-
Information security. Information security mainly includes the following five aspects, that is, to ensure the confidentiality, authenticity, integrity, unauthorized copying of information and the security of the parasitic system. Information security itself includes a wide range of information, including how to prevent the leakage of business enterprise secrets, prevent teenagers from browsing bad information, and the leakage of personal information.
The information security system in the network environment is the key to ensuring information security, including computer security operating systems, various security protocols, security mechanisms (digital signatures, message authentication, data encryption, etc.), and security systems, such as UNINAC and DLP, as long as there are security vulnerabilities that can threaten global security. Information security refers to the protection of information systems (including hardware, software, data, people, physical environment and their infrastructure) from accidental or malicious reasons to be destroyed, changed or leaked, the system continues to operate reliably and normally, information services are not interrupted, and business continuity is finally realized.
The discipline of information security can be divided into two levels: narrow security and broad security, and the narrow sense of security is based on the field of computer security based on cryptography. Information security in a broad sense is a comprehensive discipline, from traditional computer security to information security, not only the name change is also an extension of the development of security, security is a simple technical problem, but the product of the combination of management, technology, law and other issues. This major cultivates senior professionals in information security who can be engaged in the fields of computer, communication, e-commerce, e-government, and e-finance.
-
Public security industry standards of the People's Republic of China.
The public security industry standards of the People's Republic of China stipulate the principles for the classification of special products for computer information system security.
This standard stipulates the classification principles for special products for computer information system security. This standard is applicable to special products for the protection of computer information system security, involving three aspects: physical security, operational security and information security. Physical security includes three aspects: environmental security, equipment security and security.
Operational security includes four aspects: risk analysis, audit trail, backup and recovery, and emergency response. Information security includes seven aspects: operating system security, database security, network security, virus protection, access control, encryption and authentication.
-
1. Physical security mainly includes environmental security, equipment security and security.
2. Operational safety mainly includes backup and recovery, virus detection and elimination, and electromagnetic compatibility;
3. Information security;
4. Security and confidentiality management.
-
The five characteristics of information security are:
1. Integrity
It refers to the characteristics of non-modification, non-destruction and non-loss of information in the process of transmission, exchange, storage and processing, that is, to maintain the original nature of the information, so that the information can be correctly generated, stored and transmitted, which is the most basic security feature.
2. Confidentiality
It refers to the characteristic that the information is not disclosed to unauthorized persons, entities or processes according to the given requirements, or provides its use, that is, it prevents the leakage of useful information to unauthorized individuals or entities, and emphasizes the characteristics that useful information is only used by authorized objects.
3. Availability
It refers to the characteristics that network information can be correctly accessed by authorized entities and can be used normally or resumed under abnormal circumstances as required, that is, the required information can be correctly accessed when the system is running, and can be quickly recovered and put into use when the system is attacked or damaged. Usability is a measure of the user-facing security performance of a network information system.
4. Non-repudiation
It means that in the process of information exchange, the two parties are convinced that the participants themselves and the true identity of the information provided by the participants are the same, that is, it is impossible for all participants to deny or deny their true identity, as well as the originality of the information provided and the completed operations and commitments.
5. Controllability
It refers to the characteristics that can effectively control the information transmission and specific content circulating in the network system, that is, any information in the network system should be controllable within a certain transmission range and storage space. In addition to the conventional form of monitoring of transmission sites and transmission content, the most typical escrow policies such as passwords, when the encryption algorithm is managed by a third party, must be strictly implemented in accordance with the regulations.
Principles of Information Security:Being granted only the appropriate permissions to access the information is known as the principle of minimization. The "right to know" of sensitive information must be restricted, which is a kind of restrictive openness under the premise of "satisfying the needs of work".
The principle of minimization can be subdivided into the principles of what is necessary and what is necessary.
2. The principle of separation of powers and checks and balances: In the information system, all the authorities should be appropriately divided, so that each authorized subject can only have a part of the authority, so that they can restrain and supervise each other, and jointly ensure the security of the information system. If the authority assigned by an authorized entity is too large and no one supervises and restricts it, it implies the potential safety hazards of "abuse of power" and "one-of-a-kind promise".
3. The principle of security isolation: isolation and control are the basic methods to achieve information security, and isolation is the basis for control. One of the basic strategies of information security is to separate the subject and object of information, and implement the subject's access to the object under the premise of controllability and security according to a certain security policy.
On the basis of these basic principles, people also summarize some implementation principles in the process of production practice, which are the concrete embodiment and expansion of the basic principles.
-
1. Confidentiality.
Also known as confidentiality, it is the property of not leaking useful information to unauthorized users. It can be used through information encryption, identity authentication, access control, and secure communication protocols.
Information encryption is the most basic means to prevent illegal leakage of information, mainly emphasizing the characteristics that useful information is only used by authorized objects.
2. Integrity.
It refers to the characteristics that keep information from being destroyed or modified, not lost, and cannot be changed without authorization in the process of information transmission, exchange, storage and processing, and is also the most basic security feature.
3. Availability
Also known as validity, it refers to the characteristic that an information resource can be accessed by authorized entities as required, used normally, or resumed under abnormal circumstances (security features of the system's user-facing services). Properly access the information you need while your system is running, so you can quickly recover and be operational if your system is accidentally attacked or compromised. It is a measure of the security performance of the network information system for users, so as to ensure the provision of services for users.
4. Controllability.
It refers to the degree of controllability of network systems and information in the transmission range and storage space. It is the ability to control network systems and information transmission.
5. Non-repudiation.
Also known as denial and anti-repudiation, it refers to the fact that in the process of information exchange, the two parties to the network communication are convinced that the participants themselves and the information provided are true and identical.
That is, all participants shall not deny or deny their true identity, as well as the originality of the information provided and the completed operations and commitments.
Information security itself includes a wide range of confidential security, such as national military and political security, and a small scope, of course, including preventing the leakage of commercial enterprise secrets, preventing young people from browsing bad information, and leaking personal information. The information security system in the network environment is the key to ensure information security, including computer security operating system, various security protocols, security mechanisms (digital signature, information authentication, data encryption, etc.), and even the security system, any one of which can threaten the global security. Information security services should at least include the basic theories that support information network security services, as well as the network security service architecture based on the new generation of information network architecture. >>>More
The main threats to information system security are: >>>More
Here are a few ways to avoid security risks in the information communication process:1Transmission of sensitive information using encryption: >>>More
There are many information security companies in Beijing and Shanghai, and the national capital injection generally only requires graduate students or above, and if the technology is good, you can go to 360, Venustech, NSFOCUS, etc., and you can go to large companies involving the information security department, and you can go to Tencent, Renren, ARM also has, no matter how bad it is, go to some database maintenance for others, do operation and maintenance, etc., major software companies, Neusoft, Beisoft, Chinasoft or something, Neusoft has a network security division, and then you can go to the ** information security department, You can go to the National Security Bureau (generally there is no chance), the Public Security Bureau Cyber Police, and then the research institutes, a good research institute will require a doctoral diploma, and finally, it takes a lot of people to go to any IT department to be a programmer. Salary,A person with very good technology,I've seen the annual salary to more than 200,000,It's said that everyone's monthly salary is tens of thousands,**6000 or more,There are 8,000,Tencent's words I don't know,It should be given more,Generally speaking, the average is more than 5,000,This thing looks at the average use,Look at your strength,Enterprises specializing in information security,It seems that more needs talents in the underlying language。 That's probably all I know.
At present, learning computer science is still very good and good employment, computer is divided into many majors such as graphic design, UI design, Internet marketing, e-sports, animation, are very good employment majors, choose your favorite major.