[computer level 3 information security] overview of information security assurance

1、 The emergence and development of information technology , It has roughly experienced the following three stages ：
The first stage , The invention of telecommunication technology （ Telegraph and telephone 、 The radio 、 The TV ）
The second stage , The development of computer technology （ Turing machine theory 、 Von Neumann architecture 、 The integrated circuit 、 Large scale integrated circuit computer ）
The third stage , Use of the Internet （ARPAnet、TCP/IP agreement 、 The Internet ）

2、 The negative impact of information technology :
Information flooding 、 Information pollution 、 Information crime

3、 Information security development stage ：

• Communication security phase
  Contemporary information security originated from 20 century 40 Communication confidentiality in the s . During this period , People are mainly concerned about the security of information in the communication process , namely “ Confidentiality ”.
  1949 Shannon published 《 Communication theory of secure system 》, First of all, the issue of information confidentiality is comprehensively discussed from the perspective of information theory .

• Computer security phase
  20 century 60 Age and 70 years , The concept of computer security began to be gradually implemented .
  1965 In, the United States first proposed computer security （COMPUSEC）. At this time, computers are mainly used in the military ,1969 Year of Ware The report initially raised the problem of computer security and its evaluation .
  20 century 70 The S is the founding era of computer security .
  20 century 80 A landmark feature of the S is the standardization of computer security .

• Information security stage
  20 century 90 After the age
  Main concern “ early warning 、 Protect 、 testing 、 Respond to 、 recovery 、 counterattack ” The whole process

4、 Modern information security mainly includes ：
（ One ） Safety of operating system , Including strict and scientific management , Such as the organization and management of information network system 、 To supervise and inspect ; Establishment of rules and regulations 、 Implement and improve ; The sense of responsibility of managers 、 Foresight 、 Vigilance, etc ; law 、 Policy protection , Such as whether the user has legal rights , Whether the policy allows... Etc ; Physical control security , If the machine room is locked 、 Line safety 、 Suitable environment ; Hardware operation safety ; Operating system security , Such as whether the data file is protected ; disasters 、 Fault recovery ; Deadlock avoidance and release ; Prevent electromagnetic information leakage, etc .
（ Two ） Security of system information , Including user password authentication ; User access control ; Data access rights 、 Mode control ; Audit trail ; Data encryption, etc .

5、 The basic attribute of information security ：
integrity 、 Confidentiality 、 Usability 、 Controllability 、 Non repudiation ( Non repudiation )

6、 Information security technology
（1） Core basic security technology （ Mainly including cryptography ）;
（2） Security infrastructure technology （ Identification and certification technology 、 Authorization and access control technology ）;
（3） Infrastructure security technology （ Host system security technology 、 Network system security technology, etc ）;
（4） Apply security technology （ Network and system security attack technology 、 Network and system security protection and response technology 、 Safety audit and responsibility identification technology 、 Malicious code detection and Prevention Technology ）;
（5） Support safety technology （ Information security evaluation technology 、 Information security management technology ）

7、P2DR Security model ：
P2DR The model is the United States ISS The representative model of dynamic network security system proposed by the company , It consists of four main parts ： Strategy （Policy）、 protective （Protection）、 testing （Detection） And response （Response）.

8、 Information security technology framework IAFT
IATF The core idea of information security is Defense in depth strategy . Defense in depth strategy is to adopt a multi-level 、 In depth security measures to protect user information and information system security . In defense in depth strategy , personnel 、 Technology and operation There are three main core factors

Defense in depth strategies prevent attacks that can break through a layer or a class of protection from destroying the entire information infrastructure .

IATF Four technical framework focus areas ：
① Protect the local computing environment ;
② Boundary of the protected area ;
③ Protect network and infrastructure ;
④ Protection of supporting infrastructure ;

9、 The content of information security work
① Identify security requirements ;
② Design and implement safety plan ;
③ Information security evaluation ;
④ Information security monitoring and maintenance .