Студопедия  
Главная страница | Контакты | Случайная страница

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатика
ИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханика
ОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторика
СоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансы
ХимияЧерчениеЭкологияЭкономикаЭлектроника

Text 1D. New Trends in Risk Management

Читайте также:
  1. A perceptive article from an emerging small business management sphere.
  2. Current trends in the international system relations
  3. Financial management
  4. Graph of submodel Employee management
  5. History of the Financial Management Service
  6. MANAGEMENT
  7. Models of national cultures in cross-cultural management
  8. PART 1 UNIT 3 SECTION 4MONEY MANAGEMENT
  9. Speak about current international relations: general trends. 1 страница
  10. Speak about current international relations: general trends. 2 страница

Essential Vocabulary

breach n – брешь, повреждение, нарушение

dumb terminal неинтеллектуальный терминал, терминал ввода-вывода

loyalty n – соблюдение законов, верность, преданность

match v – соответствовать, приводить в соответствие, сопоставлять

safeguard n – охрана, защита, гарантия

tightly adv – строго, плотно, крепко, сильно

worth adj – стоящий

Risk management is a process used hundreds of times every day. From deciding whether to cross the street to deciding to take a shortcut home to avoid traffic to deciding to purchase health insurance or change jobs, each decision is based on principle of risk management.

Risk management has reached a new level of importance in the information age. The growth of networked information systems and distributed computing has created a potentially dangerous environment. From trade secrets to proprietary information to troop movements to sensitive medical records and financial transactions, critically important data flows through these systems.

Our society depends on fast, accurate transmission of information. Everything from e-mail, stock quotes, credit ratings, bank balances, and travel arrangements, even the weather, is tracked by computer systems. The availability of all this information and the ease of intercepting it has created an environment in which hackers are glorified as harmless “whiz kids”, even though the damage they do to a computer system may take weeks to undo.

Another problem in this new information society is the lessening of loyalty of employees to their organizations. Both federal and state governments have also been pushed to reduce their budgets and to do more work with fewer employees. The old days of having a job for life, where the company looked out for its employees and protected them, are over. The resulting lowering of morale contributes to a risky business environment in which the goals of the individual may no longer match the goals of the organization.

Risk assessment began as a process applied to large mainframes and data centers, which were in stand-alone, tightly controlled environments. However, as personal computers replaced dumb terminals on every desktop, and as these personal computers are increasingly linked to the Internet, computer security problems multiply. Hardware solutions, such as installing firewalls or automating audit logs, are sometimes difficult to justify to senior management and, where installed, do not always prevent security breaches. The interest in risk management as an effective method of analyzing these complex systems has increased dramatically over the last 12 months and serves two purposes: to identify existing weaknesses in the systems and to justify and prioritize the cost of additional safeguards.

What is risk assessment?

Risk assessment is a method of determining what kinds of control are needed to protect an organization’s information systems and resources not just adequately but cost effectively.

The risk assessment process examines a set of five variables:

1. What is the security professional trying to protect, how much is it worth, and how much depends on it?

2. What could potentially threaten the asset?

3. What weakness exists that would allow the threat to materialize?

4. If the threat occurs, what kind of loss could the company have?

5. What controls can the security professional put into place that would reduce the organization’s loss if a threat occurred or eliminate the threat altogether?

The risk assessment process includes gathering information about assets, finding resources for threat data, doing a survey to find the vulnerabilities, and then matching the information to see what combination of asset/threat/vulnerability could trigger a loss, and then deciding what safeguards might be put in place to reduce or eliminate the potential loss.

 

Task 17. Translate the following word combinations:

Risk management; risk assessment; the growth of networked information systems and distributed computing; a potentially dangerous environment; stand-alone, tightly controlled environments; fast, accurate transmission of information; dumb terminals on every desktop; computer security problems; to prevent security breaches; cost effectively; gathering information about assets; to reduce or eliminate the potential loss.

Task 18. Answer the questions:

1. What is risk management?

2. Has risk management reached a new level of importance in the information age? Why?

3. What are the two purposes of risk management?

4. What does the risk assessment process examine?

5. What does the risk assessment process include?

Task 19. Translate the following sentences, paying attention to the functions of It, One, That:

1. There is a well-known quote that says, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards—and even then I have my doubts”.

2. One very common example of an identification and authentication transaction can be found in the use of payment cards that require a personal identification number (PIN).

3. Some of the identification and authentication methods that we use in daily life are particularly fragile and depend largely on the honesty and diligence of those involved in the transaction.

4. The widespread use of static passwords in authentication constitutes a serious vulnerability, one that attackers and malicious code often exploit to install rootkits in systems.

5. I have always hesitated to give advice, for how can one advise another how to act unless one knows that other as well as one knows oneself?

6. One of the most crucial factors to realize when we are working with identification is that an unsubstantiated claim of identity is not reliable information on its own.

7. Although this is a weak method of verification, it is a commonly used one, identity cards

8. One of the chief weaknesses of symmetric key cryptography lies in the use of one key.

9. Cryptography has existed, in one form or another, for most of recorded history.

10. A threat is something that has the potential to cause us harm.

11. Vulnerabilities are weaknesses that can be used to harm us.

12. One of the large drawbacks to this method is that many signature-based systems rely solely on their signature database in order to detect attacks.

 

UNIT 2

Task 1. Read and translate the text using Essential Vocabulary:

Text 2A. Rootkits: The Ultimate Malware Threat

Essential Vocabulary

accomplish v – выполнять, совершать

comprise v – включать, содержать

crude adj – грубый

evidence n – признак, свидетельство, доказательство

forefront n – передний план, важнейшее место

malware n – вредоносное ПО

proficient adj – умелый, искусный

subvert v – разрушать, подрывать

superficially adv - внешне

threat n – опасность, угроза

ultimate adj – основной

vulnerability n – уязвимость

Information security professionals are constantly concerned about a wide variety of security-related threats. Some of these threats pose considerably higher levels of risk than others and thus require more resources to counter. Furthermore, risks and their potential impact change over time. Fifteen years ago, for example, risks resulting from the activity of external attackers were one of the most serious. Attackers often launched brute force password guessing attacks, or if they were more sophisticated, password cracking attacks using dictionary-based password cracking tools that are by today's standards rather crude. Fifteen years ago, damage and disruption due to virus and worm infections also comprised one of the most serious types of security risks. Things have changed considerably since then; certain types of malicious code ("malware") other than viruses and worms have moved to the forefront of risks that organizations currently face. Rootkits in particular now represent what might safely be called the ultimate malware threat.

What exactly is a rootkit? The term "rootkit" refers to a type of Trojan horse program that if installed on a victim system changes systems' operating system software such that: 1) evidence of attackers' activities (including any changes to the systems that have been made in installing the rootkit) is hidden and 2) attackers can gain remote backdoor access to the systems at will. Rootkits replace normal programs and system libraries that are part of the operating system on victim machines with versions that superficially appear to be normal, but that in reality subvert the security of the machine and cause malicious functions to be executed.

Rootkits almost without exception run with superuser privileges, the full set of system privileges intended only for system administrators and system programmers so that they can readily perform virtually any task at will. In UNIX and Linux, this translates to root-level privileges; in Windows, this means Administrator- and SYSTEM-level privileges. Without superuser privileges, rootkits would not be very effective in accomplishing the malicious functions they support. It is important to realize, however, that attackers need to gain superuser-level access before installing and running rootkits. Rootkits are not exploit tools that raise the privilege level of those who install them. Attackers must thus first exploit one or more vulnerabilities independently of the functionality of any rootkit to gain superuser privileges on victim systems if they are going be able to install and run a rootkit on these systems.

Additionally, the majority of rootkits are "persistent," whereas others are not. Persistent rootkits stay installed regardless of how many times the systems on which they are installed are booted. Non-persistent rootkits (also called "memory-resident" rootkits) reside only in memory; no file in the compromised system contains their code. They thus remain on a victim system only until the next time the system boots, at which time they are deleted.

Information security professionals need to put the problem of rootkits in proper perspective. Rootkits were first discovered in 1994; even at that time they were remarkably proficient in hiding themselves and creating backdoor access mechanisms. Since that time, rootkits have improved immensely to the point that many of them are now almost impossible to detect. Some of them are in reality "all-in-one" malware - a complete arsenal of weapons for attackers. Additionally, many current rootkits capture sensitive information and are capable of being part of gigantic botnets that can create massive damage and disruption.

 

Task 2. Translate the following word combinations:

Information security professionals, security-related threats; brute force password guessing attacks; password cracking attacks; dictionary-based password cracking tools; certain types of malicious code; evidence of attackers’ activities; backdoor access mechanisms.

 

Task 3. Find in the text English equivalents for the following word combinations:

Выдвигать на передний план; представлять собой более серьезную опасность; термин обозначает; получить доступ к системе; по своему желанию; за редким исключением; независимо от того сколько раз система загружается; почти невозможно обнаружить; захватить важную информацию.

 

Task 4. Make adverbs from the following adjectives and translate them:

Additional, actual, active, general, constant, current, considerable, exact, extreme, superficial, safe, ready, virtual, independent, remarkable, immense, invariable, original, previous, poor, remote.

Task 5. Answer the questions:

1. What were the most serious types of security risks in the past?

2. What is a rootkit?

3. What are persistent/non-persistent rootkits?

4. When were rootkits first discovered?

5. Why might rootkits be called the ultimate malware threat?

Task 6. Insert the prepositions, translate the sentences:

1. Although increased complexity of rootkits has resulted … many advantages for attackers, it has also made installing rootkits considerably more complicated.

2. Many rootkits now consist … many components that need to be compiled and installed.

3. At present information security professionals should not rely … anti-virus and anti-spyware software to detect rootkits.

4. The success of an attack depends … the vulnerability of the system and the effectiveness of existing countermeasures.

5. Attacks can be divided … two main categories.

6. This process of gathering information might lead … active attacks later on.

7. Security in wireless networks differs greatly … security for their wireline counterparts due to the very nature of the physical medium.

8. Controls are divided … three categories: physical, logical, and administrative.

9. Although the term may sound very technical and oriented in the direction of high-security computing facilities, access controls are something we deal … on a daily basis.

Task 7. Render the text:

Руткит - программа или набор программ для скрытия следов присутствия злоумышленника или вредоносной программы в системе. Под этим термином понимается набор утилит или специальный модуль ядра, которые взломщик устанавливает на взломанной им компьютерной системе сразу после получения прав суперпользователя. Руткит позволяет взломщику закрепиться во взломанной системе и скрыть следы своей деятельности путём сокрытия файлов, процессов, а также самого присутствия руткита в системе.

Task 8. Read and translate the text using Essential Vocabulary:




Дата добавления: 2015-01-07; просмотров: 57 | Поможем написать вашу работу | Нарушение авторских прав




lektsii.net - Лекции.Нет - 2014-2024 год. (0.013 сек.) Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав