结课PPT

The other still don't know thire data was stolen 另一种是还不知道自己已经发生了数据泄 露事件的机构
Strategy one:
Adopting advanced security analytics to better predict threats and protect data. 采用先进的安全分析法，更好地预测威胁，
保护数据。
Strategy two:
Maturing incident management and forensic capabilities. 完善（意外）事故管理和取证能力。
Zero Trust Model (ZTM)
Zero trust model (ZTM) has been considered as a means can effectively
首先，绝对信任的假设容易让你的公司 受到所谓“可信的圈内人”的伤害。
Second, they become obsolete when the environment or technology changes.
其次，当环境或科技发生改变时，这个 绝对信任的假设就过时了。
The strategy to protect your data
Example
NEXON
South Korea's top game developer Nexon also
said 13 million users' personalΒιβλιοθήκη Baiduinformation of its
popular online game “MapleStory" was stolen by
property and sensitive data assets, implicit trust assumptions are
dangerous for two reasons:
当你试图保护本公司的知识产权和敏感数据资产时，绝对信任 的假设是很危险的，有以下两个原因：
First, they leave your organization vulnerable to so-called “trusted insiders.”
在近来的一起事故中，2000万韩国 民众的个人信息被韩国信用局的一 名合同工窃取。
PICTURE
20 million
50million
The causes of breaches
泄密事故的原因
• Poor system controls for privileged users. 对特权用户的系统掌控欠佳。 • A lack of continuous user activity monitoring. 没有持续监测用户活动。
What Asia Pacific Firms Must Learn From South Korea
14A0134
It was recently revealed that the personal data of 20 million South Koreans was stolen by a contract worker at the Korea Credit Bureau
to people in need, and was strictly enforced; System must audit all access
and never trusted any access; All traffic must accept examination, registration and evaluation; System is rather from inner to outer than from outside to inside. Information security concepts are simplified as imagine no more "trusted" interface, application, traffic, network and user. 零信任模式（ZTM）已经被认为是一种可有效提升安全状态的手段。这一激进的网络安全
hackers.
How to protect our information security?
1.Set up different password for different use
2. Develop the habit of cleaning your
computer regularly
Thanks~
improve security status. The radical solution for network security monitors
all possible data, and assumes all files are potential threats. Its all resources must be in a safe way to visit; Access control are available only
The Impacts
Such incidents create distrust toward entire
industries, social systems,
and economies.
这样的泄密事故使人们对整个工 业、社会系统以及经济体系失去 信心。
When you’re trying to protect your organization’s intellectual
In network security domain at present there are two types of institutions: 目前网络安全领域中存在着两种类型的机构：
The one they know thire data was stolen 一种是已经发生了数据泄露事件的机构
解决方案监控着所有可能的数据，并假定所有的文件都有潜在威胁。其要求所有资源都
必须以安全方式访问；访问控制只提供给需要的人，并被严格执行；系统必须要审核所 有访问并从不信任任何访问；所有的流量必须要接受检查、登记和评估；系统被由内至
外而不再是由外至内进行设计。信息安全概念被简化为设想再也没有“可信任的”接口、
Information Security In Our Life
Some examples of information security in our life How to protect our information security?
Example
Alipay
Alipay vulnerability caused information disclosure.And the official response is the buyer's fault.