Shulou(Shulou.com)06/01 Report--

Whether it is information security technology and information security management, fundamentally speaking, its core is to ensure the security of data and services; especially data security is the core of the core, the reason is very simple: information can be understood as data in a sense. From this corollary, it is better to understand the relationship between the following security:

Some services and their associated data are dependent on certain middleware systems or are themselves a specific application, so the so-called application security;

Data and services are always installed on a certain type of system (can be broadly understood as operating system, database system, etc.), so there is a so-called system security;

Generally speaking, the system is always in a specific network environment, so there is a so-called network security;

The network is divided into regions. The security levels and uses of various regions are different. They should be distinguished and isolated, so there is a so-called border security.

All systems and equipment need to be placed in a certain physical environment, and the requirements for environmental safety form the so-called physical safety;

Furthermore, because it is necessary to manage the personnel operating various systems, that is, to control their permissions, access methods, access systems, etc., and to control the entire work life cycle of personnel, so as to ensure the safety of data and services, the so-called personnel security is formed.

Finally, in order to manage, control and assess the above-mentioned various types of safety, various organizations need to formulate various safety norms and standards to ensure the achievement of safety objectives, so there is a safety strategy.

In addition, disaster preparedness management is a way to ensure data security, and continuity management is a way to ensure service security.

So, no matter what kind of books we read about information security technology, the first mention is always data encryption technology, and service continuity management will also be mentioned frequently.(ISO27001, related standards or regulations for hierarchical protection), and many security measures are developed for the above two ways, especially DDOS***(distributed denial ***) is the main means of destroying service continuity, while other measures or violations: such as remote/local authorization, buffer overflow ***, SQL injection ***, etc. may be carried out in order to steal, tamper with and delete critical data.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.