UNIT 1
Ex. 1. Read and translate the text.
Information security [1]
Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security industry standards, as mechanisms of protection and prevention1, at three levels: physical, personal and organizational. Essentially, procedures or policies are used to tell people (administrators, users and operators) how to use products to ensure information security within the organizations.
Information security means protecting information and information systems from unauthorized access2 use, disclosure3, disruption4, modification, recording or destruction.
The terms information security and computer security and information assurance are frequently incorrectly used interchangeably5. However, there are some subtle differences between them.
Information security is concerned with6 the confidentiality, integrity and availability of data regardless of7 the form the data may take: electronic, print, or other forms.
Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer.
Governments, corporations, financial and social institutions amass8 a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should9 confidential information about a business‟ customers or finances or new product line fall into the hands of a competitor, such a breach10 of security could lead to lost business, law suits11 or even bankruptcy of the business.
The field of information security has grown and evolved12 significantly in recent years. It offers many areas for specialization including: securing network(s) and allied infrastructure, securing applications and databases, security testing, information systems auditing, business continuity planning and digital forensics13 science, etc.
Now let us consider the three components of the information security more closely. Information Security Components (or qualities) are Confidentiality, Integrity and Availability (CIA).
Confidentiality
Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. For example, a credit card transaction on the Internet requires the credit card number to be transmitted from the buyer to the merchant and further to a transaction processing network. The system attempts to enforce confidentiality by encrypting14 the card number during transmission, by limiting the places where it might appear (in databases, log files, backups, printed receipts, and so on), and by restricting access15 to the places where it is stored. If an unauthorized party obtains the card number in any way, it will result in a breach of confidentiality.
Breaches of confidentiality take many forms. If someone looks over your shoulder at your computer screen while you have confidential data displayed on it, it is a breach of confidentiality. If a laptop computer containing sensitive16 information is stolen or sold, it is also a breach of confidentiality.
Integrity
In information security, integrity means that data cannot be modified undetectably17. Integrity is violated when a message is actively modified in transit. Information security systems typically provide message integrity in addition to data confidentiality.
Availability
For any information system to serve its purpose, the information must be available when it is needed. This means that the computing systems used to store and process the information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly.
High availability systems aim to remain available at all times, preventing service disruptions due to power outages18, hardware failures, and system upgrades. Ensuring availability also involves preventing denial-of-service19 attacks.
NOTES
|
prevention – предотвращение unauthorized access – несанкционированный доступ disclosure– раскрытие disruption – повреждение interchangeably – взаимозаменяемо to be concerned with – касаться (чего-либо) regardless of – несмотря на amass – накапливать, собирать Should … – зд. в случае если breach – прорыв, нарушение, повреждение |
evolve – эволюционировать, развивать digital forensics – цифровая криминалистика encrypt – зашифровывать restrict access – ограничить (закрыть) доступ sensitive – зд. важный, секретный undetectably – незаметно power outage – перебой в энергоснабжении denial-of-service – отказ в обслуживании |
11) law suits – судебные иски
Ex. 2. Match pairs of synonyms in the columns below.
|
frequently incorrect customer products collect display detect store encrypt remain |
stay amass show find keep wrong encode often I. client J. goods |
Стандарты индустрии информационной безопасности; разделять общие цели; обеспечить доступность и корректную работу; попасть в руки конкурентов; онлайн-транзакции по кредитным картам; целостность ссылок в базах данных; конфиденциальная информация о сотрудниках; сбой аппаратного обеспечения.
Ex. 4. Learn the following expressions by heart.
To protect information; to implement a procedure; to intercept a message; sensitive information; hardware failure; classification system; military headquarters; to destroy a document; secret message; law suits; to trust a person; to achieve goals; according to the document; deciphering department; to look over the shoulder; to steel information.