Abstract: In order to construct a secure architecture which possesses enough strictness and practicability using mechanisms of password, log auditing, and authority, a model of security for information system including interface logic, business logic, and abnormal activity detection is proposed in this paper. The working flows and functions of main components of the model are described. At the same time the abnormal activities in an information system are analyzed, and the working methods of abnormal activities detector, a practical format of log data, and the protecting method of log file are introduced as well.