成人小说亚洲一区二区三区,亚洲国产精品一区二区三区,国产精品成人精品久久久,久久综合一区二区三区,精品无码av一区二区,国产一级a毛一级a看免费视频,欧洲uv免费在线区一二区,亚洲国产欧美中日韩成人综合视频,国产熟女一区二区三区五月婷小说,亚洲一区波多野结衣在线

立即打開
防范黑客要從公司高層做起

防范黑客要從公司高層做起

Shelley DuBois 2011年07月13日
解決數(shù)字安全問題已經(jīng)不能再只靠IT部門了。企業(yè)高層必須從一開始就參與其中。

????如果一支有電腦行家組建的精銳部隊(duì)想要黑進(jìn)你公司的網(wǎng)絡(luò),他們很可能會(huì)得手。不過,如果就連一個(gè)閑得無聊的菜鳥黑客也能攻陷你的系統(tǒng)的話,這就有問題了。而且這個(gè)問題的根源并不在于公司的技術(shù)薄弱,而在于公司的管理。

????以今年四月份開始索尼公司遭受的一系列黑客入侵為例,標(biāo)槍戰(zhàn)略研究公司(Javelin Strategy & Research)的高級(jí)安全性分析師菲爾?布蘭克指出,索尼遭受的一系列黑客入侵是由一個(gè)叫LulzSec的組織發(fā)起的,這個(gè)組織帶有一些惡作劇性質(zhì),他們使用的黑客手法極為簡單,連高中生都能掌握。

????黑客襲擊事件之后,索尼對(duì)負(fù)責(zé)網(wǎng)絡(luò)安全的管理人員進(jìn)行了換血。今年五月,索尼公司任命原索尼全球解決方案(Sony Global Solutions)總裁酒井文明為公司的代理首席信息安全官——這是索尼被“黑”后新增設(shè)的一個(gè)職位。

????布蘭克表示,許多公司都已經(jīng)設(shè)立了專門負(fù)責(zé)信息安全的高級(jí)職位,這標(biāo)志著他們邁出了重要的第一步。雖說這些負(fù)責(zé)信息安全的管理人員可能無法阻止技術(shù)含量極高的黑客攻擊,但起碼他們可以避免公司出現(xiàn)低級(jí)的安全漏洞。美國電信運(yùn)營商AT&T的首席信息安全官愛德華?阿莫魯索表示,信息安全人員重要的工作,可能就是要把信息安全部門和公司的其他部門整合到一起,而這并不是一個(gè)簡單的任務(wù)。

????像IT員工一樣,信息安全人員也是動(dòng)輒滿口術(shù)語和行話,不僅其他部門的員工聽不懂,許多高管也摸不著頭腦。

????不過可能是出于情勢所迫,現(xiàn)在高管們對(duì)信息安全的術(shù)語也是越來越門兒清了。阿莫魯索說道:“過去6個(gè)月里發(fā)生了一些網(wǎng)絡(luò)攻擊事件,它們甚至動(dòng)搖了某些企業(yè)的根本。網(wǎng)絡(luò)安全性問題無疑已經(jīng)成了一個(gè)上升到董事會(huì)層面的重大問題?!?/p>

????任命了負(fù)責(zé)信息安全的高管后,下一步則是要從每個(gè)項(xiàng)目的一開始,就讓信息安全團(tuán)隊(duì)參與其中。這一點(diǎn)非常重要,尤其是在公司各個(gè)互不相干的分支機(jī)構(gòu)開發(fā)新技術(shù)的時(shí)候。阿莫魯索表示,信息安全專家常常會(huì)在公司的某一個(gè)項(xiàng)目里發(fā)現(xiàn)漏洞,而他們之前甚至根本不知道這個(gè)項(xiàng)目的存在。

????不僅公司的管理層要將信息安全視為頭等要?jiǎng)?wù),信息安全人員本身也要向管理層做出一些妥協(xié),要盡量使自己傳遞的信息變得更加有趣易懂。阿莫魯索表示:“我們都從IT主管那里收到過長達(dá)三頁、措辭嚴(yán)肅的備忘錄??赐觊_頭兩句話,你就不知道它下面說的是什么了。這樣是沒法讓人認(rèn)清問題的?!?/p>

????如果執(zhí)行得力的話,員工的信息安全意識(shí)會(huì)有助于企業(yè)防范一些基本的網(wǎng)絡(luò)攻擊。員工往往會(huì)犯一些低級(jí)的錯(cuò)誤,比如點(diǎn)擊了一個(gè)外部附件,或是點(diǎn)擊了一個(gè)陌生的網(wǎng)址,這樣一來,黑客就有了接觸公司信息的機(jī)會(huì)。

????這些小錯(cuò)也能釀成大禍。一旦黑客侵入系統(tǒng),他們就可以對(duì)系統(tǒng)內(nèi)某些看似不相關(guān)的信息進(jìn)行編譯,比如賬戶、生日和電子郵件地址等,然后對(duì)它們進(jìn)行交叉鏈接,從而發(fā)動(dòng)另一輪相當(dāng)復(fù)雜的攻擊。布蘭克表示:“過去人們可以決定哪些信息是值得保護(hù)的,哪些是不值得保護(hù)的,但是現(xiàn)在這種日子已經(jīng)一去不復(fù)返了?!爆F(xiàn)在任何信息都需要保護(hù)。

????布蘭克還表示,管理人員可以雇傭一些善意的黑客——也就是所謂的“白客”來指點(diǎn)迷津,以避免系統(tǒng)受到某些并非很復(fù)雜的攻擊。這樣可以使技術(shù)人員知道哪些地方有可能出現(xiàn)問題,以免某些惡意的黑客趁虛而入。

????當(dāng)然,沒有什么辦法能保證所有信息都絕對(duì)安全。但企業(yè)只需采取簡單的措施,就可以避免遭受低水平的攻擊。隨著基于網(wǎng)絡(luò)的應(yīng)用程序以及移動(dòng)設(shè)備在企業(yè)中的應(yīng)用越來越廣,信息安全也必將成為管理層經(jīng)常討論的問題。

????譯者:樸成奎

????If a team of mastermind computer experts wants to hack your company's network, it probably will. But if any rookie hacker with some time to kill can crack your system, that's a problem. And the problem doesn't start with poor technology; it starts with management.

????Take, for example, the series of hacks on Sony (SNE) that began in April: they were launched by a prank hacker group called LulzSec, which used a method so simple that a high school kid could master it, says Phil Blank, senior security analyst at Javelin Strategy & Research.

????In response to the attack, Sony revamped its security management. In May, the company appointed Sony Global Solutions president Fumiaki Sakai as acting chief information security officer -- a position the company didn't have before.

????In fact, many companies have created top-level positions for security information officers, and that's an important first step, Blank says. While security officers may not be able to prevent highly sophisticated attacks, they can help protect companies from simple security breaches. Perhaps their most important job, according to Edward Amoroso, AT&T's (T) chief information security officer, is to integrate the security department with the rest of the company, which is no simple task.

????Like IT employees, information security types tend to speak in a somewhat geekier dialect than the rest of a company's rank-and-file, one that can be hard for many executives to understand.

????But, perhaps out of necessity, executives are becoming better versed in security lingo, Amoroso says: "We've seen some attacks in the last six months that have shaken the very foundation of some of the firms involved. There's no question that computer network security is becoming a board-level issue."

????After putting someone in charge of the security effort, the next step is to include the security team in projects from the get-go. This is important, Amoroso says, especially as disparate branches of companies explore new technology. Often, he says, security experts will discover a breach in a project they didn't even know existed.

????While a company's brass must make information security a priority, security personnel also need to meet management half way by making their messages interesting and accessible, Amoroso says. "We've all gotten those serious, three-page memos from some IT administrator, but by the third sentence, you don't know what they're talking about. That's not the way to do awareness."

????If done effectively, employee awareness can help prevent basic attacks. Employees often make simple mistakes like clicking on a foreign attachment or a link with a strange URL, which allows hackers to access a company's information.

????These small mess-ups can cause a disproportionate amount of damage. Once inside the system, hackers can compile seemingly discrete pieces of information -- account numbers, birthdays, email addresses -- and cross-link them to launch fairly complicated attacks, says Blank: "The days are now gone when people could decide what information is worthy of protection and what is not." Instead, you have to protect it all.

????Blank says that managers can help prevent less sophisticated attacks by hiring benevolent, or "white hat," hackers to try to crack the system. This gives the tech staff a heads up to potential problems before they're rooted out by less benevolent hackers.

????There's no way to secure everything, of course, but companies can prevent low-level hacks by taking a few simple steps. And with web-based applications and mobile devices practically de rigeur in the corporate world, security discussions will need to become even more common among the executive set.

掃碼打開財(cái)富Plus App
免费爽A片高清无打码在线观看| 日韩av人人夜夜澡人人爽| 成人国内免费精品视频在线观看| 国产1区2区3区| 国产伦精品一区二区三区| 亚洲欧洲美洲无码精品va| 一级特黄AAA大片在线观看| 特黄熟妇丰满人妻无码| 精品无码国产一区二区三区AVw| 久久av免费天堂小草播放| 国产人妖性一区二区| 亚洲天堂在线观看视频网站| 一级一级女人18毛片| 亚洲综合色自拍一区| 国产一区二区精品九九| 日韩欧美精品在线观看| 亚洲精华国产精华精华好用吗| 精品亚洲成a人无码成a在线观看| 天堂Aⅴ无码一区二区三区| 麻豆国产精品VA在线观看不卡| 国内精品免费视频精选在线观看| 国产激情视频免费播放| 成年美女黄网站色大片不卡| 无码av高潮喷水无码专区线| 99久热RE在线精品99 6热视频| 日本国产一区二区三区在线观看| 忘忧草在线影院www日本韩国| 亚洲国产成人精品久久久国产| 日韩欧美狼一区二区三区免费观看| 国产一区二区三区精品视频| 亚洲国产精品三级片∧v卡在线| 国产清纯美女遭强到高潮| 真人无码一区二区三区| 日韩AV激情在线观看| 欧美日韩视频一区二区三区。| AV无码久久久久不卡蜜桃| 国产又黄又粗又色又爽| 久草福利在线视频| 美国一级aⅤ一区二区在线| 午夜亚洲AⅤ无码高潮片苍井空| 最近2024中文字幕大全视频一页|