本文共 4182 字,大约阅读时间需要 13 分钟。
cia和cci
Confidentiality, Integrity, and Availability or the CIA triad is the most fundamental concept in cyber security. It serves as guiding principles or goals for information security for organizations and individuals to keep information safe from prying eyes.
机密性,完整性和可用性或CIA三合会是网络安全中最基本的概念。 它充当组织和个人信息安全的指导原则或目标,以防止信息被他人窥视。
Confidentiality is about ensuring access to data is restricted to only the intended audience and not others. As you may expect, the more sensitive the information is, the more stringent the security measures should be. Many privacy laws rely on confidentiality security controls to enforce legal requirements.
机密性是关于确保对数据的访问仅限于目标受众,而不是其他受众。 如您所料,信息越敏感,安全措施应越严格。 许多隐私法都依靠机密性安全控制来执行法律要求。
Some measures to keep information confidential are:
对信息保密的一些措施是:
Integrity refers to maintaining the accuracy, and completeness of data. In other words, it is about protecting data from being modified by unauthorized parties, accidentally by authorized parties, or by non-human-caused events such as electromagnetic pulse or server crash. For example, a hacker may intercept data and modify it before sending it on to the intended recipient.
完整性是指保持数据的准确性和完整性。 换句话说,这是关于防止数据被未经授权的一方,未经授权的一方意外地修改或防止由于非人为原因的事件(例如电磁脉冲或服务器崩溃)而被修改。 例如,黑客可能会拦截数据并对其进行修改,然后再将其发送给预期的收件人。
Measures to maintain the integrity of information include:
维护信息完整性的措施包括:
Lastly, information must be available when it is needed. To ensure high data availability, you must maintain a correctly functioning hardware and software and provide adequate bandwidth. But these measures alone are not enough because there are external forces at play; data availability can further be compromised by:
最后,必须在需要时提供信息。 为确保高数据可用性,您必须维护功能正常的硬件和软件并提供足够的带宽。 但是仅凭这些措施是不够的,因为有外部力量在起作用。 数据可用性可能会进一步受到以下因素的影响:
DoS, for example, might be employed by a rival company to break your website so that its own website becomes more popular.
例如,竞争对手可能会使用DoS破坏您的网站,以便其自己的网站变得更加流行。
Measures to mitigate threats to availability include:
减轻可用性威胁的措施包括:
Big data is especially challenging to the CIA paradigm because of the ever increasing amount of data that needs to be safeguarded. As technology advances, more devices are adding to the increasing stream of data in a variety of different formats. Also, because the main goal of handling big data is often to collect and make interpretations with all of the information, responsible oversight can be a secondary concern.
大数据对于CIA范式尤其具有挑战性,因为需要保护的数据量不断增加。 随着技术的进步,越来越多的设备以各种不同的格式添加到不断增加的数据流中。 另外,由于处理大数据的主要目标通常是收集所有信息并进行解释,因此负责任的监督可能是次要的问题。
Internet of Things privacy and security is particularly challenging. Every year there are more internet-enabled devices on the market, which can remain unpatched or use weak passwords. While many devices don't transmit particularly sensitive information, it's possible for an attacker gather enough information from each endpoint, analyze it, and potentially reveal information you would rather keep private.
物联网的隐私和安全性尤其具有挑战性。 每年市场上都会有更多启用互联网的设备,这些设备可以保持未打补丁状态或使用弱密码。 尽管许多设备不会传输特别敏感的信息,但攻击者有可能从每个端点收集足够的信息,进行分析,并可能泄露您宁愿保密的信息。
Other than the CIA triad, there are also other frequently recurring themes in information security:
除了CIA三合会之外,信息安全中还有其他经常出现的主题:
翻译自:
cia和cci
转载地址:http://iduzd.baihongyu.com/