资源描述:
《Chapter 27 Conclusion》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、CHAPTER27ConclusionsWeareinthemiddleofahugechangeinhowsecurityisdone.Tenyearsago,thesecuritymanagerofalargecompanywasusuallyaretiredsoldierorpolicemen,forwhomcomputersecuritywasanunimportantspecialityhelefttothecomputerdepartment,withoccasionalhelpfromoutsidespecialists.Intenye
2、arstime,hisjobwillbeoccupiedbyasystemsperson;shewillconsiderlocksandguardstobearelativelyunimportantspecialitythatshellfarmouttoafacilitiesmanagementcompany,withanoccasionalreviewbyoutsidespecialists.Tenyearsago,securitytechnologywasanarchipelagoofmutuallysuspi-ciousislandsthec
3、ryptologists,theoperatingsystemprotectionpeople,theburglaralarmindustry,rightthroughtothechemistswhodidfunnybanknoteinks.Weallthoughttheworldendedatourshore.Securityengineeringisnowonthewaytobecominganestablisheddiscipline;theislandsarealreadybeingjoinedupbybridges,andpractitio
4、nersnowrealisetheyhavetobefamiliarwithallofthem.Thebanknoteinkmanwhodoesntunderstanddigi-talwatermarks,andthecryptologistwhosonlyinterestedincommunicationsconfidentialitymechanisms,arepoorvalueasemployees.Intenyearstime,everyonewillneedtohaveasystemsperspectiveanddesigncomponent
5、sthatcanbeintegratedintoalargerwhole.Tenyearsago,informationsecuritywassaidtobeaboutconfidentiality,integrityandavailability.Theseprioritiesarealreadyreversedinmanyappli-cations.Securityengineeringisaboutensuringthatsystemsarepredictablydependableinthefaceofallsortsofmalice,from
6、bomberstobotnets.Andasattacksshiftfromthehardtechnologytothepeoplewhooperateit,systemsmustalsoberesilienttoerror,mischanceandevencoercion.Soarealisticunderstandingofhumanstakeholdersbothstaffandcustomersiscrit-ical;human,institutionalandeconomicfactorsarealreadyasimportantastec
7、hincalones.Thewaysinwhichrealsystemsprovidedependabilitywillbecomeevermorediverse,andtuningthesecuritypolicytotheapplication889890Chapter27■Conclusionswillbeasessentialasavoidingtechnicalexploits.Intenyearstime,protec-tiongoalswillnotjustbeclosertotheapplication,theywillbemores
8、ubtle:examplesincludeprivacy,safety,andaccountability.