信息安全英文演讲

Weknow,informationsecurityissoimportantinourlife.Then,itisnecessarytoknowwhatisinformationsecurity,andhowtoguaranteeit.Informationsecurity———HQYUNNANUNIVERSITYMaincontentsBasicconceptsandprinciples1Securityissuesandthreatens2Securitypolicyandtechnology3Popularfallaciesandstrategies41.Basicconceptsandprinciples•Informationsecuritymeansprotectinginformationandinformationsystemsfromunauthorizedaccess,use,disclosure,disruption,modification,perusal,inspection,recordingordestruction.Threecoreprinciples:confidentiality,integrityandavailability.1.Confidentialityisthetermusedtopreventthedisclosureofinformationtounauthorizedindividualsorsystems.2.Integritymeansthatdatacannotbemodifiedundetectably.3.Availability:Foranyinformationsystemtoserveitspurpose,theinformationmustbeavailablewhenitisneeded.Securityclassificationforinformation•Thetypeofinformationsecurityclassificationlabelsselectedandusedwilldependonthenatureoftheorganisation,lookthefollowingexamples:•1.Inthebusinesssector,labelssuchas:Public,Sensitive,Private,Confidential(保密).•2.Inthegovernmentsector,labelssuchas:Unclassified,SensitiveButUnclassified,Restricted(限制),Confidential(机密),Secret,TopSecret(绝密)andtheirnon-Englishequivalents.•3.Incross-sectoralformations(跨部门的单位),theTrafficLightProtocol,whichconsistsof:White,Green,Amber(黄色)andRed.Threephases•Welearninformationsecuritythroughthreephases:•——datasecurity(emphasisonsecurecommunications)•——networkandinformationsecurityera(emphasisonnetworkenvironment)•——thecurrenteraofinformationassurance(emphasisitcannotbepassiveprotection,theneedforprotection-detection-reaction-restore,fourlinks).2.Securityproblemsandthreatens•Majorproblems•cyberattacksandattackdetection,preventionissues网络攻击与攻击检测、防范问题•securityvulnerabilitiesandsecuritycountermeasuresproblem安全漏洞与安全对策问题•InformationSecurityissues•securityproblemswithinthesystem系统内部安全防范问题•problem防病毒问题•databackupandrecoveryissues,disasterrecoveryissues数据备份与恢复问题、灾难时恢复问题•Securitythreatens•(1)Informationdisclosure:informationisleakedordisclosedtoanon-authorizedentities.•(2)damagetotheintegrityofinformation:dataiscarriedoutunauthorizeddeletion,modificationordestructionandloss.•(3)denialofservice:informationorotherresourcesonthelegalaccessisunconditionallyblocked.•(4)unlawfuluseof(unauthorizedaccess):aresourceisanon-authorizedpersons,orunauthorizeduse.•(5)tapping(窃听):Usingavarietyofpossiblelegalorillegalmeanstostealsysteminformationresourcesandsensitiveinformation.••(6)businessflowanalysis(业务流分析):long-termmonitoringofthesystembyusingthestatisticalmethod,whichfoundvaluableinformationandlaws.•(7)Passing:deceptionthroughcommunicationssystemtoimpersonatealegitimateuserofillegalusers.Mosthackersareusingfakeattack.•(8)Trojanhorse(特洛伊木马):anawareofthesoftwarecontainsnoharmfulblock,whenitisexecuted,willdestroytheuser'ssecurity.ThisapplicationiscalledTrojanhorse.•(9)Computervirus:Acomputersystemisrunningagainstinfectionandfunctionstoachievetheprogram.•(10)Physicalinvasion(物理侵入):tobypassthephysicalcontroloftheintrudertogainaccesstothesystem.•…………Examples•Computerviruses•NetworkWorms网络蠕虫•Pop-Ups插入式网络广告•TrojanHorses特洛伊木马•Spam垃圾电子邮件•PasswordGrabbers密码采集卡•PasswordCrackers密码破解•HijackedHomePages劫持主页DIDYOUKNOW?•In1980acomputercrackeda3-characterpasswordwithinoneminute.•In1999ateamofcomputerscrackeda56-characterpasswordwithinoneday.(一天之内破获56个字符的密码)•In2004acomputervirusinfected1millioncomputerswithinonehour.•AcomputerprogramTellsacomputerwhattodoandhowtodoit.Computerviruses,networkworms,TrojanHorseThesearecomputerprograms.DIFFERENCES1)ComputerVirus:•Needsahostfile2)NetworkWorm:•Nohost(self-contained)•Copiesitself•Executable•Copiesitself•Executable3)TrojanHorse:•Nohost(self-contained)•Doesnotcopyitself•ImposterProgramTYPICALSYMPTOMS–Filedeletion–Filecorruption文件损坏–Visualeffects–Pop-Ups弹出窗口–Erratic(andunwanted)behavior不稳定（和不必要的）的行为–Computercrashes死机WhyDoWeHaveThisProblem?•Softwarecompaniesrushproductstotheconsumermarket(“Noprogramshouldgoonlinebeforeitstime…”)Recyclingoldcodereducesdevelopmenttime,butperpetuates(永存)oldflaws(缺陷).ANDAFEWMOREREASONSMarketshare(占有率)ismoreimportantthansecurityInterface(界面)designismoreimportantthansecurityNewfeaturedesignsaremoreimportantthansecurityEaseofuseismoreimportantthansecurityATrojanHorseexploitscomputerportslettingits“friends”enter,andSecuritypatchesoftenclosecomputerportsandvulnerabilitiesMOREONTHEHORSE…….“onceathiefgetsintoyourhouseheopensarearwindowforhispartners”3.securitypolicyandtechnology•1、SecurityPolicy•2、DGmapdocumentencryption(图文档加密)•3、advancedinformationsecuritytechnology•4、strictsafetymanagement•5、formulatedstrictlawsandregulations(制订严格的法律、法规)•6、secureoperatingsystem•TechnicalOverview（简介）•Securitytechnology,strictlyspeakingonlythreecategories:hiding,accesscontrolandcryptography(密码学).•Currently,morepopulartechnonogiesinthemarketandwhocanrepresentthedirectionoffuturedevelopmentofsecurityproductsgenerallyhavethefollowingcategories:•1.userauthentication(身份认证):thefirstisthesecuritydoor,avarietyofsecuritymeasurescanplayaroleinthepremise,authenticationtechno