ASP技术安全策略与机制
来源:56doc.com 资料编号:5D2661 资料等级:★★★★★ %E8%B5%84%E6%96%99%E7%BC%96%E5%8F%B7%EF%BC%9A5D2661
资料介绍
附 录 附录1:文献翻译 asp安全策略与机制(中文原文) 具有深厚IT技术人才的短缺和企业软件产品开发费用的上升造就了新的开发模式--Application Service Provider(ASP)的出现。ASP使企业在不需要负担象传统作坊式开发那样昂贵费用即可开发出大型、复杂的企业级应用。通过使用ASP,企业可将在系统可用性、性能和可伸缩性方面的负担留给开发商。然而在对这些方面的要求外,企业还必须考虑与安全性、隐私和敏感或私有数据等问题。实际上,安全性已迅速成为许多ASP最关切的问题。对于安全性的关注当然早已不是什么新鲜事。ASP模型的主要不同点在于许多安全控制和机制必须由asp提供和完成。 1.asp的安全性 如果经常阅读关于计算机领域的报道,就会发现经常总是有许多计算机犯罪或安全事故的文章。自从2000年以来,新病毒或分布式拒绝服务(DDoS)已成为主要的安全问题。据Yankee Group报道,因Yahoo、eBay、Amazon.com和其它网站受到DDoS攻击所造成的损失达12亿美金。根据2000 Computer Security Institute/FBI Computer Crime and Security Study报告,仅在1999年共有273家组织或公司因计算机犯罪而造成$265,589,940美金的经济损失。明显地,安全风险总是存在,计算机犯罪也总会发生。因此,为了尽可能降低安全风险,安全策略和措施必须设计并实施。对于asp,也起码有不少安全需求应该关注。 2.asp安全策略 ASP应该为其应用架构制定如果管理和维护其内部安全状态的安全策略。例如口令管理、安全审计、拨号访问和互联网访问等应在完整的企业IT安全策略中制定。通常隐私策略被认为是对安全策略的扩展。大多数ASP将其隐私策略在网站上公布。基本地,隐私策略应该指出asp认为哪些数据是机密的,和这些数据如何能和如何不能被使用。不幸的是,由政府隐私研究组织所属的Electronic PrivacyInformation Center (EPIC)最近一份报告表明,虽然许多网站公布其隐私保护策略,但实际上却极少真正被实施。(所有权: 毕业设计网 QQ:306826066) asp security policy and mechanism(英文翻译) Had the deep IT technology talented person short and the enterprise software product development cost rise has accomplished the new development pattern - - Application Service Provider(ASP) appearance. ASP causes the enterprise in not to need to bear likely the traditional workshop type development such expensive expense then to develop large-scale, the complex enterprise application. Through uses ASP, the enterprise may in the system usability, the performance and the expandable aspect burden leaves the developer. However in to these aspect request outside, the enterprise also must consider and the security, the privacy and questions and so on sensitive or private data. In fact, the security has rapidly become many ASP kindest questions. Regarding the secure attention is certainly already not the something new. The ASP model main diversity lies in many safety controls and the mechanism must provide by asp and complete. 1. asp secure If the secure need reads frequently about the computer domain report, can discover always has many computer-related crimes or the security accident article frequently. Since 2000, the new virus or distributional has refused to serve (DDoS) to become the main security problem. According to Yankee Group reported, because of Yahoo, eBay, Amazon.com and other websites have the loss which the DDoS attack creates to amount to 1,200,000,000 dollars. According to 2000 Computer Security Institute/FBI Computer Crime and Security Study reported that, only altogether had 273 in 1999 to organize or the company creates $265,589,940 dollar economic losses because of the computer-related crime. The security risk always exists obviously, the computer-related crime also general meeting occurs. Therefore, in order to reduce the security risk as far as possible, the security policy and the measure must design and implement. Regarding asp, also has many security requirements to be supposed at least to pay attention. 2.asp security policy ASP should for it using the construction formulation if manages and maintains its internal security condition the security policy. For example the password management, the safe audit, the digit dialing visit and the Internet visit and so on should formulate in the integrity enterprise IT security policy. The usual privacy strategy was considered is to the security policy expansion. Majority ASP announce its privacy strategy in the website. The privacy strategy should point out basically asp thought which data are secret, how can with how not be able to use with these data. Unfortunately, studies organization respective Electronic PrivacyInformation Center by the government privacy the (EPIC) recent report to indicate, although many websites announce its privacy protection strategy, but actually extremely are in fact few is implemented truly.(所有权: 毕业设计网 QQ:306826066) |