Exercise 7. Paraphrase the following statements simplifying its grammar.
1. If you launch a website, but never link to other pages, your site will more than likely not be found by the spiders.

2.If your page has fresh content on it, then the spiders will find you eventually, although it takes more work and you have to manually submit the new Uniform Resource Locator to the search engines indexing program.

3. Domains with rich keywords that get searched a lot have a better chance at success in the search engines.

4. Having your website come up in the search listings and providing the customers with the product or information they are searching for is a key.

5. Working with long tail keywords successfully means that a publisher needs to know which long tail keywords actually get hitsor are searched for on the major search engines.

6. Specialists in computers have made studying and mastering Search Engines a daily journey, constantly learning new things about how they function and how to get top rankings.

Exercise 8. Answer the following questions.

1. 
   What is meant by the computer term “Search Engine”?
   
2. 
   What are the functions of computer spiders?
   
3. 
   What is the principle of a computer spider operation?
   
4. 
   Who usually possesses shorter domains in online world?
   
5. 
   What is the difference between online and “Brick and Mortar” commerce?
   
6. 
   What is the role of keywords?
   
7. 
   When is it necessary to work with long tail keywords?
   
8. 
   What does the efficiency of your Search Engine advertisements depend on?
   
9. 
   What is ranking and what does high ranking mean for business?
   
10. 
    Why are specialists in computers continuously working at learning Search Engines?
    

Exercise 9. 1) Make up the plan of the text;

2) Make up the summary and the abstract of the text.

CHAPTER II

INFORMATION TECHNOLOGY SECURITY

UNIT 7 What is Information Technology Security?

Vocabulary

Sensitive information(n) - секретная информация

Decipher (v) - шифровать

Encryption (n) - кодирование, шифрование

Unauthorized access(n) - несанкционированный доступ

Legitimate (ad) - законный

Confidentiality(n) - конфиденциальность

Integrity(n) - - целостность

Vulnerability(n) - уязвимость

Robustness (n) - устойчивость

Compromise(v) - подвергать риску

Remote access(n) - удаленный доступ

Availability(n) - доступность

Tradeoff(n) - компромисс

Usability(n) - практичность
(1)Security is a basic human concept that has become more difficult to define and enforce in the Information Age. In primitive societies, security was limited to ensuring the safety of the group's members and protecting physical resources, like food and water. As society has grown more complex, the significance of sharing and securing the important resource of information has increased. Before the proliferation of modern communications, information security was limited to controlling physical access to oral or written communications. The importance of information security led societies to develop innovative ways of protecting their information. For example, the Roman Empire's military wrote sensitive messages on parchments that could be dissolved in water after they had been read. Military history provides another more recent example of the importance of information security. Decades after World War II ended, it was revealed that the Allies had gained an enormous advantage by deciphering both the German and Japanese encryption codes early in the conflict. Recent innovations in information technology, like the Internet, have made it possible to send vast quantities of data across the globe with ease. However, the challenge of controlling and protecting that information has grown exponentially now that data can be easily transmitted, stored, copied, manipulated, and destroyed.

---

(2) Within a large organization information technology generally refers to laptop and desktop computers, servers, routers, and switches that form a computer network, although information technology also includes fax machines, phone and voice mail systems, cellular phones, and other electronic systems. A growing reliance on computers to work and communicate has made the control of computer networks an important part of information security. Unauthorized access to paper documents or phone conversations is still an information security concern, but the real challenge has become protecting the security of computer networks, especially when they are connected to the Internet. Most large organizations have their own local computer network, or intranet, that links their computers together to share resources and support the communications of employees and others with a legitimate need for access. Almost all of these networks are connected to the Internet and allow employees to go "online."

(3)Information technology security is controlling access to sensitive electronic information so only those with a legitimate need to access it are allowed to do so. This seemingly simple task has become a very complex process with systems that need to be continually updated and processes that need to constantly be reviewed. There are three main objectives for information technology security: confidentiality, integrity, and availability of data. Confidentiality is protecting access to sensitive data from those who don't have a legitimate need to use it. Integrity is ensuring that information is accurate and reliable and cannot be modified in unexpected ways. The availability of data ensures that is readily available to those who need to use it.

(4)Information technology security is often the challenge of balancing the demands of users versus the need for data confidentiality and integrity. For example, allowing employees to access a network from a remote location, like their home or a project site, can increase the value of the network and efficiency of the employee. Unfortunately, remote access to a network also opens a number of vulnerabilities and creates difficult security challenges for a network administrator.

(5)Information Security involves a Tradeoff between Security and Usability: There is no such thing as a totally secure system – except perhaps one that is entirely unusable by anyone! Corporate Information Security’s goal is to provide an appropriate level of security, based on the value of an organization’s information and its business needs. The more secure a system is, the more inconvenience legitimate users experience in accessing it.

Exercise 1. Which of the following statements expresses the main idea of the text?

1. Information technology security is simply the process of keeping information secure.

2. Protecting sensitive information and the security of computer networks is the main concern of ITS.

3. ITS provides appropriate level of security.
Exercise 2. Give the number of the paragraph which says about:

Organization of information technology security within large companies; main objectives of information technology security; basic concept of security; totally secure computer systems; legitimate need for access; balancing the demands of users versus the need for data confidentiality; availability of data; protecting the security of computer systems; origins of information technology security; local computer networks.
Exercise 3. Match the terms with their definitions:

Integrity	Application of cryptography to make information unintelligible, i. e. translating plaintext into ciphertext using a prescribed algorithm and a key
Vulnerability	Not permitted, accepted or agreed by management
Information security	One of the three core elements of information security, along with availability and integrity. It essentially concerns secrecy or privacy.
Encryption	The preservation of confidentiality, integrity and availability of information. In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved
Confidentiality	Weakness in an information system, or cryptographic system, or components (e.g., system security procedures, hardware design, internal controls) that could be exploited to violate system security policy and result in a security breach.
Availability	Property of completeness and accuracy of information. Protected through controls such as referential integrity, data entry validation, digital signatures, honesty, ethics and trust. One of the three core elements of information security, along with confidentiality and availability
Unauthorized	One of the three core elements of information security, along with confidentiality and integrity. It concerns the requirement for information, IT systems, people and processes to be operational and accessible when needed.

---

Exercise 4. Define whether the following statements correspond to the content of the text (yes, no).

1. 
   Security is a basic human concept that is easy to define.
   
2. 
   Information security is limited to controlling physical access to oral or written information.
   
3. 
   The requirements for controlling and protecting information have grown exponentially.
   
4. 
   Control of computer networks is an important part of ITS.
   
5. 
   Protecting the security of computer networks, especially when they are connected to the Internet, has become the real challenge.
   
6. 
   Information technology security is controlling access to all electronic information.
   
7. 
   There are 3 main objectives for ITS: confidentiality, integrity and availability of data.
   
8. 
   Allowing employees to access a network from a remote location can decrease the number o f vulnerability.
   
9. 
   Information technology security is a responsibility only of those who are directly concerned with it.
   

Exercise 5. Paraphrase the following statements simplifying its grammar.

1. 
   Decades after World War II ended, it was revealed that the Allies had gained an enormous advantage by deciphering both the German and Japanese encryption codes early in the conflict.
   
2. 
   Unauthorized access to paper documents or phone conversations is still an information security concern, but the real challenge has become protecting the security of computer networks, especially when they are connected to the Internet.
   
3. 
   Information technology security is controlling access to sensitive electronic information so only those with a legitimate need to access it are allowed to do so.
   
4. 
   This seemingly simple task has become a very complex process with systems that need to be continually updated and processes that need to constantly be reviewed.
   
5. 
   Allowing employees to access a network from a remote location, like their home or a project site, can increase the value of the network and efficiency of the employee.
   

Exercise 6. Give the definitions of the following terms:

1. 
   Intranet, b) confidentiality, c) integrity, d) availability of data.
   

Deduce your own definition of ITS.

Exercise 7. Answer the following questions:

1. 
   Did the problem of security exist in primitive societies?
   
2. 
   Why has the significance of sharing and securing the important resources of information increased in a modern society?
   
3. 
   What examples of the importance of IS are given in the text?
   
4. 
   What has made the control of computer networks an important part of IS?
   
5. 
   What is the most important task of ITS?
   
6. 
   What are allowed to get access to sensitive electronic information?
   
7. 
   What are the 3 main objectives of ITS?
   
8. 
   What are the advantages and disadvantages of an access from a remote location?
   
9. 
   Are there any totally secure systems?
   

Exercise 8. Arrange the following headings in the logical order and match them with the paragraphs of the text. Make up the summery of the text.

1. The demands of users versus the need of data confidentiality and integrity;

2. Responsibility for ITS;

3. History of information security;

4. Main objectives of ITS;

5. ITS in the digital era.
UNIT 8 Data Classification

Vocabulary

Sensitivity (n) - cтепень конфиденциальности

Top secret (adj) - совершенно секретный

Secret (n) - секретный

Confidential (adj) - данные ограниченного пользования

Security clearance(n) - проверка на отсутствие нарушений секретности

Public information(n) - информация, доступная неограниченному кругу лиц

Level of protection (n) - уровень защиты

Backup(n) - резервное копирование

---

Adequate security control(n) - соответствующий контроль безопасности

Fraudulently obtained(adj) - полученный обманным путем

(1) One of the foundational elements of an information security program is the existence of and adherence to a formal data classification scheme. Yet, many organizations--even those that profess a commitment to protecting company and customer information--fail to implement data classification. We will  look at the reasons that data classification can be difficult and offers several practical guidelines to overcome these obstacles. 

What is DataClassification?

(2)Data classification is a simple concept. It is a scheme by which the organization assigns a level of sensitivity and an owner to each piece of information that it owns and maintains. In a hospital, for example, a data classification scheme would  identify the sensitivity of every piece of data in the hospital, from the cafeteria menu to patient medical records. The most widely recognized data classification scheme is the one used by governments, such as the U.S., which assigns classifications such as: 

• 
  Top secret 
  
• 
  Secret 
  
• 
  Confidential 
  

(4)When a document, letter, memo, or other piece of information is created, the owner assigns to it a classification level, which among other things, defines the security clearance of individuals that can access that information. 

(5)Similarly, in business, organizations adopt data classification schemes to define the levels of confidentiality that are required for each piece of information created or maintained by the organization. A corporate data classification scheme might comprise information classifications such as: 

• 
  Company confidential 
  
• 
  Private 
  
• 
  Sensitive 
  
• 
  Public 
  

(6)Such a scheme greatly facilitates data security, because it instantly identifies and communicates the level of protection required for any piece of data as well as the audience that may view it. For example, a document that is tagged as "company confidential" is easily recognized as not to be released outside of the company. Further, it limits those who may access the information to a defined group. 

(7)A good data classification scheme also includes a time-element, to allow a piece of information to change its status on a certain date. An example would be a public company's earnings announcement, which might be company confidential until the date of the earnings announcement, at which time it becomes "public." 

(8)There are many other attributes to data classification schemes, but these few points are sufficient to establish why data classification is fundamental to information security. Without a data classification scheme, an organization treats all information the same. This increases the probability that sensitive data will not have adequate security controls, increasing the risk of sensitive data being compromised. It also means that less sensitive data will have more security controls than necessary, leading to unnecessary restrictions and loss of efficiency for operational personnel. 

Consequence of Failure in Data Classification 

(9)Two high profile cases in 2005 show the severe losses that can arise when data is not properly classified, the scheme is not adhered to in practice, or the scheme is not used to drive security controls appropriate for each class of data. 

(10)In early 2005, ChoicePoint, a U.S. firm that provides information on consumers to insurance companiesand other types of businesses and government agencies, revealed that criminals had fraudulently obtained valid customer accounts that enabled access to approximately 150,000 consumer names, addresses, SocialSecurity numbers, and credit reports. Clearly, the security controls that ChoicePoint had in place for its new customer account setup process were not adequate for the class of data that it allowed such customers to access. 

(11)Around the same time, Bank of America disclosed that it lost several backup tapes in transit to a backup center. The tapes contained financial information on 1.2 million government employees that were members of the U.S. government's SmartPay credit card program. Although the Bank's data classification scheme may have recognized the confidential nature of such information when residing on the Bank's primary systems, it did not, in this case, appear to extend to the same information when it was contained on backup media. 

---

(12)Although ChoicePoint and Bank of America can be faulted for not adequately protecting confidential information, it is likely that both organizations had a data classification scheme in place. The problem was that they did not have adequate security controls based on the classification, at least in these instances. 

(13)Many organizations have an even more fundamental problem: they do not have any data classification scheme at all. If data classification is a foundational requirement for information security, what explains this failure? 

(14)First, data classification is one place where the old maxim is true: perfection is the enemy of the good. Some security professionals insist upon a scheme that is perfect in theory, but difficult to implement. For example, if most users are ignorant of basic security practices, successfully implementing a robust data classification scheme will be extremely challenging. A data classification program will only be effective if employees are willing to properly classify each piece of information and maintain the classification. An organization will be better served by a simple data classification scheme that is put into practice - even one that is theoretically imperfect - than the perfect scheme that exists in name only. 

(15)Second, the development and implementation of data classification can be downright expensive. The costs are two-fold: the cost of developing the data classification scheme with appropriate controls based on each class of data and then training all employees to recognize and classify data accordingly. The development and training effort can be significant, but there is even more effort required to classify existing data and to continue to classify new data on an on-going basis. For healthcare organizations, financial services firms, and others that are required by law to classify data, the cost of these efforts may be rationalized in terms of regulatory compliance. But for non-regulated organizations, it is often difficult for management to justify such  efforts as a necessary part of doing business. 

Finally, the leaders of the security program--the chief information security officer, and others--often lack the authority to drive a data classification program through to full implementation. In many companies, the security program does not have the political clout required to gain acceptance for such an ambitious initiative. 

 Exercise 1. Which of the following statements expresses the main idea of the text?

1. Data classification is one of the foundational elements of information security.

2. Each piece of information created should be assigned its classification level.

3. Without a data classification scheme an organization might suffer from constant security breaches.

---

Смотрите также файлы

• Сценарий Открытого урока Блокада Ленинграда.docx

• Компьютерный офис включает курсы основы архитектуры компьютера и операционная система ms windows.docx

• Программа для создания и проведения презентаций, являющаяся частью Microsoft Office и доступная в редакциях для операционных систем Microsoft Windows и Mac os.pptx

• Роль дидактичсеких игр на уроке математики в начальных классах.doc

• Жамбыл атындаы 5 мектепгимназиясы Блім.doc