>> If you know the enemy, and know yourself, you need not fear the result of 100 battles.
如果你了解敌人,也了解你自己,你就不必害怕100次战斗的结果。
If you know yourself, but not the enemy, for every victory gained, you'll also suffer defeat.
如果你了解你自己,而不了解你的敌人,你获得的每一个胜利,你也会遭受失败。
If you know neither the enemy nor yourself, you will succumb in every battle.
如果你既不了解敌人,也不了解自己,你就会在每一场战斗中屈服。
These ideas come from Chinese General and Philosopher, Sun Tzu's, The Art of War,Incredibly enough, over 2,500 years later,each of those three points directly appliesto the world of cyber security.
这些想法来自中国的将军和哲学家,孙子的《孙子兵法》,令人难以置信的是,2500年后,这三点都直接适用于网络安全领域。
Cyber security is a great umbrella term referring to protecting the confidentiality,integrity, and availability of computing devices and networks, hard [inaudible] software, and,most importantly, data and information.
网络安全是一个很好的总括术语,指的是保护计算设备和网络的机密性、完整性和可用性、硬(听不清)软件,以及最重要的数据和信息。
Cyber security involves times when data or information isin transit, being processed, and at rest.
网络安全涉及数据或信息在传输、处理和休息的时间。
Cyber security is achieved through procedures, products, and people.
网络安全是通过程序、产品和人员实现的。
We're going to investigate these terms and concepts throughout the course.
我们将在整个课程中研究这些术语和概念。
Some like to think of cyber security as a subset of information security, a very general termwhich also deals with information stored physically,in addition to cyber security's pure digital form.
有些人喜欢将网络安全视为信息安全的一个子集,这是一个非常通用的术语,除了网络安全的纯数字形式之外,它还处理物理存储的信息。
Cyber security requires knowing who the hackers are, who the attackers are,what their motivations are, where our vulnerabilities lie,and how protected we actually are.
网络安全需要知道谁是黑客,谁是攻击者,他们的动机是什么,我们的弱点在哪里,以及我们实际上是如何受到保护的。
Easier said than done.
说起来容易做起来难。
What exactly is cyberspace?
网络空间到底是什么?
The enemy could be thousands of miles away, or in the very next cubicle at work, or both!
敌人可能远在千里之外,或者就在隔壁的工作隔间里,或者两者兼而有之!
If the attacker has penetrated your network and is sitting silently, watching and observing,collecting tons of information until the time comes to launch to attack.
如果攻击者已经侵入您的网络,并且静静地坐在那里,观察和观察,收集大量的信息,直到发起攻击的时候。
Nowadays, hackers lurk on networks silently just watching for hundreds of days at a time!
如今,黑客们潜伏在网络上,一次只看几百天!
Completely undetected!
完全未被发现的!
This is a constant cat and mouse game.
这是一场不断上演的猫捉老鼠的游戏。
Companies pay penetration testers to find and exploit vulnerabilities.
公司雇佣渗透测试人员来发现和利用漏洞。
Pen testers can make recommendations, but what good are theyif the companies don't implement them?
笔试人员可以提出建议,但如果公司不实施这些建议,又有什么用呢?
What good are they if the companies do implement them to check off compliance boxes,and then don't actively monitor their infrastructure afterwards?
如果公司确实实现了它们来检查遵从性框,然后在之后不积极地监视它们的基础设施,那么它们有什么好处呢?
What good are hardware and security implementations if the weakest link, the humans,fall victim to social engineering attacks?
如果最薄弱的环节——人类——成为社会工程攻击的受害者,那么硬件和安全实现有什么好处呢?
Which don't involve any technology, but, rather, prey on the gullible and naive humans.We've heard too many of these link-clicking stories.
它们不涉及任何技术,而是捕食易受骗和天真的人类。我们已经听过太多这种点击链接的故事。
Who is to blame if the employees are not properly educated and trained?
如果员工没有接受过良好的教育和培训,该怪谁呢?
Who's to blame if the employees are educated and trained,but not tested to seeing not only what they learned,but how they will react in certain situations?
如果员工接受过教育和培训,但没有经过测试,不仅看他们学到了什么,还看他们在某些情况下会如何反应,那该怪谁呢?
We often fear the unknown hackers from the outside,but insiders are a much greater threat, and can do far greater damage.
我们经常害怕来自外部的未知黑客,但内部人员是一个更大的威胁,可以造成更大的破坏。
They already have some level of access, means, and opportunity.
他们已经有了一定的渠道、手段和机会。
One of the biggest problems today in cyber security is the putting out fires mentality.
当今网络安全最大的问题之一就是灭火心理。
Stopping the hackers.
阻止黑客的攻击。
However, treating each attack as an isolated incident is a huge mistake.
然而,将每一次攻击视为孤立事件是一个巨大的错误。
There needs to be greater intelligence, correlated attacks, to previous attacks,both within a company and between companies.
公司内部和公司之间需要有更大的情报,与以前的攻击相关联的攻击。
The more intel that can link one attack to a previous one, the more equipped we can bein protecting ourselves going forward!
越多的因特尔能够将一次攻击与前一次联系起来,我们就能在未来保护自己的能力就越强!
The hackers are doing far more sharing and collaborating than the good guys.
黑客所做的分享和合作远远多于好人。
转载于:https://www.cnblogs.com/sec875/articles/10246805.html
相关资源:Cloud.Computing.Security.Foundations.and.Challenges