Part III: Conclusion
There is no absolute security information system. Theoretical security between safety and real-world use gang
Big. Information security is a dynamic concept, there is a certain period of information on an information system that is safe enough. Security out
Reading should be broadening, the system that can successfully complete the scheduled goals and tasks can be considered safe.
In the real world, security involves the process, which involves preventive technology, and also involves detection and reverse.
The process, as well as a complete investigation and monitoring mechanism of crime. Security is not a product, it itself is a pass
Process. To make our digital system security, we must build this process. At the same time, it can be considered that such a process
As the development of technology continues to cycle, never end.
All aspects of the safety information system have their own problems, no technology is perfect, safe
Technical and intrusion techniques are in the process of continuous development. People have limitations, technology has limitations, but people have to believe
The pursuit of security is not ended.
Complexity is the maximum enemy of security, while the information system is complicated. Simple technology often achieves out
The expected effect, even has a technological beauty. Separate technology is impossible to meet all the needs of the system, comprehensive
Different techniques, build a system with relatively security.
Therefore, you must adhere to the active defense policy, preventive safety operating systems, and trusted calculations from the source.
Machine system, etc. There are still a lot of work in this regard.
Pay attention to the role of risk assessment. Guide the construction of safety information systems with risk assessment, from system design
At first, consider the risk model and risk management of the system, choose safety measures suitable for system security requirements, thus establishing a
An information system acceptable to build costs and residual risks to complete the system for scheduled construction purposes.
Information systems must always emphasize people's role. The development, use, maintenance, management of the system reflects people
Role. People are the first, technology is the second. Playing people's subjective energy can partially make up for the current system
Inadequacies in artificial intelligence. At the same time, we must see the limitations of people.
references:
1. "Application Cryptology" (Second Edition) Bruce Schneier
2, "The Truth of Network Information Security" Bruce Schneier
3, "Operating System Security Introduction" Qingshi Liu Wenqing Liu Haifeng
4. "Password Coding and Network Security --- Principles and Practices" (Third Edition) William Stallings
5, "Design and Analysis of Sequence Password" Lu Yan Wang Fan Xiu Bin Zhou Yujie
6, "Security In Computing" Charles P.pfleeger Shari Lawrence Pfleeger
7. "Network Security Principles and Technology" Feng Deguo
8, "Introduction to Network Security Technology" Nanxiang Hao
9, "Encryption and Decryption" (Second Edition) section of Steel
