What are the aspects of information security?

Information security mainly includes the following five aspects: confidentiality, authenticity, integrity, unauthorized copying and the security of parasitic systems.

Information system security includes:

(1) Physical security. Physical security mainly includes environmental security, equipment security and media security. In the central computer room of the system dealing with secret information, effective technical preventive measures should be taken. Important systems should also be equipped with security personnel for regional protection.

(2) Safe operation. Operation safety mainly includes backup and recovery, virus detection and removal, and electromagnetic compatibility. Back up the main equipment, software, data and power supply of the classified system, and restore the system in a short time. Anti-virus and anti-virus software approved by relevant national authorities should be used for timely detection and anti-virus, including virus and anti-virus software of servers and clients.

(3) Information security. Ensuring the confidentiality, integrity, availability and non-repudiation of information is the core task of information security.

(4) Security management. The security management of classified computer information system includes three aspects: management institutions at all levels, management systems and management technologies. Establish a perfect security management organization, set up security management personnel, establish a strict security management system, and use advanced security management technology to manage the entire classified computer information system.

Information security itself covers a wide range, including how to prevent the disclosure of secrets of commercial enterprises, prevent teenagers from browsing bad information and revealing personal information.

The information security system in the network environment is the key to ensure information security, including computer security operating system, various security protocols and security mechanisms (digital signature, message authentication, data encryption, etc.). ) until security vulnerabilities such as UniNAC and DLP may threaten global security.

Information security means that the information system (including hardware, software, data, personnel, physical environment and its infrastructure) is protected from being destroyed, changed or leaked by unexpected or malicious reasons, and the system can run continuously and reliably. Information service will not be interrupted, and finally business continuity will be realized.

Information security rules can be divided into two levels: narrow security and broad security. Security in a narrow sense is the field of computer security based on encryption. Early information security majors in China usually take this as a benchmark, supplemented by computer technology and communication network technology. Content related to programming; Generalized information security is a comprehensive subject. From traditional computer security to information security, renaming is not only an extension of security development, but also a combination of management, technology and legal issues.

This major trains senior information security professionals who can engage in computer, communication, e-commerce, e-government and e-finance.

Information security mainly involves three aspects: information transmission security, information storage security and network transmission information content audit. Authentication is the process of verifying the theme in the network. There are usually three ways to verify the identity of the principal. One is the secrets that the subject knows, such as passwords and keys; Second, the items carried by the subject, such as smart cards and token cards; The third is only the function or ability unique to the theme, such as fingerprint, voice, retina or signature. Wait a minute.

Protective measures of computer network information security

1, using firewall technology is the main means to solve network security problems. The firewall means used in computer network is to separate the internal network from the external network by logical means. While protecting the information security inside the network, he also organized the illegal invasion of external visitors, which is a technology to strengthen the connection between the internal network and the external network. Firewall physically ensures the information security of computer network by filtering, scanning and shielding all kinds of data transmitted through its network.

2. Intrusion detection of access data is a new generation of network information security measures after traditional security measures such as data encryption and firewall. Intrusion detection collects information from key nodes in the computer network, analyzes and decodes it, and filters out whether there are factors threatening the information security of the computer network. Once a threat is detected, it will be dealt with accordingly. According to different detection methods, it can be divided into error detection system, anomaly detection system and mixed intrusion detection system.

3. Network information encryption technology is a very important technical means and effective measures. By encrypting the transmitted information, the information transmitted in the network is effectively protected from malicious theft or tampering. In this way, even if the attacker intercepts the information, he cannot know the content of the information. This method can make some confidential data available only to those who have access rights.

4. Controlling access rights is also one of the important protective measures for computer network information security. This method is based on identity authentication. When illegal visitors try to steal data from the system, they will be blocked by access rights. Access control skills ensure that users can obtain information resources on the network normally, and can also prevent illegal intrusion and ensure security. The contents of access control include: user identification and authentication, access control and audit trail.