Экология. НОВ.2019_Сборник_контрольных_работ_для_заочников_ФЗО_1. Технологический университет
Скачать 1.02 Mb.
|
Вариант 1 для направления подготовки 10.03.01 Информационная безопасностьПрочитайте и устно переведите текст на русский язык. INFORMATION SYSTEMS SECURITY Today’s Internet is a worldwide network with more than 2 billion users. It includes almost every government, business, and organization on Earth. However, having that many users on the same network wouldn’t solely have been enough to make the Internet a game-changing innovation. These users needed some type of mechanism to link documents and resources across computers. In other words, a user on computer A needed an easy way to open a document on computer B. This need gave rise to a system that defines how documents and resources are related across network machines. The name of this system is the World Wide Web (WWW). You may know it as cyberspace or simply as the Web. Think of it this way: The Internet links communication networks to one another. The Web is the connection of websites, webpages, and digital content on those networked computers. Cyberspace is all the accessible users, networks, webpages, and applications working in this worldwide electronic realm. Unfortunately, when you connect to cyberspace, you also open the door to a lot of bad guys. They want to find you and steal your data. Every computer or device that connects to the Internet is at risk, creating an Internet of Things (IoT) that supports users in all aspects of their lives. Like outer space, the maturing Internet is a new frontier. There is no Internet government or central authority. It is full of challenges—and questionable behavior. This questionable behavior is evident given the data breaches we’ve seen in the past three years alone. In the United States, public and private sectors have been compromised through unauthorized access and data breach attacks. These recent attacks have been committed by individuals, organized cybercriminals, and attackers from other nations. The quantity of cyberattacks on U.S. interests is increasing. With the Internet of Things (IoT) now connecting personal devices, home devices, and vehicles to the Internet, there are even more data to steal. All users must defend their information from attackers. Cybersecurity is the duty of every government that wants to ensure its national security. Data security is the responsibility of every organization that needs to protect its information assets and sensitive data (e.g., SSNs, credit card numbers, and the like). And it’s the job of all of us to protect our own data. The components that make up cyberspace are not automatically secure. These components include cabling, physical networks, operating systems, and software applications that computers use to connect to the Internet. At the heart of the problem is the lack of security in the Transmission Control Protocol/Internet Protocol (TCP/IP) communications protocol. This protocol is the language that computers most commonly use to communicate across the Internet. (A protocol is a list of rules and methods for communicating.) TCP/IP is not just one protocol but a suite of protocols developed for communicating across a network. Named after the two most important protocols, TCP/IP works together to allow any two computers to communicate. Connecting two or more computers creates a network. TCP/IP breaks messages into chunks, or packets, to send data between networked computers. The problem lies in the fact that data are readable within each IP packet using simple software available to anyone. (English for Computer Science Students: учеб. пособие / Сост. Т. В. Смирнова, М. В. Юдельсон; науч. ред. Н. А. Дударева) Письменно переведите 2 и 3 абзац. III. Найдите абзац, где выражается основная идея текста. Вариант 2 для направления подготовки 10.03.01 Информационная безопасностьПрочитайте и устно переведите текст на русский язык. RISKS, THREATS, AND VULNERABILITIES Risk is the likelihood that something bad will happen to an asset. It is the level of exposure to some event that has an effect on an asset. In the context of IT security, an asset can be a computer, a database, or a piece of information. Examples of risk include the following: • Losing data • Losing business because a disaster has destroyed your building • Failing to comply with laws and regulations A threat is any action that could damage an asset. Information systems face both natural and human-induced threats. The threats of flood, earthquake, or severe storms require organizations to create plans to ensure that business operation continues and that the organization can recover. A business continuity plan (BCP) gives priorities to the functions an organization needs to keep going. A disaster recovery plan (DRP) defines how a business gets back on its feet after a major disaster such as a fire or hurricane. Human-caused threats to a computer system include viruses, malicious code, and unauthorized access. A virus is a computer program written to cause damage to a system, an application, or data. Malicious code, or malware, is a computer program written to cause a specific action to occur, such as erasing a hard drive. These threats can harm an individual, business, or organization. A vulnerability is a weakness that allows a threat to be realized or to have an effect on an asset. To understand what a vulnerability is, think about lighting a fire. Lighting a fire is not necessarily bad. If you are cooking a meal on a grill, you will need to light a fire in the grill. The grill is designed to contain the fire and should pose no danger if used properly. On the other hand, lighting a fire in a computer data center will likely cause damage. A grill is not vulnerable to fire, but a computer data center is. A threat by itself does not always cause damage; there must be a vulnerability for a threat to be realized. Vulnerabilities can often result in legal liabilities. Any vulnerability that allows a threat to be realized may result in legal action. Since computers must run software to be useful, and since humans write software, software programs inevitably contain errors. Thus, software vendors must protect themselves from the liabilities of their own vulnerabilities with an End-User License Agreement (EULA). A EULA takes effect when the user opens the package and installs the software. All software vendors use EULAs. That means the burden of protecting IT systems and data lies on internal information systems security professionals. The goal and objective of a data classification standard is to provide a consistent definition for how an organization should handle and secure different types of data. Security controls protect different data types. These security controls are within the seven domains of a typical IT infrastructure. Procedures and guidelines must define how to handle data within the seven domains of a typical IT infrastructure to ensure data security. For businesses and organizations under recent compliance laws, data classification standards typically include the following major categories: • Private data—Data about people that must be kept private. Organizations must use proper security controls to be in compliance. • Confidential—Information or data owned by the organization. Intellectual property, customer lists, pricing information, and patents are examples of confidential data. • Internal use only—Information or data shared internally by an organization. Although confidential information or data may not be included, communications are not intended to leave the organization. • Public domain data—Information or data shared with the public such as website content, white papers, and the like. Depending on your organization’s data classification standard, you may need to encrypt data of the highest sensitivity even in storage devices and hard drives. For example, you may need to use encryption and VPN technology when using the public Internet for remote access. But internal LAN communications and access to systems, applications, or data may not require use of encryption. Users may also be restricted from getting to private data of customers and may be able to access only certain pieces of data. Customer service reps provide customer service without getting to all of a customer’s private data. For example, they may not be able to see the customer’s entire Social Security number or account numbers; only the last four digits may be visible. This method of hiding some of the characters of the sensitive data element is called masking. (English for Computer Science Students: учеб. пособие / Сост. Т. В. Смирнова, М. В. Юдельсон; науч. ред. Н. А. Дударева) II. Письменно переведите 5 и 6 абзац. III. Найдите абзац, где выражается основная идея текста. |