Complex Subject – Сложное подлежащее

PROTECTING INFORMATION SYSTEMS

Information systems become increasingly important business assets, they also become progressively harder to replace. When computers are connected to a network, a problem at any location can affect the entire network. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.

These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Computer security can focus on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. Information assurance focuses on the reasons for assurance that information is protected, and is thus reasoning about information security.

Governments, military, corporations, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a business’s customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to negative consequences. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. This section discusses three important security threats: computer crime, viruses, and disasters that may damage information systems.

COMPUTER CRIME

Computers provide efficient ways for employees to share information. But they may also allow people with more malicious intentions to access information. Or they may allow pranksters – who have no motive other than to see whether they can hack into a system – to gain access to classified information. Common computer crimes involve stealing or altering data in several ways:

  • Employees or outsiders may change or invent data to produce inaccurate or misleading information
  • Employees or outsiders may modify computer programs to create false information or illegal transactions or to insert viruses.
  • Unauthorized people can access computer systems for their own illicit benefit or knowledge or just to see if they can get it.

Computer crime is on the rise. The number of violations of Internet security as reported to the Computer Emergency Response Team Coordination Center, located on the Web at http://www.cert.org, has risen sharply in recent years. In 1990, only six incidents were reported. Recently, the number of reported incidents soared to over 82,000. Of course, the statistics don’t include the number of incidents that were not reported, so the total is probably much higher.

Individuals, businesses, and government agencies are all vulnerable to computer crime. Computer hackers – unauthorized users – sometimes work alone and sometimes in groups. One pair of hackers, nicknamed “Deceptive Duo”, once claimed that they hacked into Midwest Express Airline’s intranet. In an e-mail to several news organizations, the hackers said that their goal was to embarrass the airline and show how easy it is to gain access to supposedly secure networks. The hackers even posted evidence of their break-in on the Web site of the U.S. Space and Naval War Systems Command.

Perhaps the most significant problem businesses face as a result of computer technology is data security. Companies with valuable or sensitive information stored in a computer worry about competitors or thieves raiding the database simply by dialing in through a modem. Even firms that don’t share their databases are subject to security breaches. U.S. corporations spend more than $10 billion annually on network security. Even so, over 40 percent of 600 companies surveyed reported recent security break-ins, and the estimated annual cost of computer crime is as high as 15 billion. The entire U.S. electronic infrastructure, including banks, financial markets, transportation systems, power grids, and telecommunication systems, could be vulnerable to attack. In one recent case, Russian hackers broke into Citibank’s network and electronically stole $10 million. The FBI reports that more than $25 billion in proprietary information is being taken from companies like General Motors, Intel, and Hughes every year. Thanks to the computer’s ability to store information electronically, spies can steal information without physically taking anything, thereby leaving no trace of the theft. The Economic Espionage Act of 1996 imposes fines of up to $10 million and sentences of up to 15 years in computer theft cases involving espionage, but even so, companies must still take strong precautions to protect themselves.

System administrators implement two basic protections against computer crime: They try to prevent access to their systems by unauthorized users and the viewing of data by unauthorized system users. To prevent access, the simplest method requires authorized users to enter passwords. The company may also install firewalls. Highly sophisticated packages will immediately alert system administrators about suspicious activities. To prevent system users from reading sensitive information, the company may use encryption software, which encodes, or scrambles, messages.

Cryptography Information security uses cryptography to transform information into a form that renders it unusable by anyone other than authorized user; this process is called encryption. Information that has been encrypted (rendered unusable) can be transformed back into its original usable form by an authorized user, who possesses the cryptographic key, through the process of decryption. Cryptography is used in information security to protect information from unauthorized or accidental disclosure while the information is in transit (either electronically or physically) and while information is in storage. Cryptography provides information security with other useful applications as well including improved authentication methods, message digests, digital signatures, non-repudiation, and encrypted network communications. Older less secure applications such as telnet and ftp are slowly being replaced with more secure applications such as ssh that use encrypted network communications. Wireless communications can be encrypted using protocols such as WPA / WPA2 or the older and less secure WEP. Wired communications (such as ITU-T G.hn) are secured using AES for encryption and X.1035 for authentication and key exchange.

Cryptography can introduce security problems when it is not implemented correctly. Cryptographic solutions need to be implemented using industry accepted solutions that have undergone rigorous peer review by independent experts in cryptography. The length and strength of the encryption key is also an important consideration. A key that is weak or too short will produce weak encryption. The keys used for encryption and decryption must be protected with the same degree of rigor as any other confidential information. They must be protected from disclosure and destruction and they must be available when needed.

Thus, to read encrypted messages, users must use a key to convert them to regular text. But as fast as software developers invent new and more elaborate protective measures, hackers seem to break through their defenses. So security is an ongoing battle.

Vocabulary Notes

business assets - бизнес-активы; достояние деловой жизни

entire - весь, всецелый

information security - информационная безопасность

unauthorized - несанкционированный, неполномочный

disclosure - раскрытие

disruption - разрушение, срыв

perusal - чтение, просматривание

inspection - инспектирование (наблюдение за состоянием объектов программы)

security - защита, безопасность

threat - угроза

disaster - бедствие; авария; катастрофа

information assurance - обеспечение (гарантия) информационной безопасности

assurance - 2) уверенность, убеждённость

interchangeably - взаимозаменяемо

to interrelate - взаимодействовать

common goal - общая цель

primarily - главным образом, прежде всего

to focus on - сосредотачивать внимание на чём-либо

to be concerned with - иметь отношение, касаться чего-либо

integrity - неприкосновенность, целостность

regardless of - невзирая на

to ensure - обеспечивать, гарантировать

to reason about - рассуждать, аргументировать; обосновывать необходимость ч-либо

breach - нарушение, брешь

requirement - требование

to amass a great deal of - собирать, накапливать большое количество чего-либо

malicious intentions - вредноносные намерения, злой умысел

prankster - шутник

to hack into a system - взламывать систему

to alter - изменять

inaccurate - неточный

misleading - вводящий в заблуждение; обманчивый

to insert viruses - вносить вирусы

illegal transaction - незаконная операция, трансакция; сделка

illicit benefit - незаконная выгода

violations - нарушения

Computer Emergency Response Team Coordination Center (CERT) - группа

реагирования на компьютерные чрезвычайные происшествия (США)

to soar - стремительно повышаться

vulnerable - уязвимый

hacker - хакер

nicknamed “Deceptive Duo” - по кличке «Разводящий Дуэт» или «Парный лохотрон»

to embarrass - смутить, приводить в замешательство

to post evidence - отправить доказательства, улики

(to) break-in - взлом; взламывать

US Space and Naval War Systems Command - командование военными космическими

и морскими системами (США)

sensitive information - конфиденциальная информация

to raid - рейдерски захватывать; налетать; грабить

by dialing in through a modem - набирая номер или подключаясь через модем

security breaches - нарушение правил безопасности

estimated annual cost - подсчитанная годовая стоимость

power grid - энергосистема

proprietary information - частная (являющаяся чьей-либо собственностью) информация

to impose fines - налагать штрафы

sentences - приговоры

espionage - шпионаж

precautions - меры предосторожности

system administrator - системный администратор

to implement - осуществлять, реализовывать

firewall - брандмауэр

highly sophisticated - очень сложный

to alert - предупреждать, извещать

suspicious - подозрительный

encryption software - программное обеспечение шифрования

to encode - кодировать, шифровать

to scramble - зашифровать

cryptography - криптография, шифрование

to render - приводить в какое-либо состояние; делать

authorized user - полномочный (санкционированный) пользователь

to encrypt - шифровать, кодировать

to possess - владеть, обладать

cryptographic key - криптографический ключ

decryption - расшифровка

in transit - в пути

authentication - аутенфикация; подтверждение подлинности; подтверждение

права на доступ

message digests - краткие сообщения; дайджест-сообщения

non-repudiation - принятие действия, неотказ от принятия антимер

telnet - протокол telnet; программа telnet; удалённый вход в систему

ftp - протокол передачи файлов

AES = application environment specifications - спецификации среды прикладных

программ

key exchange - обмен, перестановка, замена ключа

rigorous - строгий

rigorous peer review - строгое рецензирование

destruction - разрушение, уничтожение

elaborate - тщательно разработанные

Exercises

1.Read and translate the following expressions into Russian:

1.to become harder to replace 2.to affect the entire network 3.to protect information systems from perusal and disclosure 4.unauthorized access into information systems 5.to use interchangeably 6.to share the common goal 7.to have subtle differences 8.to be concerned with the confidentiality, integrity and availability of data 9.to focus on the problems of computer security 10.negative consequences 11.ethical and legal requirement 12.to provide efficient ways 13.malicious intentions 14.inaccurate or misleading information 15.to insert viruses 16.to be on the rise 17.the number of reported incidents 18.to be vulnerable to computer crime 19.to hack into a system 20.to have a goal to embarrass somebody 21.break-in on the Web site of any organization 22.to face a significant problem 23.to raid the database by dialing in through a modem 24.to lead to security breaches 25.the estimated annual cost 26.to be vulnerable to attack 27.to leave no trace of the theft 28.to sentence somebody to 5 years for theft 29.to take strong precautions against security break-ins 30.to implement protections against computer crime 31to install firewalls 32.to prevent somebody from doing something 33.to use encryption software 34.to render something unusable by anyone 35.to transform encrypted information back into its original usable form 36.to possess the cryptographic key 37.through the process of decryption 38.to include improved authentication methods, digital signatures and encrypted network communications 32.to undergo rigorous review by independent experts in cryptography 33.to invent new and more elaborate protective measures  

2.Replace the underlined words or word-combinations with the words of similar meaning given in the box:

frequently focuses on crime regardless of affect experts vulnerable to precautions a great deal location status renders is concerned with breach possess malicious annually consideration negative consequences amass rigorous interchangeably entire ongoing unauthorized transforming replaced with on the rise hack into customers protect competitor

1. One of the tasks of information security is to defend information and information systems from illegal access.

2. The terms information security, computer security, and information assurance are often used in one and the same meaning.

3. Information security deals with the confidentiality, integrity, and availability of data without worrying about the form the data may take.

4. Information assurance concentrates on the reasons for assurance that information is secured.

5. Various organizations collect a lot of confidential information about their employees, clients, products, research, and financial standing.

6. If the confidential information fall into hands of a rival, such a gap of security can lead to bad results.

7. When computers are connected to a network, a problem at any place or position can influence the whole network.

8. People with evil intentions can break into a system; such actions may be qualified as computer offense.

9. Computer crime is increasing. All organizations are not completely protected against computer crime.

10. U.S. corporations spend much money every year on network security.

11. Companies must still take strong protective measures against computer theft cases.

12. The process of converting information into a form that makes it unusable by anyone other than authorized user is called encryption.

13. An authorized user must have the cryptographic key.

14. Older less secure applications such as telnet and ftp are slowly being changed for more secure applications.

15. Cryptographic solutions must undergo strict review by independent professionals in cryptography.

16. The length and strength of the encryption key is also an important matter.

17. So security is a continuing battle.

3.Answer the questions:

1. What does the term “information security” mean in general?

2. What is the difference between the terms information security, computer security, and information assurance?

3. Why do many organizations such as governments, military, corporations, financial institutions, private businesses, and nonprofit companies worry about information security?

4. What are the three important security threats?

5. What are the most common ways of stealing or altering data when a computer crime occurs?

6. Are computer crimes on the rise or on the fall? Prove your answer with some examples.

7. What is your opinion about computer hackers? Are they really so dangerous as they are told about?

8. What is the simplest way for competitors or thieves to raid the database of any company?

9. What sums of money do American corporations spend annually on network security?

10. What measures did the Economic Espionage Act take against computer theft cases?

11. What two basic protections against computer crime do system administrators implement?

12. What do you think why companies are still vulnerable to computer crime in spite of numerous protections existing nowadays?

13. What does information security use cryptography for? Say a few words about encryption and decryption processes.

14. What can you say about encryption and decryption keys?

15. What do we mean saying that security is an ongoing battle?

Complex Subject – Сложное подлежащее

Первая часть комплекса – личное местоимение в именительном падеже или существительное в общем падеже. Вторая часть комплекса – инфинитив. Особенность данного комплекса состоит в том, что его части отделены друг от друга сказуемым предложения. Сам комплекс выполняет функцию сложного подлежащего.

It is said that diamonds are forever.

Diamonds are said to be forever. Говорят, что бриллианты вечны.

It is known that he is a talented and promising manager Известно, что он талантливый и

He is known to be a talented and promising manager. подающий надежды менеджер.

said believed considered known found expected Indefinite Infinitive known + Infinitive Continuous supposed Perfect Infinitive reported proved turned out happened seemed (etc)

Task 1 Paraphrase the sentences using complex subject.

Pattern: It is said that Apple has developed the personal computer market.

Apple is said to have developed the personal computer market.

It is reported that the company uses new security methods against computer crimes.

The company is reported to use new security methods against computer crimes.

1. It is known that cryptography is an effective measure against security break-ins.

2. It is supposed that Bill Gates has named one of the computer languages Melinda in honor of his beloved wife.

3. It is considered that computer crime is rising nowadays.

4. It is reported that a pair of hackers have hacked into Midwest Express Airline’s intranet.

5. It is suspected that Russian hackers have stolen electronically $10 million from Citibank’s network.

6. It is thought that computer crime, viruses, and disasters are three important security threats.

7. It is said that Bill Gates is living now near Lake Washington with his wife Melinda French Gates and their three children.

8. It is estimated that annual cost of computer crime is as high as $15 billion.

9. It is recommended that companies must take strong precautions to protect themselves.

10. It is believed that older less secure applications are steadily being replaced with newer and more reliable ones.

11. It is known that Nokia has launched a new high-tech model of a mobile phone

12. It is considered that the leading area of innovation in the 21st century is security – whether it’s the protection of information or the protection of people.

Наши рекомендации