implement, complete the project and long-term monitoring.Through this security upgrade, we have already become the most competitive enterprise on security:1) The reliability of LT Company has increased to 8
9、5% from 26.8 in the past.2) The hidden danger decreased to1% from 90% in the past.2) The Ratio of Cost and Security: LT Company has ever occupied the last position, but now, she improved to the first.In addition, we hope on the basis of this project, the procedure of design, implementing, supervisio
10、n and evaluation, we can develop a more professional measure for network security protection, and improve the security level for our data and business secrets. It can help us to defense with the attack and leaking from internet, since than to build a harder network system. This network upgrade proje
11、ct is a recommendable sample. Its also the precious experience and fortune during development. Keywords: Network security Information leakage Security defenseTable of Contents1. Introduction62. Summary of the preliminary research72.1Problem72.2Problem analysis82.3 A needs analysis of the key factors
12、 related to the LT Company92.4 A SWOT analysis of the situation related to the LT Company93.Project Rationale104. Project Objective and Hypothesis124.1 Project Objective124.2 Project Hypothesis125.Project Design125.1 Activities planned to take place125.1.1 Activities planned to take place135.1.2 Tim
13、e scale of activities135.1.3 Critical path of the planned activities145.2 People involved in the activities and their responsibilities155.3 Cost155.4 Risk analysis166. Management and control167.Project Findings and Discussion177.1 Changes in the number of project carrying out177.2 Data Analysis187.2
14、.1 The previous problem analysis187.2.2 The record of project implementing187.2.3 The feedback of HR and administrative department197.2.4 The factors threat network security197.3 Discussion208. Conclusion21Bibliography22Appendix I: Evaluation questionnaire of security hidden danger23Appendix II: Eva
15、luation interview record of security hidden danger23Protecting enterprises data securityby updating network system in LT Company1. IntroductionLT Company is a E-commerce company, has been operating for more than 3 years; now its in a nice development stage in E-commerce field. At present, the busine
16、ss prospect of LT Company is broad. Because of getting another round of investment of overseas fund, company is making preparation actively before listing on the stock market.LT Company has come into a High speed development stage; the construction of enterprise informationization has become the pro
17、blem what we must take seriously right now. As the data center, we are responsible for data protection and network security. In the last six month, the event of information or customer data leaking appeared constantly. It threatens to data security of our company; meanwhile, it brings a tremendous r
18、isk for work of listing on the stock market. Data center made a series of research, analysis and practice, build a hypothesis: the situation of data leaking problem can be decreased or even avoided by network system upgrade. Then, as the department who controls all information of our company, we bui
19、lt a security project group, and made a plan for this project of network upgrade.About the information security, what our first tasks is that through making a security test to all employees, then finds the obvious problems, and builds the corresponding project implementing plan. In addition, our dep
20、artment should boost rapidly this project to develop and implement. As enterprise, it should be considered that the problem of cost and profit. So the project should base on a rational cost budget. Except technology factor, HR and administrative department formulate relevant policies; it strengthens
21、 the aspects of policies and regulations. Except the basic security rules, it also include the regulation of supervision, report, rewards and punishments etc.As the department for security guarantee, the task we take afford is helping company to improve work efficiency and controllability, and decre
22、asing operating cost. Along with the companys development, the increasing of employees number and employee turnover, the controllability of our information construction is not ideal. So, the goal of this project is clear and definite: through network upgrade to build a high level network environment
23、 of information security. In general, it means that Clear monitoring and alarm system, perfect technology control methods, and thorough security management policies.Data center made a series analysis, and utilized lots of approaches to design this project: interview, regular conference, SWOT etc. In
24、 addition, we also utilized kinds of monitoring and evaluation tool to ensure activities implementing, including project plan, activities schedule, flow chart etc. Through the effort of HR, administrative department and data center, this project is implementing gradually. The realization of expected
25、 goal will fasten the step of information construction; and push the development of e-commerce industry.In this paper, through the design of network system upgrade plan, to improve the security level of internal network and eternal, and get maximum protection for the company confidential information
26、. Meanwhile, through the design, implementing, supervision and evaluation of this project, we also hope can develop the professional strategy of network security protection, and improve the level of data security and business secrets, whatever on policies or technology. Then we can easily handle the
27、 threats from different aspect of network attack or information stealing; sequentially, it creates a stable and healthy network system environment for our enterprise.2. Summary of the preliminary research2.1ProblemAlong with the application and development of the computer network, enterprise manager
28、s paid much attention to data and network security. Nowadays, paperless office has become the majority of companies choice. Well then the terrible problem has appeared: hackers develop and spread kinds of software; which helps many people finding the bug of network system or the methods of cracking
29、network access. If an employee utilize this kind of technology, its possible that all companys materials and business secrets will be disclosed.Im working in the data center of LT Company. Its an E-commerce company and its sales network covers most of countrywide areas. The clients orders preserve t
30、heir important information fully: their phone number, mailing address etc. The amount of this kind of data reaches about hundreds of thousand, and is also in growing. Although we have dealt these sensitive data with limits of authority, only the individual managers and system maintenance personnel m
31、ay inquire the data, we are still facing the problem of data security. Seriously, an employee who has quit stole some clients information and sold to our competition opponent not long ago. It shows us the serious problem of our data security.The reason we can hold these data is that we have cost a l
32、ot in enterprise operation, and accumulated bit by bit. These data is filled with commercial value. In consideration of my job responsibility of data management and maintenance, I must analyze the current status about data security, and try to find the strategy for network upgrade safely; furthermor
33、e, it can be implemented effectively. Not only the achievement of strict network security strategy can ensure the security of business secrets, for me personally, but also the improvement of professional technology brings a great significance to my career development. 2.2Problem analysisI made the p
34、roblem analysis blow through three aspects, for a better understanding of the importance of solving the network security problem:1. The current situation analysis of the LT Company;2. A needs analysis of the key factors related to the LT Company;3. A SWOT analysis of the situation related to the LT
35、Company.1. Current situation analysis of the LT Company1) Physical resourcesThe head office of LT is located in Macao Building in Beijing, now the office occupies 2 floors there; the number of all the employees in head office is about 200. We have an independent mail system; the server is located in
36、 IDC. Every employee has a computer to complete the daily tasks. The communication way of our tasks gives priority to mail. A lot of enterprise internal materials, commercial secrets, and all kinds of user permissions pass each other through the enterprise internal email system. 2) Human resourcesTh
37、e 200 employees of our company is divided into five departments, respectively is operations department, finance department, human resources department, administration department and data center. There are four employees work in data center; the four employees are responsible for system operation and
38、 maintenance, the website system, database management, and LAN management.3) Financial resourcesSince its founding in 2009, the annual sales profit of LT Company has reached around 40 million yuan. Every year the cost is around 1 million yuan that which is applied specifically in the application of
39、network hardware and software update equipment maintenance; including 800,000 yuan used in the network security, and 200,000yuan used in the learning and training for professional technical staff of data center. This year, the business goal is 50 million yuan, the budget will be 1.5 million yuan, an
40、d will be used to improve the network safe protection.4) PEST analysisBeijing is a city which has a good environment politically, economically and culturally. She provides a good marketing environment for numerous industries. As a member of E-commerce industry, like the other E-commerce companies, L
41、T Company is developing rapidly. Last year, the Commerce Department participated in the electronic commerce forum; on one hand, the E-commerce development was gotten confirmation by its strong push power for national economies; on the other hand, the data introduced by Commerce Department shows that
42、 this market has a huge potential in the future. Getting such support directly by government, more and more traditional enterprises join the E-commerce industry to purchase new breakthrough. On this occasion, all E-commerce enterprises are facing both opportunity and challenge. Facing the competitio
43、n of industry opponent, LT Company must make a perfect protection with enterprises business secrets and network safety, so that keep a good trend of development, occupy an important market share. In todays information age, business secrets are the core of enterprise. LT Company must take effective m
44、easure to insure its business secrets and network safety, keep its good development, prevent be eliminated in the fierce market of information competition. 2.3 A needs analysis of the key factors related to the LT CompanyThe majority of employees in our company dont treat the privacy problem serious
45、ly. For example, the system administrator set up an E-mail password for user, he/she doesnt change the password during one year; one day, system is reset because of some reason, the user cant remind what the password is. Mail client software and password memory function cause that problem. Some peop
46、le are more stupid, write down the password on paper and posted on the computer screen. In addition, there are some common problems; such as various equipments: printer, network storage equipment, UPS power equipment, etc, are the default user password. In many cases, our enterprise internal network
47、 can be defeat by very low-level attack methods. In fact, the security plan is difficult to realize thoroughly, the usual practice is choosing a safe scheme in certain cost range.2.4 A SWOT analysis of the situation related to the LT CompanyStrengthenIndependent mail system;Independent and perfect s
48、erver room;Enough budget for data center;Experienced and professional technology employeesWeaknessLack of time for technology communication between colleagues;Non-technology staffs need to study more information about networks;Some basic computer problems increased the amount of work to system administrator;Network safety training doesnt be arranged in the normal training course.OpportunitiesRecently, the human resources and administrative department have strengthened internal privacy
