构建高效安全运营中心:普适指导框架的提出与实践路径探索  

作　　者：陈嘉旖 朱垚琦 陶蓉 CHEN Jiayi;ZHU Yaoqi;TAO Rong(Tongji University Affiliated Pulmonary Hospital,Shanghai 200433,China)

机构地区：[1]同济大学附属肺科医院,上海200433

出　　处：《沈阳师范大学学报(自然科学版)》2025年第1期53-61,共9页Journal of Shenyang Normal University:Natural Science Edition

基　　金：上海市2022年度“科技创新行动计划”社会发展科技攻关项目(22dz1202003)。

摘　　要：在当前信息化时代,网络威胁与信息滥用问题日益严峻,不仅严重侵犯个人隐私,还对经济安全和社会稳定构成重大威胁。在此背景下,设立安全运营中心(security operation center,SOC)已成为众多组织应对网络安全挑战的核心策略。然而,实证研究表明仅有少数SOC在对抗网络犯罪和信息滥用方面取得了显著成效。探讨SOC建设过程中的关键挑战,进而明确SOC核心使命与关键能力并确保其能力有效落地,再运用科学的评估方法对SOC能力进行测评,以持续保障组织业务连续性。具体从3个维度展开论述:一是SOC的战略使命和能力构建;二是SOC与组织现有的信息技术能力集成及实施;三是评估SOC能力以持续改进。通过系统化的分析,为组织在SOC构建过程中提供一套可操作的参考框架,为网络安全防护领域的理论研究与实践应用提供新的思路。In the contemporary information age,cyber threats and information abuse have escalated into critical issues.These challenges not only severely compromise personal privacy but also pose substantial risks to economic security and social stability.In response,many organizations have adopted Security Operation Centers(SOCs)as a core strategy to mitigate cybersecurity risks.However,empirical evidence indicates that only a limited number of SOCs have demonstrated significant effectiveness in combating cybercrime and preventing information abuse.This paper aims to explore the key challenges in the construction process of SOC,clarify the core mission and key capabilities of SOC,and ensure the effective implementation of these capabilities,and then apply scientific assessment methods to evaluate the capabilities of SOC to continuously ensure the business continuity of the organization.It will be discussed from three dimensions:Firstly,the strategic mission and capability building of SOC;secondly,the integration of SOC with the existing information technology capabilities of the organization to implement SOC practices;thirdly,the assessment of SOC capabilities for continuous improvement.Through systematic analysis,a set of operational reference framework will be provided for organizations during the construction process of SOC,and new ideas will be provided for theoretical research and practical application in the field of cybersecurity protection.

关 键 词：SOC 参考框架 IT集成 能力评估 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]