In the traditional, manual working environment, information (in the form of texts, numbers,
etc.) and medium (such as paper) were closely intertwined. Long experiences in their usage and
the application of anti-counterfeit technology have made traditional forms of information very
difficult to alter. Similarly, it was also difficult to send bogus information by an impersonator.
Even those who succeeded in doing so usually were discovered very easily. In today's world of
information and technology, the Internet is rapidly changing many ways people do things.
Similarly, it has also introduced many management problems. For man and information to
interact, there is a need to establish a reliable information system working environment in which
we grasp, distribute, store and manage information. Such an environment must be able to provide
ample protection against tampering, stealing, delaying, transmission by fictitious parties, denial
of having faxed a document, illegal intrusion and the like. Only so can we build a strong
foundation for an information society.
Security in the process of transmission, data resemble all the cash in a bank armored van. It
can be lost or robbed anytime. With the purpose of maintaining data transmission security on the
Internet, most people use encryption technology. Data to be transmitted is first encrypted as a
way to prevent snooping or theft. The "Public-Key Cryptographic System" has the functions of a
"digital signature" and requires no prior exchange of keys while offering the advantages of
"secret communication." To make this system work smoothly, it is first necessary to agree and
certify beforehand as to who or which institution holds a certain key. This goes to say that a
certification management system must first be established to handle issuance or revocation of
electronic certification. In addition to this system, all matters related to its usage and application
services must form part of the basic operations framework of the whole system.
The first important thing in maintaining data security is the periodic making of back-ups.
Personal computer users must periodically make back-ups of data using different back-up tools
(such as diskettes, magnetic tape, removable hard drives, etc.) and store them in a safe location. If
and when data from a personal computer is damaged and cannot be recovered, the back-up copies
will serve their purpose. Thus, the first step in data security is to develop the habit of making
periodic back-ups. It is the most effective way to assure data security under extreme circumstances.
There are many factors that pose a threat to data security. They include viruses, deliberate acts of
sabotage and theft. Users can guard against them using the following methods: Use a protection
password for access to personal computers and the Internet. This prevents the unauthorized from
stealing or damaging data inside personal computers. Handle files with encryption protection and
decipher only when necessary. In this way, even if files are stolen, encryption would still be
necessary to use the files. Files transmitted through the Internet must first be encrypted. The
Internet is an open environment where anybody can intercept data during transmission. Encryption
of such data is an effective way to prevent unwanted disclosure. Respect intellectual property rights
by refraining from using software programs of dubious sources. This way, viral attack can be
avoided or the use of Trojan Horse by the unscrupulous to steal data can be thwarted.
Passwords and names of users of databases and application programs must be kept
confidential. Avoid using birth dates, telephone numbers and other readily accessible figures as
passwords. They must be handled carefully and recorded in secret locations. Periodic changing of
passwords is also recommended. Print-outs of application software programs no longer used must
be shredded to prevent disclosure of data. Build up a no-diskette system environment to avoid
computer virus contamination.
To guarantee data security, the Information Department must, in addition to setting up
comprehensive regulations, ensure cooperation by users. Their usage of computer equipment
according to regulated procedures contributes to the effective maintenance of data security.
It is necessary to build up a data security audit system that includes periodic and random
spot checks and testing of information security and protection operations, as well as conduct
tracking and improvement of deficiencies.
1, intertwined [,intə:'waind]
2, bogus ['bəuɡəs]
3, impersonator [im'pə:səneitə(r)]
4, grasp [ɡrɑ:sp, ɡræsp]
5, tampering ['tæmpəriŋ]
6, fictitious [fik'tiʃəs]
7, van [væn]
9, revocation [,revə'keiʃən]
10, decipher [di'saifə]
12, thwart [θwɔ:t]
13, unscrupulous [ʌn'skru:pjuləs]
14, conduct ['kɔndʌkt, kən'dʌkt]