【正文】 g bogus Web sites. ? Solutions: Deploy antiphishing software and services and a multilevel authentication system to identify threats and reduce phishing attempts. ? Deploying new tools, technologies, and security procedures, along with educating consumers, increases reliability and customer confidence. ? Demonstrates IT’s role in bating cyber crime. ? Illustrates digital technology as part of a multilevel solution as well as its limitations in overing discouraged consumers. Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall 黑客一詞，原指熱心于計算機技術(shù)，水平高超的電腦專家，尤其是程序設(shè)計人員。 DNS的功能是將網(wǎng)站的域名（如： 格式）轉(zhuǎn)換實際的 IP址（如： 格式），當用戶在瀏覽器中請求訪問一個網(wǎng)站時，他會在其中輸入一個域名，這個域名請求首先會到達最近的一個 DNS，將其解析為對應(yīng)的 IP地址，然后用戶才能得以連接上這個網(wǎng)站。 2022 by Prentice Hall Access Control Technologies and Tools for Security ? Policies and procedures to prevent improper access to systems by unauthorized insiders and outsiders ? Authorization ? Authentication（認證） ? Password systems ? Tokens ? Smart cards ? Biometric authentication Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 表 2 字母倒排序 明文字母 a b c d e f g h i j k l m 密文字母 Z Y X W V U T S R Q P O N 明文字母 n o p q r s t u v w x y z 密文字母 M L K J I H G F E D C B A 例：如果明文 m為“ important”，則密文 C則為“ RNKLIGZMZ”。 ?行業(yè)性 CA有中國金融認證中心（ CFCA）、中國電信認證中心（ CTCA）、中國郵政認證中心、外經(jīng)貿(mào)部 CA等。 2022 by Prentice Hall 下載個人證書 169。 2022 by Prentice Hall ? Recoveryoriented puting ? Designing systems that recover quickly with capabilities to help operators pinpoint and correct of faults in multiponent systems ? Controlling work traffic ? Deep packet inspection (DPI) (video and music blocking) ? Security outsourcing ? Managed security service providers (MSSPs) Ensuring System Availability Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 2022 by Prentice Hall 安裝根證書（ 1） 169。 2022 by Prentice Hall 根 CA 南方電子商務(wù)中心（廣東 CA ） S o u t h e r n E l e c t r o n i c B u s i n e s s C e n t e r C l a s s B C A （湖北） H B E C A 證書 2 證書 3 證書 4 （海南） H N C A 證書 1 CA的樹形結(jié)構(gòu) 169。 2022 by Prentice Hall 例 1 ： Ca e sar （愷撒）密碼，見表 1 。 2022 by Prentice Hall Security Profiles for a Personnel System Figure 73 These two examples represent two security profiles or data security patterns that might be found in a personnel system. Depending on the security profile, a user would have certain restrictions on access to various systems, locations, or data in an anization. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。最典型的網(wǎng)絡(luò)釣魚攻擊將收信人引誘到一個通過精心設(shè)計與目標組織的網(wǎng)站非常相似的釣魚網(wǎng)站上，并獲取收信人在此網(wǎng)站上輸入的個人敏感信息。 2022 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware ? Malware（惡意軟件） ? Viruses（病毒） ? Rogue software program that attaches itself to other software programs or data files in order to be executed ? Worms （蠕蟲） ? Independent puter programs that copy themselves from one puter to other puters over a work. ? Trojan horses（木馬） ? Software program that appears to be benign but then does something other than expected. System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 169。 2022 by Prentice Hall Malicious Software: Viruses, Worms, Trojan Horses, and Spyware ? Malware (cont.) ? Spyware（間諜軟件） ? Small programs install themselves surreptitiously on puters to monitor user Web surfing activity and serve up advertising ? Key loggers ? Record every keystroke on puter to steal serial numbers, passwords, launch Inter attacks System Vulnerability and Abuse Essentials of Business Information Systems Chapter 7 Securing Information Systems 169。 169。 2022 by Prentice Hall Establishing a Framework for Security and Control Essentials of Business Information Systems Chapter 7 Securing Information Systems ? Disaster recovery planning: Devises plans for restoration of disrupted services ? Business continuity planning: Focuses on restoring business operations after disaster ? Both types of plans needed to identify firm’s most critical systems ? Business impact analysis to determine impact of an outage ? Management must determine which systems restored first Disaster Recovery Planning and Business Continuity Planning 169。 表 1 Ca e sar （愷撒）密碼表 明文字母 a b c d e f g h i j k l m 密文字母 D E F G H I J K L M N O P 明文字母 n o p q r s t u v w x y z 密文字母 Q R S T U V W X Y Z A B C 單字母加密方法 例：明文（記做 m）為“ important”， Key=3，則密文（記做 C）則為“ LPSRUWDQW”。 2022 by Prentice Hall 國內(nèi)外 CA中心簡介 國外常見的 CA有 VeriSign、 GTE Cyber Trust、 Thawte等 。 2022 by Prentice Hall 安裝根證書（ 2） 169。 2022 by Prentice Hall ? Software Metrics: Objective assessments of system in form of quantified measurements ? Number of transactions ? Online response time ? Payroll checks printed per hour ? Known bugs per hundred lines of code ? Early and regular testing ? Walkthrough: Review of specification or design document by small group of qualified people ? Debugging: Process by which errors are eliminated Ensuring Software Quality Technologies and Tools for Security Essentials of Business Information Systems Chapter 7 Securing Information Systems 。 2022 by Prentice Hall 申請個人免費證書 169。