Intelligent Connected Vehicle Information Security Development Report (2021) Series VI: Information Security Service Implementation Elements and Classification

Network security services are professional services such as development security, security planning and design, security testing, security deployment, security maintenance and security operations carried out for the entire life cycle of customer network systems. Through professional security talents, high-quality security service tools, standardized management systems and processes, we aim to ensure the security of network systems throughout their life cycle, helping customers achieve business security and sustainability, thereby intensifying security capabilities, making security decisions scientific, digitalizing security operations, and modernizing security governance.

1. Elements for implementing information security services

We are now in the 3.0 era of services. The definition is very simple, that is, future security must be service-oriented, and services must be operationalized. Now with the attack and defense drills or the real cyber warfare situation, all users know whether buying good equipment can solve the fundamental problem. As IT systems become more and more complex, single equipment is difficult to solve the problem. We need to link people, technology, and platforms together. Users hope to get equipment and service personnel in a trustworthy, reliable, and efficient organization to get good security protection results.

The implementation elements of information security services mainly include service talents, service tools and service processes. Among them, service talents, driven by the service process, use service tools to assist customers in building an overall coordinated active security defense system, focusing on business activity scenarios, to achieve a closed loop of security monitoring, early warning, analysis and response operations management, effectively resist internal and external threats, and ensure the safe and stable operation of the business.

1. Security service talent factors

As security services become increasingly sophisticated and specialized, people play an increasingly prominent role in security products and numerous analytical perception systems. Network security services require security service personnel to have many basic skills, including personal technical ability, communication ability, leadership ability, innovation ability, knowledge reserve ability, learning ability, etc. Without enough capable people to provide security services, it is difficult to achieve organic linkage with business, IT, management, supervision and other departments, and the value of security technology cannot be brought into play.

The essence of network security is confrontation, and the essence of confrontation is the contest of capabilities between the offensive and defensive ends. In the final analysis, it is a confrontation between people. People are the core and key to solving network security problems. In the context of data-driven security, people have become the key to network security services. On the one hand, security service engineers can combine cloud data with human capabilities to play a greater value than relying solely on products or people in the past, turning passivity into initiative; on the other hand, the digitization of human behavior can realize a new management model for engineers, from the quality management of daily security work to the centralized dispatch of emergency response, to realize the management and control of digital security service personnel, to ensure that while synchronous security planning and synchronous security construction, a complete closed loop of synchronous security operation and security emergency response is achieved, to ensure the network security of customers, and thus improve customer satisfaction.

2. Security service tool elements

Network security services cannot be completed solely by manpower, especially when there is a serious shortage of security talent. Therefore, security service tools have emerged to improve the efficiency of network security services and assist security talents in conducting network security consulting, evaluation, operation, prediction, response and disposal. For example, in the asset identification stage, asset identification, monitoring, and intelligence tools are generally used to provide exposure monitoring system construction, Internet external asset detection services, Internet external sensitive data detection services, external vulnerability management services, and threat intelligence services; in the security protection stage, Internet boundary protection, internal boundary protection, and identity authentication tools are generally used to provide boundary protection system consulting services, security integration services, and attack testing services; in the security detection stage, the tools involved include SIEM, audit, NAT, active trapping, terminal and other tools, providing threat hunting system consulting services, threat analysis services, source tracing analysis services, and active defense services; in the response and recovery stage, emergency platform, emergency tool, emergency evidence collection and other tools are involved, and the services included include emergency response system consulting services, emergency drill services, emergency response services, emergency evidence collection and countermeasure services; in security operation services, the tools involved include development and operation platforms, security operation management platforms, security compliance management tools, etc., and the services provided include building a security operation system, security assessment services, security development services, security optimization services, and security operation and maintenance services.

3. Elements of security service process

Establishing a sound, efficient, and executable standardized process for network security services is a key factor in supporting the quality of network security services. Reasonable and effective standardized processes can make the content of network security services follow rules, ensure project progress and quality, and dynamically meet the ever-increasing network security needs in the process of network security services with safe and controllable service tools.

To ensure that all aspects of network security services can be organically integrated, reasonable process design is necessary to cooperate with the effective implementation of the system. The network security service process needs to consider the division of labor of different roles, improve the professionalism of security services, and create value for the business. An overall design is carried out in the design of each process of security services to ensure the rationality of the process and the consistency of goals.

II. Classification of network security services

Security services must be supported by certain service objects and scenarios. Therefore, before classifying security services, it is necessary to classify service scenarios. Based on the research content, the scenarios are divided into traditional scenarios and new scenarios. The specific classification is as follows:

1. Traditional scenarios: The so-called traditional scenarios refer to security service scenarios under traditional IT architecture. They have developed along with the development of the Internet and IT industries. In this scenario, customers need to meet basic security services.

2. New scenarios: New scenarios are different from traditional IT architectures. They mainly refer to security service scenarios under a new architecture spawned by new technologies such as big data, cloud computing, the Internet of Things, blockchain, artificial intelligence, and 5G. Driven by the digital economy, the integration of network security services and new technologies can effectively improve the level of security defense capabilities.

3. Traditional services: In the early stages of network security development, customers purchase traditional services such as risk assessment, vulnerability scanning, security operations and maintenance, penetration testing, baseline checks, talent training, compliance consulting, emergency response, security reinforcement, security planning, and security protection construction to meet basic security needs and achieve sustainable business development.

4. New services: refers to new services brought by new technologies and driven by market demand. Such services are characterized by data, intelligence, automation, intensiveness, practicality and closed-loop, such as cybersecurity insurance, multi-cloud management services, data security governance, cybercrime crackdown, anti-fraud, DevSecOps, threat intelligence services, emergency drill services, cybersecurity re-security services, blockchain security assessment, one-stop security services for the industrial Internet, security assessment for the Internet of Vehicles, secure cloud SaaS services, smart city security operation services, IoT security threat analysis, 5G application security assessment, etc.

Welcome relevant companies and experts to communicate and consult!

Contact: Zhu Yunyao (zhuyunyao@caeri.com.cn)