In the big data age of information security, what are the main types of data and information security ?, Information Security

In the big data age of information security, what are the main types of data and information security ?, Information Security

In the big data age of information security, what types of data and information security are mainly divided? Information security is a huge field that involves many knowledge points, but most companies do not pay enough attention to it because it is a "Black Swan" incident, as a result, we do not want to invest a lot of energy in this project. We also hope that more and more companies will pay more and more attention in the field of information security as China attaches more and more importance to security.

When talking about information security, I want to clarify the concept of information security. In my eyes, I divide information security into three categories:

Information security at the information level, the school's information security professional, mainly committed to communication encryption, password reinforcement and other traditional security fields.

User-level information security means that the user stores the information on your server. How do you ensure that the user's privacy is not infringed.

Information security at the architecture level is simply how to ensure that information is not lost.

Pandora's box is opened. For a time, the "ransomware" that swept the world has made the entire Internet industry a hit, and once again sounded the alarm of the internet security industry.

Behind this, we have already formed a complete and mature network black industry chain. Underground network hackers are hiding in the dark and have to defend themselves against attacks.

Information security at the information level

Why should we switch from HTTP to HTTPS? Why one day everyone abandoned HTTP and turned to HTTPS? After all, HTTPS requires more hardware overhead than HTTP, and a lot of adjustments are also required at the architecture level.

That is because HTTP has not encrypted any content transmitted over the network or the information of the Protocol itself, so that any user information may be captured on the network. At this time, I believe some people will say: we are a content browsing website. users do not need to enter information, so can they not Use HTTPS? The answer is that using HTTP will not only leak data, but also inject data. This is also the traffic hijacking we often mention.

Of course, HTTP/2 is also introduced in HTTP due to the consumption of server resources by HTTPS. In addition to some new features, the information encryption function is also added. In addition, encryption of passwords is also commonplace. encryption of passwords sounds simple and complex. In the final analysis, encryption of passwords is a matter of balance, if you use a simple encryption method (such as MD5), it will naturally be easily decrypted. However, if you use a complex encryption algorithm, it naturally puts forward higher requirements on the CPU.

User-level information security

User privacy has been elevated to an unprecedented level in recent years. In the big data era, everyone is doing data analysis, but everyone is doing user privacy. How can we balance data analysis with user privacy?

Maybe we violated "user privacy" a long time ago. When we click "like" on the e-commerce website, this data comes from "user privacy "; when we see "search advertisement" on the search engine, this data also comes from "user privacy". Even we can say: if we strictly define "user privacy ", our current products will die for 90% or more.

So how can we objectively understand user privacy? My privacy REDLINE is that user data analysis is readable but manual. For example:

When filtering users' spam, We need to extract features for each mail, including the sender, sending time, and structured extraction of the mail body content, then, mail is classified using the classification algorithm.

However, we should note that this process is invisible to "people" and we will process tens of millions of Data machines, we are dealing with macro-level "Big Data", but if we scan the database by people, then extract the mail records and identify them as human eyes, this behavior violates user privacy.

Furthermore, what is an implicit distinction between infringement of user privacy and "infringement of privacy? For example, we recommend better results for users after analyzing the search records. We say this does not infringe on data privacy. However, if we analyze the search results, if you provide your information to a hospital, your privacy will be compromised.

Whether or not to infringe privacy to a certain extent, the Association and subsequent operations infringe on the vital interests of users.

Finally, a criterion for privacy infringement is what information is exposed to users.

We all know that the DMP industry provides APIs to allow DSP to deliver more precise ads, but what information is crucial. If the user's consumption record is provided, this information infringes on privacy. If the user's income level is obtained through data mining, this information may not infringe on privacy.

In fact, user privacy is a very sensitive word. Maybe this word is inherently in conflict with Data Mining and data analysis, and there is no legal REDLINE for relevant standards, how to grasp it may be worth further exploration.