关键词: 安全运营管理, IT基础设施库, 服务级别管理

Abstract: Security operation platform can realize more effective security management and judge the current situation and trend of security incidents and networks system in time by analyzing the alarm information and security audit data from Firewall, IDS, anti-Virus system, mainframe and networks devices. Due to lacking of the uniform standard and criterion in developing the techniques and products of security operation, it brings a big challenge to highly efficient security operation and is unable to leverage the current techniques and products to conduct the incidents linkage, associated analysis and information integration. By the research of the worldwide status and trend and using BS7799, NIST SP800 series and other standards for reference, we introduce the theory of IT services and position the security operation as service in IT Infrastructure Library （ITIL）, and expound the design ideas, framework, management procedures and the relations between the procedures of the ITIL-based networks security operation platform.

Key words: Security Operation Management, IT Infrastructure Library（ITIL）, Service Level Management（SLM）