【正文】 ring Information Systems 169。 2022 by Prentice Hall Packet Switched Leased Line Workgroup 廣域網(wǎng) INTERNET Hub局域網(wǎng) PC殺毒軟件 SERVER殺毒軟件 殺毒防火墻 PC殺毒軟件 遠(yuǎn)程工作站 網(wǎng)絡(luò)防毒手段 169。 2022 by Prentice Hall 例 2 ：將字母倒排序，見(jiàn)表 2 。 2022 by Prentice Hall 認(rèn)證中心 (CA) 什么是認(rèn)證中心？ 認(rèn)證中心是進(jìn)行網(wǎng)上安全電子交易認(rèn)證服務(wù)、簽發(fā)數(shù)字證書、確認(rèn)用戶身份的服務(wù)機(jī)構(gòu)。 2022 by Prentice Hall 我國(guó)的認(rèn)證中心 ?我國(guó)的 CA又可分為行業(yè)性 CA和區(qū)域性 CA兩大類。 2022 by Prentice Hall 169。 2022 by Prentice Hall 申請(qǐng)個(gè)人免費(fèi)證書 169。 2022 by Prentice Hall 公開(kāi)密鑰基礎(chǔ)設(shè)施（ PKI） ? 公鑰基礎(chǔ)設(shè)施（ PKI）是利用公鑰密碼理論和技術(shù)建立的提供安全服務(wù)的基礎(chǔ)設(shè)施，是指一系列基礎(chǔ)服務(wù)，主要用來(lái)支持以公開(kāi)密鑰為基礎(chǔ)的數(shù)字簽名和加密技術(shù)的廣泛應(yīng)用。 2022 by Prentice Hall ? Software Metrics: Objective assessments of system in form of quantified measurements ? Number of transactions ? Online response time ? Payroll checks printed per hour ? Known bugs per hundred lines of code ? Early and regular testing ? Walkthrough: Review of specification or design document by small group of qualified people ? Debugging: Process by which errors are eliminated Ensuring Software Quality Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems 。 2022 by Prentice Hall 發(fā)送加密郵件 169。 2022 by Prentice Hall 安裝根證書（ 2） 169。 2022 by Prentice Hall CFCA 是全國(guó)惟一的金融根認(rèn)證中心 ， 由中國(guó)人民銀行負(fù)責(zé)統(tǒng)一規(guī)劃管理 ， 中國(guó)工商銀行 、 中國(guó)銀行 、中國(guó)農(nóng)業(yè)銀行 、 中國(guó)建設(shè)銀行 、 交通銀行 、 招商銀行 、中信實(shí)業(yè)銀行 、 華夏銀行 、 廣東發(fā)展銀行 、 深圳發(fā)展銀行 、 光大銀行 、 民生銀行和福建興業(yè)銀行共十三家商業(yè)銀行聯(lián)合建設(shè) ， 由銀行卡信息交換總中心承建 ，建立了 SETCA系統(tǒng) ， 于 2022年 6月 29日正式開(kāi)始為全國(guó)的用戶提供證書服務(wù) 。 2022 by Prentice Hall 國(guó)內(nèi)外 CA中心簡(jiǎn)介 國(guó)外常見(jiàn)的 CA有 VeriSign、 GTE Cyber Trust、 Thawte等 。 2022 by Prentice Hall ? Digital certificate（數(shù)字證書） : ? Data file used to establish the identity of users and electronic assets for protection of online transactions ? Uses a trusted third party, certification authority (CA), to validate a user’s identity ? CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key ? Public key infrastructure (PKI) ? Use of public key cryptography working with certificate authority ? Widely used in emerce Encryption and Public Key Infrastructure Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 表 1 Ca e sar （愷撒）密碼表 明文字母 a b c d e f g h i j k l m 密文字母 D E F G H I J K L M N O P 明文字母 n o p q r s t u v w x y z 密文字母 Q R S T U V W X Y Z A B C 單字母加密方法 例：明文（記做 m）為“ important”， Key=3，則密文（記做 C）則為“ LPSRUWDQW”。 ServerI n t e r ne t內(nèi)部網(wǎng)防火墻 169。 2022 by Prentice Hall Establishing a Framework for Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems ? Disaster recovery planning: Devises plans for restoration of disrupted services ? Business continuity planning: Focuses on restoring business operations after disaster ? Both types of plans needed to identify firm’s most critical systems ? Business impact analysis to determine impact of an outage ? Management must determine which systems restored first Disaster Recovery Planning and Business Continuity Planning 169。 2022 by Prentice Hall Software Vulnerability System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems ? Commercial software contains flaws that create security vulnerabilities ? Hidden bugs (program code defects) ? Zero defects cannot be achieved because plete testing is not possible with large programs ? Flaws can open works to intruders ? Patches ? Vendors release small pieces of software to repair flaws ? However, amount of software in use can mean exploits created faster than patches be released and implemented 169。 169。 169。 2022 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware ? Malware (cont.) ? Spyware（間諜軟件） ? Small programs install themselves surreptitiously on puters to monitor user Web surfing activity and serve up advertising ? Key loggers ? Record every keystroke on puter to steal serial numbers, passwords, launch Inter attacks System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall Why Systems Are Vulnerable ? Hardware problems ? Breakdowns, configuration errors, damage from improper use or crime ? Software problems ? Programming errors, installation errors, unauthorized changes ? Disasters ? Power failures, flood, fires, etc. ? Use of works and puters outside of firm’s control ? . with domestic or offshore outsourcing vendors System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 169。 and operational adherence to management standards Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware ? Malware（惡意軟件） ? Viruses（病毒） ? Rogue software program that attaches itself to other software programs or data files in order to be executed ? Worms （蠕蟲） ? Independent puter programs that copy themselves from one puter to other puters over a work. ? Trojan horses（木馬） ? Software program that appears to be benign but then does something other than expected. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。這些人做的事情更多的是破解商業(yè)軟件、惡