Last week 8,400 British students about to enter university received an e-mail from the Student Loans Company (SLC), a government

admin2013-06-26  56

问题     Last week 8,400 British students about to enter university received an e-mail from the Student Loans Company (SLC), a government body, reminding them to complete their application forms. It came with an attachment that listed all 8,400 e-mail addresses. The outfit later issued a sheepish apology and promised an "internal investigation". At best, such data breaches make a small dent in a firm’s reputation and the whole thing blows over, as it did SLC’s case; at worst, though, companies lose the trust of their customers and also have to pay large fines. Sony, an ailing Japanese electronics giant, may never quite recover from breach last year, when hackers stole the personal details of over 100m customers.
    The explosion of data in recent years was always going to make data breaches more common, as two recent reports make clear. The first is an annual publication commissioned by Symantec, a maker of security software, and carried out by the Ponemon Institute, a data-protection researcher, to look into the cost of data breaches in several countries. Now in its seventh year, the report had some good news for Americans. Calculating the costs of investigations, compensation, customer support and projected loss of revenue, it found that the average cost to a company per breached record declined for the first time since the numbers are tracked. The figure dropped from $214 in 2010 to $194 in 2011, suggesting that companies had become better both at preventing and responding to breaches.
    Europeans fared less well. The cost rose from £ 71 to £ 79 ($113 to $126) in Britain, from ¢98 to ¢122 ($ 130 to $ 162) in France and from € 138 to ¢ 146 in privacy-conscious Germany. In all four countries, around two-thirds of all breaches were the result of technical faults and malicious attacks. But the remaining third was down to negligence. They could, in other words, never have happened.
    The second study goes some way to explaining why they did. Iron Mountain, a data-management company, commissioned PricewaterhouseCoopers, a consultancy, to assess the risk of information loss faced by mid-size European companies based on their attitudes to managing data. The report looks at 600 businesses in six European countries across different sectors. It found that businesses tend to regard data protection issues as the responsibility of IT departments. More than half thought that technology can solve the problem. Only 1% of the businesses surveyed believed it concerned all employees—and thus required a change in behavior.
    Both reports conclude that is precisely what is needed. Symantec’s study found a correlation between having a senior executive in charge of information security and lower costs of data breaches. " It has to start at the top," says Marc Duale, Iron Mountain’s head. The best solution need not be the most expensive—employee-awareness programs and staff training can be more effective than pricey IT upgrades. Malicious attacks may be unavoidable but silly mistakes are unforgivable.
According to the second report, the occurrence of those data breach cases which should be avoided is a result of______.

选项 A、an underestimation of the risk of information loss faced by companies
B、a lack of senior executives in charge of information security
C、the negligence of duty of staff in IT department
D、the failure to instill the concept of information security into every employees

答案D

解析 第一份报告中指出,许多数据泄露事故并不是因为技术因素导致的,而是疏忽大意导致的,为什么会出现这种现象,第二份报告在某种程度上做出了解释。第二份报告调查了不同公司面临的数据泄露风险。主要的研究方法是对不同公司展开调查,看他们对于数据安全的态度。大多数公司都认为保证数据安全是信息技术部门的任务,只有极少数公司认为信息安全责系每个员工。正是因为公司缺乏信息安全管理理念才导致了许多本来可以避免的信息泄露事故的发生。本题的正确答案应该选[D]。[A]利用原文当中的risk of information loss设置干扰。[B]利用最后一段中的senior executive设置干扰。[C]与作者观点背道而驰,作者认为信息安全并不仅仅是信息技术部门的责任,而是公司每一个员工的责任。
转载请注明原文地址:https://kaotiyun.com/show/HOd4777K
0

最新回复(0)