Based on years of experience in data security management and database auditing in government, finance, telecommunications, education, enterprises and other industries, Angkai Science and Technology has formed a unique set of medical database security products-prevention, combining with the investigation and analysis of the security requirements of hospital information system at the "business level, technical level and management level". Unified System (AAS-P).
On the premise of not affecting the normal use of HIS system, PACS system, LIS system, EMR system and other application systems in hospitals, Angkai Defense Unit Audit System adds defense Unit Audit equipment to the core business service area. Through processing and analyzing the massive and disordered data in the network, once the violation of the Unit occurs, the system can. To accurately describe who, when, where, and in what way the violation is regulated, and provide a playback of the operation process for relevant personnel to analyze. The system not only satisfies the requirement of compliance audit in hospital information construction, but also monitors and traces the origin of ultra vires operation and violation operation in real time, realizes the leap from system restraint to technology restraint of Anti-Centralization means, makes staff technically far away from the prohibited area of centralization, contributes to the construction of hospital conduct and establishes a good public. Image.
Functional characteristics of Angkai Defense Unity System:
◆Alias Settings: Alias settings for the subject and object can display the content intuitively and facilitate the viewing of non-professionals.
◆Secret data: For sensitive data, unauthorized users can not normally view the secret data.
◆All-round real-time audit: real-time monitoring of all database activities from all levels.
◆Fine-grained behavior retrieval: once security incidents occur, provide fully customized audit queries and audit data display, completely get rid of the black box state of the database.
◆Flexible strategy customization: according to the flexible combination of subject and object record content to define the important events and risk events that customers care about.
◆Multi-form real-time alarm: When suspicious operations or violations of audit rules are detected, the system can notify the database administrator through a variety of alarms and other means.
◆Friendly and authentic operation process playback: For the operation concerned by customers, the whole relevant process can be replayed.
◆Multi-protocol remote access monitoring: Provide real-time remote access monitoring and playback function for database servers, which is helpful to locate and query security events, cause analysis and responsibility determination.
◆Comprehensive compliance report: Provide compliance self-inspection report according to relevant national standards, embedded more than 20 risk assessment reports for audit and management needs, and support customized reports for user management needs.
Through real-time monitoring of hospital core data, Ankki Defense Unity System makes detailed, bi-directional and multi-level traceability analysis of all kinds of data operation behaviors according to the pre-set rules of Defense Unity Strategy, which enables managers to understand user behavior at a glance, facilitate timely detection and correction of potential safety hazards, prevent the occurrence of violation of Unity Events, and truly realize the violation of Unity. For monitoring, auditing and traceability.
In the process of implementation, the system uses relevant mechanisms to effectively distinguish between normal and irregular unified actions, that is, to put authorized unified actions or personnel approved by the hospital on the white list. All other unified actions are defined as irregular unified actions. Once a suspected unified person or behavior appears, it will be blacklisted and real-time warning will be given.
From the original data acquisition to the final suspicious object location, the defense team usually follows the following processing procedures:
◆Behavior record: record all database activities;
◆Behavior Audit: Analysis of database usage behavior and extraction of relevant elements;
◆Focus on monitoring: fine-grained, two-way, multi-level traceability analysis to prevent ultra vires operation. To strangle illegal and irregular acts in the bud;
◆Suspicious alarm: real-time alarm and visual display for suspected unified party behavior;
◆Precise Suspicious Location: Analyzing the rationality of the existing defense and control strategy, accurately locating the suspicious objects, multiple query modes and multiple report outputs;
◆Retrospective playback: By retrieving historical data to play back suspicious events in the past, the complete operation process at that time was truly displayed, which exposed the violations of discipline, and provided strong evidence for the government to investigate and deal with illegal cases.
According to the structure of hospital information system (HIS system, LIS system, PACS system, EMR system, etc.), Ankki defense system and hospital information system are seamlessly integrated, which has no impact on business.