成人小说亚洲一区二区三区,亚洲国产精品一区二区三区,国产精品成人精品久久久,久久综合一区二区三区,精品无码av一区二区,国产一级a毛一级a看免费视频,欧洲uv免费在线区一二区,亚洲国产欧美中日韩成人综合视频,国产熟女一区二区三区五月婷小说,亚洲一区波多野结衣在线

????如果一支有電腦行家組建的精銳部隊(duì)想要黑進(jìn)你公司的網(wǎng)絡(luò)，他們很可能會得手。不過，如果就連一個閑得無聊的菜鳥黑客也能攻陷你的系統(tǒng)的話，這就有問題了。而且這個問題的根源并不在于公司的技術(shù)薄弱，而在于公司的管理。

????以今年四月份開始索尼公司遭受的一系列黑客入侵為例，標(biāo)槍戰(zhàn)略研究公司（Javelin Strategy & Research）的高級安全性分析師菲爾?布蘭克指出，索尼遭受的一系列黑客入侵是由一個叫LulzSec的組織發(fā)起的，這個組織帶有一些惡作劇性質(zhì)，他們使用的黑客手法極為簡單，連高中生都能掌握。

????黑客襲擊事件之后，索尼對負(fù)責(zé)網(wǎng)絡(luò)安全的管理人員進(jìn)行了換血。今年五月，索尼公司任命原索尼全球解決方案（Sony Global Solutions）總裁酒井文明為公司的代理首席信息安全官——這是索尼被“黑”后新增設(shè)的一個職位。

????布蘭克表示，許多公司都已經(jīng)設(shè)立了專門負(fù)責(zé)信息安全的高級職位，這標(biāo)志著他們邁出了重要的第一步。雖說這些負(fù)責(zé)信息安全的管理人員可能無法阻止技術(shù)含量極高的黑客攻擊，但起碼他們可以避免公司出現(xiàn)低級的安全漏洞。美國電信運(yùn)營商AT&T的首席信息安全官愛德華?阿莫魯索表示，信息安全人員重要的工作，可能就是要把信息安全部門和公司的其他部門整合到一起，而這并不是一個簡單的任務(wù)。

????像IT員工一樣，信息安全人員也是動輒滿口術(shù)語和行話，不僅其他部門的員工聽不懂，許多高管也摸不著頭腦。

????不過可能是出于情勢所迫，現(xiàn)在高管們對信息安全的術(shù)語也是越來越門兒清了。阿莫魯索說道：“過去6個月里發(fā)生了一些網(wǎng)絡(luò)攻擊事件，它們甚至動搖了某些企業(yè)的根本。網(wǎng)絡(luò)安全性問題無疑已經(jīng)成了一個上升到董事會層面的重大問題。”

????任命了負(fù)責(zé)信息安全的高管后，下一步則是要從每個項(xiàng)目的一開始，就讓信息安全團(tuán)隊(duì)參與其中。這一點(diǎn)非常重要，尤其是在公司各個互不相干的分支機(jī)構(gòu)開發(fā)新技術(shù)的時候。阿莫魯索表示，信息安全專家常常會在公司的某一個項(xiàng)目里發(fā)現(xiàn)漏洞，而他們之前甚至根本不知道這個項(xiàng)目的存在。

????不僅公司的管理層要將信息安全視為頭等要務(wù)，信息安全人員本身也要向管理層做出一些妥協(xié)，要盡量使自己傳遞的信息變得更加有趣易懂。阿莫魯索表示：“我們都從IT主管那里收到過長達(dá)三頁、措辭嚴(yán)肅的備忘錄?？赐觊_頭兩句話，你就不知道它下面說的是什么了。這樣是沒法讓人認(rèn)清問題的?！?/p>

????如果執(zhí)行得力的話，員工的信息安全意識會有助于企業(yè)防范一些基本的網(wǎng)絡(luò)攻擊。員工往往會犯一些低級的錯誤，比如點(diǎn)擊了一個外部附件，或是點(diǎn)擊了一個陌生的網(wǎng)址，這樣一來，黑客就有了接觸公司信息的機(jī)會。

????這些小錯也能釀成大禍。一旦黑客侵入系統(tǒng)，他們就可以對系統(tǒng)內(nèi)某些看似不相關(guān)的信息進(jìn)行編譯，比如賬戶、生日和電子郵件地址等，然后對它們進(jìn)行交叉鏈接，從而發(fā)動另一輪相當(dāng)復(fù)雜的攻擊。布蘭克表示：“過去人們可以決定哪些信息是值得保護(hù)的，哪些是不值得保護(hù)的，但是現(xiàn)在這種日子已經(jīng)一去不復(fù)返了。”現(xiàn)在任何信息都需要保護(hù)。

????布蘭克還表示，管理人員可以雇傭一些善意的黑客——也就是所謂的“白客”來指點(diǎn)迷津，以避免系統(tǒng)受到某些并非很復(fù)雜的攻擊。這樣可以使技術(shù)人員知道哪些地方有可能出現(xiàn)問題，以免某些惡意的黑客趁虛而入。

????當(dāng)然，沒有什么辦法能保證所有信息都絕對安全。但企業(yè)只需采取簡單的措施，就可以避免遭受低水平的攻擊。隨著基于網(wǎng)絡(luò)的應(yīng)用程序以及移動設(shè)備在企業(yè)中的應(yīng)用越來越廣，信息安全也必將成為管理層經(jīng)常討論的問題。

????譯者：樸成奎

????If a team of mastermind computer experts wants to hack your company's network, it probably will. But if any rookie hacker with some time to kill can crack your system, that's a problem. And the problem doesn't start with poor technology; it starts with management.

????Take, for example, the series of hacks on Sony (SNE) that began in April: they were launched by a prank hacker group called LulzSec, which used a method so simple that a high school kid could master it, says Phil Blank, senior security analyst at Javelin Strategy & Research.

????In response to the attack, Sony revamped its security management. In May, the company appointed Sony Global Solutions president Fumiaki Sakai as acting chief information security officer -- a position the company didn't have before.

????In fact, many companies have created top-level positions for security information officers, and that's an important first step, Blank says. While security officers may not be able to prevent highly sophisticated attacks, they can help protect companies from simple security breaches. Perhaps their most important job, according to Edward Amoroso, AT&T's (T) chief information security officer, is to integrate the security department with the rest of the company, which is no simple task.

????Like IT employees, information security types tend to speak in a somewhat geekier dialect than the rest of a company's rank-and-file, one that can be hard for many executives to understand.

????But, perhaps out of necessity, executives are becoming better versed in security lingo, Amoroso says: "We've seen some attacks in the last six months that have shaken the very foundation of some of the firms involved. There's no question that computer network security is becoming a board-level issue."

????After putting someone in charge of the security effort, the next step is to include the security team in projects from the get-go. This is important, Amoroso says, especially as disparate branches of companies explore new technology. Often, he says, security experts will discover a breach in a project they didn't even know existed.

????While a company's brass must make information security a priority, security personnel also need to meet management half way by making their messages interesting and accessible, Amoroso says. "We've all gotten those serious, three-page memos from some IT administrator, but by the third sentence, you don't know what they're talking about. That's not the way to do awareness."

????If done effectively, employee awareness can help prevent basic attacks. Employees often make simple mistakes like clicking on a foreign attachment or a link with a strange URL, which allows hackers to access a company's information.

????These small mess-ups can cause a disproportionate amount of damage. Once inside the system, hackers can compile seemingly discrete pieces of information -- account numbers, birthdays, email addresses -- and cross-link them to launch fairly complicated attacks, says Blank: "The days are now gone when people could decide what information is worthy of protection and what is not." Instead, you have to protect it all.

????Blank says that managers can help prevent less sophisticated attacks by hiring benevolent, or "white hat," hackers to try to crack the system. This gives the tech staff a heads up to potential problems before they're rooted out by less benevolent hackers.

????There's no way to secure everything, of course, but companies can prevent low-level hacks by taking a few simple steps. And with web-based applications and mobile devices practically de rigeur in the corporate world, security discussions will need to become even more common among the executive set.