I.PMI Authority (authorization) management infrastructure
1, the access control includes which 2 important process and content;
Two important processes for access control:
1) certification process, through the "identification" to test the legal status of the subject;
2) Authorization management that grants users access to a resource through authorization.
2 . What is the difference between PMI and PKI ? Which is "What can you Do" and which is "who are you ?"
PMI mainly authorizes the management, proves that the user has what authority, can do, namely "what you can Do";
PKI is mainly to identify and prove the identity of the user, that is, who you are.
Second, information security audit system
1.national standards of the People's Republic of China - 5 levels of computer system security ;
First level: User-independent protection level
Second level: System Audit protection level
Third pole: Safety mark protection level
Level fourth: Structured protection level
Level Fifth: Access authentication protection level
2, the concept of network monitoring type, active information acquisition type, system embedded type AGENT ;
Network monitoring Agent needs to run on a dedicated network monitoring hardware platform, in the system, the hardware is called the network probe.
The system embedded Agent is a security protection software installed on each protected host, which realizes the host-based safety audit and supervision.
Active information Acquisition Agent mainly implements the log collection for some non-host types of devices, such as firewalls, switches, routers, etc.
Iii. Organization and management of information security system
1, the Enterprise Information security organization and management, personnel security including which 6 ;
Personnel review
Post Responsibility and authorization
Personnel training
Personnel assessment
Sign a confidentiality contract
Personnel transfer
2, the training for information security is divided into four levels, the main content at all levels;
1) Knowledge-level training
The purpose of knowledge-level training is to establish sensitivity to the threat and vulnerability of computer information systems and to understand the basic knowledge of computer information system protection.
2) Policy-level training
The goal of policy-level training is to provide the ability to understand the security principles of computer information systems, so that administrative leaders can make reasonable and scientific policies for the safety of computer security in the enterprise.
3) Implementation level training
Implementation-level training provides awareness and assessment of the ability of computer information systems resources to withstand threats and attacks, and through training, leaders at all levels of security responsibility and security management leaders can formulate and implement their corporate security policies.
4) executive level training
Implementation-level training is designed to provide a variety of computer information system personnel with the methods and skills to design, implement and evaluate their computer information system security protocols, so that staff members can apply security concepts when performing tasks related to their functions.
3. How many working groups have been established in the Information Security Standard Committee?
WG1 Information security standards system and coordination workingGroup,WG3 Cryptographic algorithm and cryptographic module workingGroup,WG4 Identification and authorization Working Group,WG5 Information security Assessment Working Group and WG7 Information Security Management Working Group.
Third, Isse-cmms
1. What are the three types of process areas included in ISSE-CMM?
Engineering, projects and organizations
Iv. New Technologies
1, three models of cloud computing;
Infrastructure-as-a-service IAAS, platform -as-a-service PAAS, software -as-a-service SAAS
2, the three layer of the internet of things;
Perceptual layer, network layer and application layer
3, the difference of incident management, problem management, service level agreement;
problem management: frequently occurring problems ( find the cause of the problem )
service level agreement: on technology and quality ( )
4, see "Big Data Development Program", Internet +, China Intelligent manufacturing 2025.
5, theWEB SERVICE applies four kinds of circumstances, and does not apply 2 kinds of circumstances;
WebService Use cases:
1. Cross-firewall
2. integration of applications written in different languages and running on different platforms
3. Cross-company business integration
4. Software Reuse
Not suitable for:
1. stand-alone applications
2. homogeneous applications in the LAN
6,DAS,NAS,SAN the difference;
DAS: Direct-attached storage
NAS: Network-attached storage
SAN: Storage-based network
7. What are the 6 subsystems of theintegrated cabling system? ;
Buildings, vertical, horizontal, equipment, management, work area
October 26, 2015 jobs