Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008




НазваниеУчебно-методическое пособие Для студентов, аспирантов Таганрог 2008
страница2/16
Дата06.09.2012
Размер1.67 Mb.
ТипУчебно-методическое пособие
1   2   3   4   5   6   7   8   9   ...   16
part of the text, write out the key words and write its summary (see Appendix 1).

Threat Definition. Before a vulnerability analysis can be completed, a description of the threat is required. This description includes the type of adversary, tactics, and capabilities (number in the group, weapons, equipment, and transportation mode). Also, information is needed about the threat to estimate the likelihood that they might attempt the undesired events. The specific type of threat to a facility is referred to as the design basis threat (DBT). The DBT is often reduced to several paragraphs that describe the number of adversaries, their modus operandi, the type of tools and weapons they would use, and the type of events or acts they are willing to commit.

The types of organizations that may be contacted during the development of a DBT description include local, state, and federal law enforcement (to include searching source material) and related intelligence agencies.

After the threat spectrum has been described, the information can be used together with statistics of past events and site-specific perception to categorize threats in terms of likelihood that each type of threat would attempt an undesired event. Safety studies have historical data and statistics to predict the likelihood of an abnormal event and the system response to the event. For security studies, estimating the likelihood that an adversary group will attack a specific

asset presents a challenge. Because of the human element – the fact that humans plan, rehearse, learn and modify in order to optimize the attack effectiveness, the events are not random and many of the required mathematical assumptions cannot be met. Human behavior is difficult to predict and providing a quantified prediction of human behavior is an even more difficult task.

The likelihood of adversary attack can be estimated with a qualitative relative threat potential parameter. Below we describe the factors that can be used to estimate relative threat potential.

Adversary Capability

•Access to region

•Material resources

•Technical skills

•Planning/organizational skills

•Financial resources

Adversary History/Intent

•Historic interest

•Historic attacks

•Current interest in site

•Current surveillance

•Documented threats

Relative Attractiveness of Asset to Adversary

•Desired level of consequence

•Ideology

•Ease of attack

The process for estimating the threat potential follows a complete threat analysis and the parameter is estimated per undesired event and per adversary group. The basis of the parameter estimation includes:

• Characteristics of the adversary group relative to the asset to be protected

• Relative attractiveness of the asset to the adversary group.

The physical protection features must be described in detail before the security system effectiveness can be evaluated. An effective security system must be able to

detect the adversary early and delay the adversary long enough for the security response force to arrive and neutralize the adversary before the mission is accomplished. In particular, an effective security system provides effective detection, delay, and response. These security system functions (detection, delay, and response) must be integrated to ensure that the adversary threat is neutralized

before the mission is accomplished.

DETECTION, the first required function of a security system, is the discovery of adversary action and includes sensing covert or overt actions. In order to discover an adversary action, the following events must occur:

• sensor (equipment or personnel) reacts to an abnormal occurrence and initiates an alarm

• information from the sensor and assessment subsystems is reported and displayed

• someone assesses information and determines the alarm to be valid or invalid. (If determined to be a nuisance alarm (defined below), detection has not occurred.)

Methods of detection include a wide range of technologies and personnel. Entry control, a means of allowing entry of authorized personnel and detecting the attempted entry of unauthorized personnel and contraband, is included in the detection function of physical protection. Entry control, in that it

includes locks, may also be considered a delay factor (after detection) in some cases. Searching for metal (possible weapons or tools) and explosives (possible bombs or breaching charges) is required for high-security areas. This may be accomplished using metal detectors, x-ray (for packages), and explosive detectors. Security police or other personnel also can accomplish detection. Security

police or other personnel can contribute to detection if they are trained in security concerns and have a means to alert the security force in the event of a problem. An effective assessment system provides two types of information associated with detection: (1) information about whether the alarm is a valid alarm or a nuisance alarm, and (2) details about the cause of the alarm, i.e., what, who, where, and how many. The effectiveness of the detection function is measured by the probability of sensing adversary action and the time required for reporting and assessing the

alarm.

DELAY is the second required function of a security system. It impedes adversary progress. Delay can be accomplished by fixed or active barriers, (e.g., doors, vaults, locks) or by sensor-activated barriers, e.g., dispensed liquids, foams. The security police force can be considered an element of delay if personnel are in fixed and well-protected positions. The measure of delay effectiveness is the time required by the adversary (after detection) to bypass each delay element.

RESPONSE, the third requirement of security systems, comprises actions taken by the security police force (police force or law enforcement officers) to prevent adversarial success. Response consists of interruption and neutralization. The measure of response effectiveness is the time between receipt of a communication of adversarial actions and the interruption and neutralization of the action.

Interruption is defined as the response force arriving at the appropriate location to stop the adversary’s progress. It includes the communication to the response force of accurate information about adversarial actions and the deployment of the response force. Neutralization is the act of stopping the adversary before the goal is accomplished. The effectiveness measures for neutralization are security police force equipment, training, tactics, and cover capabilities.

Protection System Effectiveness. Analysis and evaluation of the security system begin with a review and thorough understanding of the protection objectives and security environment. Analysis can be performed by simply checking for required features of a security system, such as intrusion detection, entry control, access delay, response communications, and a response force. However, a security system based on required features cannot be expected to lead to a high-performance system unless those features, when used together, are sufficient to ensure adequate levels of protection.

Risk Estimation

Risk is quantified by the following equation:

R = PA * (1-PE) * C

Where: R = risk associated with adversary attack

PA = likelihood of the attack

PE = likelihood that the security system is effective against the attack

(1 – PE) = likelihood that the adversary attack is successful (also the likelihood that security system is not effective against the attack)

C = consequence of the loss from the attack.

Upgrades and Impacts

If the estimated risk for the threat spectrum is judged to be unacceptable, upgrades to the system may be considered. The first step is to review all assumptions that were made that affect risk. All assumptions concerning undesired events, target identification, consequence definition, threat description, estimation of likelihood of attack, and safeguards functions should be carefully reevaluated. Upgrades to the system might include retrofits, additional safeguard features, or additional safety mitigation features. The upgraded system can then be analyzed to calculate any changes in risk due to change in likelihood of attack, system effectiveness, or consequence values. If the estimated risk for the upgraded system is judged to be acceptable, the upgrade is completed. If the risk is still unacceptable, the upgrade process of assumption review and system improvement should be repeated until the risk is judged to be acceptable.

Once the system upgrade has been determined, it is important to evaluate the

impacts of the system upgrade on the mission of the facility and the cost. If system upgrades put a heavy burden on normal operation, a trade-off would have to be considered between risk and operations. Budget can be the driver in implementing security upgrades. A trade-off between risk and total cost may have to be considered. When balance is achieved in the level of risk and upgrade

impact on cost, mission, and schedule, the upgraded system is ready for implementation. At this point, the design/analysis process is complete.


Vocabulary tasks

Form the word combinations and give their definitions.

Risk, threat

Give your definitions of the following terms.

Estimate risk, facility, consequence, reduce risk, access point, severe environmental damage, threat.


Make the word combinations.

    1. site a) detection

    2. commit b) definition

    3. detect c) operandi

    4. protection d) control

    5. intrusion e) boundary

    6. threat f) an adversary

    7. assess g) description

    8. entry h) an act

    9. consequence i) objective

    10. modus j) risk


What do the following abbreviations from Text 1 mean?

RAM, PA, PE, C


Translate into Russian the following paragraph.

Methods of detection include a wide range of technologies and personnel. Entry control, a means of allowing entry of authorized personnel and detecting the attempted entry of unauthorized personnel and contraband, is included in the detection function of physical protection. Entry control, in that it includes locks, may also be considered a delay factor (after detection) in some cases. Searching for metal (possible weapons or tools) and explosives (possible bombs or breaching charges) is required for high-security areas. This may be accomplished using metal detectors, x-ray (for packages), and explosive detectors. Security police or other personnel also can accomplish detection. Security police or other personnel can contribute to detection if they are trained in security concerns and have a means to alert the security force in the event of a problem. An effective assessment system provides two types of information associated with detection: (1) information about whether the alarm is a valid alarm or a nuisance alarm, and (2) details about the cause of the alarm, i.e., what, who, where, and how many. The effectiveness of the detection function is measured by the probability of sensing adversary action and the time required for reporting and assessing the

alarm.

Complete the text by translating Russian phrases given in brackets.

Establish Information Risk Management (IRM) Policy. A sound IRM program is founded on (1 хорошо продуманной инфраструктре IRM) that effectively addresses all elements of information security. (2 Общепринятые принципы информационной безопасности) currently being developed based on an Authoritative Foundation of supporting documents and guidelines will be helpful (3 в выполнении этого задания). IRM policy should begin with a high-level policy statement and supporting (4 цели), scope, constraints, responsibilities, and approach. This high-level policy statement should drive subordinate controls policy, (5 от логического управления доступа) to facilities security, (6 до прогноза внештатных ситуаций). Finally, IRM policy should be effectively communicated and enforced to all parties. Note that this is important both for (7 внутреннего контроля) and, with EDI, the Internet, and other (8 внешние воздействия), for secure interface with the rest of the world.


Translate into English.

Специалист, несущий ответственность за выполнение заданий по оценке риска должен ясно представлять области, которые охватывает информационная безопасность. В первый год работы программы УИР руководитель должен уделить 50-75% своего времени установке и выполнению комплекса задач УИР (IRM).


Grammar

Present Time. Active and Passive Voice.

Active Voice.

The Present Simple Tense.

Употребление. Обычные, постоянные, повторяющиеся действия. Usually I go to the university by tram. She lives in London. Общеизвестные истины. The earth goes round the Sun. Имеются временные показатели: usually –обычно; always – всегда; every morning, year, – каждое утро, год; оften – часто; seldom – редко. Если имеется или можно подставить один из этих показателей в предложение, то предложение следует строить в Present Simple.

Образование.

I work. I do not work. Do I work?

He works. He does not work. Does he work?

She works. She does not work. Does she work?

It works. It does not work. Does it work?

We work. We do not work. Do we work?

You work. You do not work. Do you work?

They work. They do not work. Do they work?


The Present Continuous Tense.

Употребление. Процесс, действие, происходящее в момент речи. I am writing now. Действие, происходящее не в данный момент, а в период, относящийся к настоящему времени. I am studying English. Возможно не в данный конкретный момент, а в период настоящего времени. Действие, запланированное на ближайшее будущее. They are leaving tomorrow. Временные показатели: now –сейчас. Если имеется или моно поставить now в предложение, предложение следует строить в Present Continuous.

Образование.

I am working. I am not working. Am I working?

He is working. He is not working. Is he working?

She is working. She is not working. Is she working?

It is working. It is not working. Is it working?

You are working. You are not working Are she working?

We are working. We are not working. Are we working?

They are working. They are not working. Are they working?


Grammar tasks


Test A. Write negative sentences and questions.

1. Most people measure the cost of security high.

2. An evaluation helps consumers to determine the level of security of IT product or system.

3. Computer systems security protects the system against intentional acts.

4. Security officers have the authority to develop an effective police.

5. Computer security plays an important role in any organization policy.

6. Business functions become increasingly dependent on small computer systems.

7. Responsibility for the business functions lies with senior executives.

8. A successful security program consists of a number of interrelated key elements.


Test B. Put the verbs in brackets in the correct form of Present Simple.

1. The article (deal) with artificial intelligence.

2. Enterprises around the world (undergo) transformations.

3. Your company (realize) the value of developing enterprise-wide security?

4. Custom applications (require) writing unique security code?

5. Dishonest employees (not want) their acts to be discovered.

6. An Honest employee (not make) mistakes in data entry.

7. A disgruntled employee is one, who (work) for an organization and (want) to cause harm to it.

Test C. Put the words in brackets in the correct form, Present Simple or Present Continuous.

1. Hi! Where (go)? – I (see) my partners in 20 minutes.

2. What you (do)? – I (be) an engineer, but now I (work) as a manager.

3. The train (leave) at 8.48. Hurry up. – OK. I (come).

4. What you (look) for? – I (try) to find my papers.


Present Perfect Simple.

Употребление. Действия, совершенные в прошлом, имеющие результат или связаны с настоящим. I have lost my book –Я потерял свою книгу (На данный момент у меня её нет. Результат – потерянная книга). I lost my book last week – На прошлой неделе я терял книгу (Возможно на данный момент уже нашел. Действие было в прошлом, настоящие не известно).

Жизненный опыт. Достижения человека. My cousin has made over 25 films (Мой брат снялся в более, чем 25 фильмах). Сравните: Charlie Chaplin made over 55 films. Временные показатели: already – уже, just – только что, ever –когда-либо (вопросительные предложения), never – никогда, yet –еще (в отрицательных предложениях), still – все еще, today, this week – неистекший отрезок времени.

Образование.

I have worked/written I have not worked/written

He has worked/written He has not worked/written

She has worked/written She has not worked/written

It has worked/written It has not worked/written

We have worked/written We have not worked/written

You have worked/written You have not worked/written

They have worked/written They have not worked/written


Grammar tasks


Test A. Choose the correct form of the verb (Present Perfect/Past simple).

1. We worked/have worked over this project since I came/have come to the

department.

2. We developed/have developed this program in 2005.

3. At last he presented/has presented his report.

4. When did you finish/have you finished this work?


Test B. Put the verbs in brackets in the correct form

(Present Perfect/ Past Simple).

1. Since the early efforts to conduct quantitative risk assessment, it (gain) its

supporters and opponents.

2. First some developers (launch) and (develop) quantitative approaches.

3. The National Bureau of Standards (publish) this document in 1979.

4. They already (present) their recommendations of information security.


Test C. Translate into English using Present Perfect or Past Simple.

1. Привет! Давно тебя не видел. Где ты был?

2. Я был в Лондоне. - Когда вернулся? - Два дня назад.

3. Мы изучили ваше заявление.


Passive Voice.

Употребление. Страдательный залог употребляется, когда исполнитель действия неважен или неизвестен. Для говорящего, гораздо важнее описать действие, совершенное над объектом. Эта особенность пассивного залога отражается в построении предложений.

Построение предложений в страдательном залоге. Наибольший интерес представляет объект действия, поэтому то, на что направлено действие в страдательном залоге занимает место подлежащего. Исполнитель действия либо не упоминается, либо находится после глагола с предлогом by. Предложения в страдательном залоге строятся по схеме: be+ третья форма глагола в соответствующем времени. Форма глагола be должна соответствовать лицу и числу подлежащего, как показано в примерах.

Present Simple. I'm always listened to carefully.

Меня всегда внимательно слушают.

Present Continuous I am being listened to.

Меня сейчас слушают.

Past Continuous The lecturer was being listened to.

Лектора слушали.

Present Perfect Dinner has been cooked.

Обед готов (приготовлен).

Модальные глаголы и конструкции в страдательном залоге подчиняются одной схеме построения: сan, may, must, might, should, have to, ought to, be to – be done.

Например: It must be done. Это обязательно нужно сделать.


Grammar tasks


Test А. Choose the correct form of Passive Voice.

1. The assumed threats to security specify/ specified/are specified below.

2. The unauthorized disclosure has been prevented/has prevented/has being prevented.

4. The repeatable key based/is based/bases on the following principles.

5. Knowing about the risk, one better is prepares/prepared/is prepared better.

6. A sound IRM program founds/founded/is founded on a well thought out IRM policy infrastructure.

7. An event, the occurrence of which could have an undesirable impact, is defined/define/ defines as threat.


Test B. Put the verbs in brackets in the correct form of Passive Voice.

1. Uncertainty (measure) inversely with the respect to confidence.

2. The papers of the conference (translate) into 12 languages.

3. Both expected frequency and exposure factor for fire (increase) by not having a fire suppression system.

4. Exposure factor (express) as a percent.

5. Generally accepted Information Security Principles (base) on an Authoritative Foundation of supporting documents and guidelines.

6. It is essential that the process of analyzing and accessing risk (understand) by all sides.


Test C. Put the verbs in brackets in the correct form, Active or Passive Voice.

1. The curves (show) in figure 4.

2. Our analysis (suggest) the spheres of practical application of our technique.

3. Our ongoing work (focus) on the use of other biometric measurements.

4. If the BUSINESS module (choose) this can (use) to generate a detailed questionnaire appropriate to the system under review.

5. Nowadays real-time operating system (employ) in consumer devices.

6. These systems (share) an unmatched reputation for operating 24 hours a day, 365 a year, nonstop.


Communication

You’re going to have a course in English in the UK / the USA / Canada / Australia. Talk about it to the Embassy official. Tell him about yourself, your interests, aims period of study, accommodation.


Writing

Fill in Entry Card.

ENTRY CARD

Please complete clearly in Block Capitals

Family Name




Forenames




Date of Birth

Day Month Year

Nationality




Place of Birth




Sex: 1 – Male 2 – Female




Occupation




Passport No.




Date of Issue




Purpose of Entry

1 – Employment

2 – Residence

3 – Visit

4 – Transit

5 – Special Permit

6 – Tourism

7 – Study




Address in UK/USA/Canada/Australia




Signature




For official use only

Date of Entry




No.of Visa




Date of Issue




File No.




Flight No.




Signature Passport Officer






Additional vocabulary.

1. Assess risk – оценить риск

2. the likelihood of adversary attacks – вероятность злоумышленных атак

3. respective critical asset – активы с предполагаемой подверженностью риску

4. site boundary – границы участка

5. process description описание процесса

6. safety analysis report – отчет/анализ безопасности

7. environmental impact statement – заключение о влиянии на окружающую среду

8. site survey – исследование территории

9. design basis threat – угроза для исходных данных проекта

10. modus operandi – план, способ действия

11. commit an act/event – совершить действие

12. local/state/federal law enforcement – принудительное осуществление закона

13. detect an adversary – обнаружить злоумышленника

14. delay an adversary – воспрепятствовать злоумышленнику

15. bypass each delay element - блокировать каждый задержанный элемент

16. sense a covert/overt action – обнаружить тайное/явное действие

17. protection objective – цель защиты

18. security environment - условия безопасности

19. deployment of the response force – применение ответных сил

20. intrusion detection – обнаружение вторжения

21. entry control – контроль ввода

22. access delay – задержка доступа

23. response force – сила воздействия, силы ответных действий

24. target identification - опознавание цели

25. consequence definition – определение последствий

26. threat description – описание угрозы

27. estimation of likelihood of attack – оценка вероятности атаки

28. safeguards functions – функции мер безопасности

29. retrofit - модифицированная модель, усовершенствованная конструкция


Unit 3. Methods of Cryptography.

Vocabulary

What do the following terms and word combinations mean?
1   2   3   4   5   6   7   8   9   ...   16

Похожие:

Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по формированию компетенции в грамматике (английский язык)
Пособие для самостоятельной работы студентов 3 – 4 курсов (бакалавриат). – Таганрог: Изд-во тти, 2008. – 100 с
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconВведение в профессию комплект методического обеспечения учебно-методическое пособие
Учебно-методическое пособие предназначено для преподавателей, студентов, аспирантов
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconСоциология Учебно-методическое пособие для студентов Казань 2010 удк 005 101 1701841 ббк 60 5 (Я 7) Печатается по решению предметно-проблемного совета гуманитарных и социально-экономических дисциплин
Учебно-методическое пособие предназначено для студентов дневной и заочной формы обучения, преподавателей и аспирантов
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по курсу «Рентгенографический анализ» Казань, 2010
Методическое пособие предназначено для студентов и аспирантов геологического факультета
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие Ярославль, 2009 Скопин А. А., Разработка и технологии производства рекламного продукта: Учебно-методическое пособие. Ярославль, «Ремдер», 2009 118 с
Учебное пособие предназначено для студентов, аспирантов, преподавателей. Актуальность рассматриваемых вопросов делает пособие привлекательным...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие для аспирантов
Английский язык для аспирантов = English for Post-Graduates / Учеб метод пособие для аспирантов / Авт сост.: О. И. Васючкова, Н....
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие по курсу Технико-экономическое проектирование для студентов специальности 22. 01
Учебно – методическое пособие по курсу “Технико-экономическое проектирование”. Сост. Ю. В. Брусницын, А. Н. Гармаш. Таганрог, трту,...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconУчебно-методическое пособие Казань 2008 федеральное агентство по образованию государственное образовательное учреждение высшего профессионального образования
Полевая археологическая практика Казанского государственного университета: Учебно-методическое пособие для студентов, обучающихся...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconМетодическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008
Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые...
Учебно-методическое пособие Для студентов, аспирантов Таганрог 2008 iconМетодическое пособие для аспирантов и студентов всех форм обучения Иркутск 2008
Методическое пособие предназначено для аспирантов и студентов всех специальностей и форм обучения. В нем разъясняются важные узловые...
Разместите кнопку на своём сайте:
Библиотека


База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека
Главная страница