或许A在网络信息安全这个领域中有点神秘色彩,也有些特殊地位。Authentication, Authorization, Account, Accounting, Audit, Availability, Accountability, Administration, 很多A,每个A都在A的名义下定义了不同的功能。
最早Cisco路由器配置中的AAA Newmodel,其中的AAA是指:Authentication, Authorization, and Accounting. 功能很明确,先作用户认证,然后授权他可以在设备上面进行什么样的操作,最后,进行记帐。对,这里的Accounting,就是记帐,不是帐号。它帮助运营单位对网络流量和操作进行记帐。
IDC中AAA的分类,定义了AAA,这里的AAA与Cisco网络设备配置中的AAA有所不同,区别点在于第三个A,IDC的AAA的第三个A是指 Administration, 其实含义基本上是除了Authentication认证,Authorization授权,以及Anti-virus反病毒、Firewall防火墙、 IDS入侵检测系统(在2000年以前,似乎IDS和扫描器都在这第三个A中,后来IDS单独分类统计)。现在IDC重新定义了AAA,将其分成了两个区域,第一是IAM(Identity and Access Management),第二是SVM(Security Vulnerability Management)。参考下面的示意图,IAM中增加一个新内容,就是目录管理,SVM中也增加一点新内容,就是漏洞管理。漏洞扫描产品(scanners)本来也是属于IDC AAA中最后一个安全管理的内容,后来与IDS成为一个分支 ID&A,现在漏洞管理的名义下重新回到SVM下面。当然了,今天的漏洞管理在内涵上大大超出了原来的单纯的漏洞扫描。
而AAAA则是国内领先运营商在AAA/IAM基础上结合国内的实践提出的模型,它的全称应该是: Account, Authentication, Authorization, Audit,也反映了中国安全业界对于安全管理的思索和创新。
When I try to dig “Security 2.0″ via Google, only one noticeable hit was found from CSOonline by Sarah. Sarah summarized the convergence at security area, and regarded “Security 2.0″ as integration, convergence, holistic security and so on. Sarah reported a case study from Constellation Energy Group on convergence of physical security and IT security, where they assigned a new role named Chief Risk Officer, directly under CEO, who is responsible for control of what ever risks which might hurt the enterprise to an acceptable level. That’s very interesting and with deep insight. However, my vision of “Security 2.0″ is somewhat different. Read more…
As a Chinese, from my birth at the end of 60s, last century, I witnessed the great impressive change in China in the passing 20 years…
Until very recently, when the Chinese press mentioned the government's Five-year Plan, it used the official four-character phrase wu nian ji hua (五年计划), which has been in use since the 1950s. But over the past several months, a new character has appeared in the phrase. It’s now wu nian gui hua (五年规划). In the English press, a variety of words have been used to reflect this change: The "plan" is now referred to as a "program", "road map", "guideline", "blueprint" or "framework". What’s going on?
The Five-Year Plan was once the most visible artifact of the Marxist centrally planned system for determining China’s economic and social activities. But over the past 27 years, China has systematically transitioned into a socialist market economy. Today, less than 5% of the country's merchandise is priced by the government. The number of industrial state-owned enterprises has plummeted from more than 120,000 in the mid-1990s to around 30,000 in 2005. The government departments that were at the core of the planning system – the State Planning Commission and the State Economic Commission and their local counterparts – don't exist anymore.
In short, the Chinese government no longer intervenes in most business operations and no longer controls most economic activities. Though the Five-Year Program remains as strategic a document as its predecessors, setting directions and intentions for the long term; detailed execution is out of the government's hands and has shifted to the market and enterprises. What a difference a character can make.
by JIANMAO WANG AND LINDA G.SPRAGUE, Harvard Business Review, April 2006-05-07.
Recent Comments