外文原文与翻译.docVIP

?外文翻译： 原版书： 《管理信息系统》英文名字：《MANAGEMENT INFORMATION SYSTEMS》 北京大学出版社 第九版 ISBN:7-301-10614-9 Raymond Mcleod,Jr. George P. Schell 著 摘选与该书第216页倒数第五行至220页 Information Security TECHNICAL CONTROLS Technical controls are those that are built into systems by the system developers during the system development life cycle .Including an internal auditor on the project team is an excellent way to ensure that such controls are included as a part of system design .Most of the security controls are based on the hardware and software technology. The more popular ones are described below. Access Controls The basis for security against threats by unauthorized persons is access control .The reasoning is simple: If unauthorized persons are denied access to the information resources, then harm cannot be done Access control is achieved by means of a three-step process that includes user identification, user authentication, and user authorization .The incorporation of these steps into a security system is illustrated in Figure 9.4. 1. User identification. User first identify themselves by providing something that they know ,such as a password .The identification can also include the users location ,such as telephone number or network entry point. 2. User authentication. Once initial identification has been accomplished, users verify their tight to access by providing something that they have, such as a smart card or token, or an identification chip. User authentication can also be accomplished by providing something that they are, such as a signature or a voice or speech pattern. 3. User authorization .With the identification and authentication checks passed, a person can then be authorized to access certain levels or degrees of use. For example, one user might be authorized only to read from a file, whereas another might be authorized to make changes in the file. Identification and authentication make use of user profiles, or descriptions of authorized users .Authorization mak