Questions Which security services can be provided by the cryptography techniques Why? 復大软件学院
17 Questions • Which security services can be provided by the cryptography techniques? • Why?
Other Terminologies Vulnerability weakness in security system Threat a set of circumstances with potential to cause harm · for example wall, crack(vulnerability), water(threat), person Attack-exploit of a vulnerability Contro/-action, device, procedure or technique that removes or reduces vulnerability Threat blocked by control of a vulnerability 18 復大软件学院
18 Other Terminologies • Vulnerability – weakness in security system • Threat – a set of circumstances with potential to cause harm • for example – wall, crack (vulnerability), water (threat), person • Attack – exploit of a vulnerability • Control – action, device, procedure or technique that removes or reduces vulnerability • Threat blocked by control of a vulnerability
Content What is Information Security Security policy A brief history of Info sec Threats Attacks and Defenses 19 復大软件学院
19 Content • What is “Information Security” – Security policy • A brief history of Info sec • Threats、Attacks and Defenses
信息安全理念 口安全不是纯粹的技术问题,是一项复杂的 系统工程—信息安全工程论 口安仝是策略,技术与管理的综合 安全策略 安全技术 管理政策法规 组织人才 復大软件学院
20 信息安全理念 安全不是纯粹的技术问题,是一项复杂的 系统工程—信息安全工程论 安全是策略,技术与管理的综合 组织人才 政策法规 安全技术 安全策略 管理
正确理解安全理念 ·两对“舍与得” Access Security Connectivity Authentication Performance Authorization Ease of use Accounting Manageability Assurance Confidentiality Availability Data Integrity 安全策略管理 21 復大软件学院
21 正确理解安全理念 Authentication Authorization Accounting Assurance Confidentiality Data Integrity 安全策略管理 Connectivity Performance Ease of Use Manageability Availability Access Security • 两对“舍与得