Table of contents of Introduction to Information Security, the basic concepts of information securit

Information security mainly includes the following five aspects, that is, to ensure the confidentiality, authenticity, integrity, unauthorized copying of information and the security of the parasitic system. Information security itself includes a wide range of information, including how to prevent the leakage of business enterprise secrets, prevent teenagers from browsing bad information, and the leakage of personal information. The information security system in the network environment is the key to ensuring information security, including computer security operating systems, various security protocols, security mechanisms (digital signatures, message authentication, data encryption, etc.), and security systems, such as UNINAC and DLP, as long as there are security vulnerabilities that can threaten global security.

Information security refers to the protection of information systems (including hardware, software, data, people, physical environment and their infrastructure) from accidental or malicious reasons to be destroyed, changed or leaked, the system continues to operate reliably and normally, information services are not interrupted, and business continuity is finally realized.

The discipline of information security can be divided into two levels: narrow security and broad security, and the narrow sense of security is based on the field of computer security based on cryptography. Information security in a broad sense is a comprehensive discipline, from traditional computer security to information security, not only the name change is also an extension of the development of security, security is a simple technical problem, but the product of the combination of management, technology, law and other issues. This major cultivates senior professionals in information security who can be engaged in the fields of computer, communication, e-commerce, e-government, and e-finance.

<> what is information security.

Information security refers to the technical and managerial security protection adopted for the data processing system to protect computer hardware, software, and data from being destroyed, altered, or revealed due to accidental or malicious reasons. This includes the general idea of the level, in which the computer hardware can be regarded as the physical level, the software can be regarded as the operation level, and then the data level; It also includes the concept of attributes, where destruction is about usability, change is about integrity, and disclosure is about confidentiality.

Cyber security content.

1.Hardware security. That is, the security of network hardware and storage media. It is necessary to protect these hard facilities from damage and be able to work normally.

2.Software Security. That is, the computer and its network all kinds of software will not be tampered with or destroyed, will not be illegally operated or misoperated, and the functions will not be invalidated, and will not be illegally copied.

3.Run the service safely. That is, each information system in the network can operate normally and communicate information through the network normally.

Through the monitoring of the operation status of various devices in the network system, the unsafe factors can be alarmed in time and measures can be taken to change the unsafe state to ensure the normal operation of the network system.

4.Data Security. That is, the security of the data that exists and circulates in the network. It is necessary to protect the data in the network from tampering, illegal addition or deletion, copying, decryption, display, use, etc. It is the most fundamental purpose of ensuring network security.

Introduction to Information Security plays an important role in the overall body of information security expertise. It is a fundamental discipline that aims to help students understand the basic principles, methods and tools of information security. Through Introduction to Information Security, students can learn the basic concepts, basic principles, basic methods, and basic techniques in the field of information security, and be able to apply this knowledge to protect information systems from different forms of attacks.

In addition, Introduction to Information Security can also help students understand the relevant legal, moral, and ethical issues, so that students can properly handle information security issues in practice. Therefore, Introduction to Information Security is an indispensable part of the entire information security professional knowledge system and is a necessary course for learning information security.

1. The principle of efficiency Enterprise informatization is mainly to improve efficiency, provide a basis for decision-making, and increase the possibility of corporate profitability. Information technology has brought a qualitative leap in the operation and management of enterprises, and also provided important support for the direct economic benefits of enterprises. Enterprise information management should be guided by efficiency and not useless work.

2. Key principles Enterprise informatization is a dynamic, step-by-step, throughout the whole life cycle of the enterprise process, we must adhere to the "solid foundation, improve quality, Changyan overall planning, and gradual implementation" of the idea of accompanying Xunkong. Business should start from the overall situation and start from small things; From easy to difficult, phased and step-by-step implementation, focusing on the implementation of information-based financial management system, procurement management information system, marketing management information system, etc. 3. Scientific principles Information planning should be science-oriented, through communication and coordination between various departments, find out the key and breakthrough points of enterprise information construction, and formulate corresponding solutions in combination with their own needs.

And put forward the gradual implementation of the plan and the future information development plan of the enterprise. 4. The principle of application The informatization program is targeted, and enterprises should design their own letters according to their own scale and needs.

The basic principles of information security management include the principle of policy guidance, the principle of risk assessment, the principle of prevention first, the principle of appropriate security, the principle of mature technology, and the principle of normative standards.

Policy guidelines: All information security management activities should be guided by a unified policy.

Risk assessment principle: The formulation of information security management strategy should be based on the results of risk assessment.

The principle of prevention first: in the planning, design, procurement, integration and installation of information systems, information security issues should be considered simultaneously, and no luck or after-the-fact compensation should be made.

The principle of moderate security: to balance the cost of security control and the loss of risk hazards, pay attention to practical results, and reduce the risk to an acceptable level for users, there is no need to pursue absolute, costly security, and in fact, there is no absolute security.

Mature technology principle: try to choose mature technology to get reliable safety assurance. Adopt new technologies with caution and pay attention to their maturity. Envy Town.

Normative principle of standards: The security system should follow a unified operation specification and technical standards to ensure interconnection and interoperability, otherwise, it will form a security island, and there is no unified overall security at all.

The content of information security management

1. Information security risk management: Information security management is to manage information, information carriers and information environment in accordance with security standards and security requirements to achieve security goals. Risk management runs through the entire information system life cycle, including six aspects: background establishment, risk assessment, risk handling, approval supervision, monitoring and review, and communication and consultation.

2. Information security management system: The information security management system is a part of the overall management system, and it is also a system for the organization to establish information security policies and objectives as a whole or within a specific scope, and to complete the methods used to achieve these goals. Based on the understanding of business risks, the information security management system includes a series of management activities such as establishing, implementing, operating, monitoring, maintaining and improving the security of the company, which is a collection of many elements such as organizational structure, policies and strategies, planning activities, goals and principles, personnel and responsibilities, processes and methods, and resources.

3. Information security control measures: Information security control measures are specific means and methods for managing information security risks. Keeping risk within acceptable limits relies on the various security measures deployed by the organization.

A reasonable set of control measures should integrate technical, administrative, physical, legal, administrative and other methods to deter security violators or even criminals, prevent and detect the occurrence of security incidents, and restore the damaged system to its normal state.