infosecuritybasics.pdfVIP专享VIP免费原创优质

下载本文档

阅读 170
下载 28
格式 pdf
大小 55.26 KB
约3页
2025-01-31 发布于陕西
收藏
评论
点赞(0)
海报
举报

IntroductiontoInformationSecurityAsofJanuary2008,theinternetconnectedanestimated541.7millioncomputersinmorethan250countriesoneverycontinent,evenAntarctica(Source:InternetSoftwareConsortium’sInternetDomainSurvey;www.isc.org/index.pl).Theinternetisnotasinglenetwork,butaworldwidecollectionoflooselyconnectednetworksthatareaccessiblebyindividualcomputerhosts,inavarietyofways,toanyonewithacomputerandanetworkconnection.Thus,individualsandorganizationscanreachanypointontheinternetwithoutregardtonationalorgeographicboundariesortimeofday.However,alongwiththeconvenienceandeasyaccesstoinformationcomerisks.Amongthemaretherisksthatvaluableinformationwillbelost,stolen,changed,ormisused.Ifinformationisrecordedelectronicallyandisavailableonnetworkedcomputers,itismorevulnerablethanifthesameinformationisprintedonpaperandlockedinafilecabinet.Intrudersdonotneedtoenteranofficeorhome;theymaynotevenbeinthesamecountry.Theycanstealortamperwithinformationwithouttouchingapieceofpaperoraphotocopier.Theycanalsocreatenewelectronicfiles,runtheirownprograms,andhideevidenceoftheirunauthorizedactivity.BasicSecurityConceptsThreebasicsecurityconceptsimportanttoinformationontheinternetareconfidentiality,integrity,andavailability.Conceptsrelatingtothepeoplewhousethatinformationareauthentication,authorization,andnonrepudiation.Wheninformationisreadorcopiedbysomeonenotauthorizedtodoso,theresultisknownaslossofconfidentiality.Forsometypesofinformation,confidentialityisaveryimportantattribute.Examplesincluderesearchdata,medicalandinsurancerecords,newproductspecifications,andcorporateinvestmentstrategies.Insomelocations,theremaybealegalobligationtoprotecttheprivacyofindividuals.Thisisparticularlytrueforbanksandloancompanies;debtcollectors;businessesthatextendcredittotheircustomersorissuecreditcards;hospitals,doctors’offices,andmedicaltestinglaboratories;individualsoragenciesthatofferservicessuchaspsychologicalcounselingordrugtreatment;andagenciesthatcollecttaxes.Informationcanbecorruptedwhenitisavailableonaninsecurenetwork.Wheninformationismodifiedinunexpectedways,theresultisknownaslossofintegrity.Thismeansthatunauthorizedchangesaremadetoinformation,whetherbyhumanerrororintentionaltampering.Integrityisparticularlyimportantforcriticalsafetyandfinancialdatausedforactivitiessuchaselectronicfundstransfers,airtrafficcontrol,andfinancialaccounting.Informationcanbeerasedorbecomeinaccessible,resultinginlossofavailability.Thismeansthatpeoplewhoareauthorizedtogetinformationcannotgetwhattheyneed.Availabilityisoftenthemostimportantattributeinservice-orientedbusinessesthatdependoninformation(forexample,airlineschedulesandonlineinventorysystems).1Availabilityofthenetworkitselfisimportanttoanyonewhosebusinessoreducationreliesonanetworkconnection.Whenuserscannotaccessthenetworkorspecificservicesprovidedonthenetwork,theyexperienceadenialofservice.Tomakeinformationavailabletothosewhoneeditandwhocanbetrustedwithit,organizationsuseauthenticationandauthorization.Authenticationisprovingthatauseristhepersonheorsheclaimstobe.Thatproofmayinvolvesomethingtheuserknows(suchasapassword),somethingtheuserhas(suchasa“smartcard”),orsomethingabouttheuserthatprovestheperson’sidentity(suchasafingerprint).Authorizationistheactofdeterminingwhetheraparticularuser(orcomputersystem)hastherighttocarryoutacertainactivity,suchasreadingafileorrunningapr...

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容