Английский язык для пользователей ПК и программистов - Гольцова Е.В.
ISBN 5-7931-0086-5
Скачать (прямая ссылка):
2) Risk assessment is no less important in secure, well-designed software or applications development projects.
3) They include things like your customer credit card information.
4) It will probably be more valuable than your vendor contact list.
5) Bruce Schneier calls it 'attack tree analysis'.
6) Sometimes it is aided by organization-enhancing software.
7) You can trust them with the necessary access privileges before setting the software up on your network.
8) You must strongly consider petitioning your internal Information Technology department or Help Desk for permission.
9) Security assessment tools can be useful, but cannot be 100% effective.
Упражнение 7. Look through the Text and find equivalents to the following: Просматривая Текст, найдите эквиваленты следующих выражений:
1) первые шаги в ...
2) используйте преимущество такого факта, как
3) Для большей информации о ..., смотрите
4) Так как вы знаете ...
5) Пожалуйста, будьте очень внимательны при...
6) Очень легко перепутать ... с ...
Упражнение 8. Find in the Text sentences in Subjunctive Mood and translate them. Найдите в Тексте предложения в сослагательном наклонении и переведите их. (5)
Упражнение 9. Look through the Text and say what paragraphs contain sentences in Imperative Mood.
Просмотрев Текст, скажите, какие параграфы содержат предложения в повелительном наклонении.
Упражнение 10. Translate the terms: Переведите слова-термины:
Risk assessment; protected resources; customer database; disposition and handling of customer information; social and legal issues; security assessment; attack tree analyses; relative frequency; relative value; access privileges; to set up the software.
295 Английский язык для пользователей ПК и программистов_
Упражнение 11. Underline all predicates in the sentence and mark the subject for every of it. Translate:
Сначала подчеркните сказуемые, потом к каждому сказуемому найдите подлежащее, переведите. Проверьте по ключу.
1) Making risk assessment a priority will also help you to make sure your executive officers to be both informed about and integral to the beginnings of your securely designed project._
2) This process helps to formalize what's otherwise a significantly subjective process of analysis and assessment, and can help to prioritize your project's security goals._
Text
Risk Assessment
I. Risk assessment should be among the first steps in your design process, and will help you frame your further efforts to design a secure system. Making risk assessment a priority will also help you to make sure your executive officers to be both informed about and integral to the beginnings of your securely designed project. During the risk assessment phase of design, you may find important supporters and champions among the executive officers: you should actively recruit their, participation if they're not already involved.
II. Business majors and MBAs already know about the managerial aspects of risk assessment. This methodology is heavily used in most business plans,4especially with respect to business planning. Risk assessment is no less important in secure, well-designed software or applications development projects. Take advantage of the fact that your managers and executives are probably already familiar with risk assessment methodology. Armed with a common language and methodology, you can inform your managers of the relative risks to which the application exposes you or your customers, and you can additionally
296 Урок 17
leverage their involvement and buy-in. This will help you in the end: if there should ever be an attack on your application, you will already have a champion to go to bat for the integrity of your application and the care with which it was designed.
III. The basic steps of risk assessment are as follows :
1. Identify protected resources
2. Assign relative value
3. Identify possible attackers
4. Estimate relative frequency of each kind of attacker
5. Carry out attack tree analysis (Identify possible attack routes)
6. Protect all possible attack routes (Protect most likely attack routes)
IV. Protected resources include things like your customer database, customer credit card information, or personal information. If you thought about the policies regarding the privacy, disposition and handling of customer information and other social and legal issues you would understand that your risk assessment process depends a great deal on such things. Your executive managers must be involved in deciding these policies.
V. For each resource, assign it a relative value (i.e. your customer credit card database will probably be more valuable than your vendor contact list). Next, identify possible attackers. Frequent examples are the bored teenager, the disgruntled ex-employee, the corporate spy, or the government intelligence agent.
VI. Estimation of the skill, frequency and methods of the attacker all belong to a related process to risk assessment which Bruce Schneier calls 'attack tree analysis' . This process helps to formalize what's otherwise a significantly subjective process of analysis and assessment, and can help to prioritize your project's security goals. If you saw chapter 21 of Bruce Schneier's book: Secrets and Lies: Digital Security in a Networked World you could know more about attack trees. (A highly-recommended resource on all aspects of digital security.) Английский язык для пользователей ПК и программистов
