Translate into Russian the following paragraph

Methods of detection include a wide range of technologies and personnel. Entry control, a means of allowing entry of authorized personnel and detecting the attempted entry of unauthorized personnel and contraband, is included in the detection function of physical protection. Entry control, in that it includes locks, may also be considered a delay factor (after detection) in some cases. Searching for metal (possible weapons or tools) and explosives (possible bombs or breaching charges) is required for high-security areas. This may be accomplished using metal detectors, x-ray (for packages), and explosive detectors. Security police or other personnel also can accomplish detection. Security police or other personnel can contribute to detection if they are trained in security concerns and have a means to alert the security force in the event of a problem. An effective assessment system provides two types of information associated with detection: (1) information about whether the alarm is a valid alarm or a nuisance alarm, and (2) details about the cause of the alarm, i.e., what, who, where, and how many. The effectiveness of the detection function is measured by the probability of sensing adversary action and the time required for reporting and assessing the alarm.

Complete the text by translating Russian phrases given in brackets.

Establish Information Risk Management (IRM) Policy. A sound IRM program is founded on (1 хорошо продуманной инфраструктре IRM) that effectively addresses all elements of information security. (2 Общепринятые принципы информационной безопасности) currently being developed based on an Authoritative Foundation of supporting documents and guidelines will be helpful (3 в выполнении этого задания). IRM policy should begin with a high-level policy statement and supporting (4 цели), scope, constraints, responsibilities, and approach. This high-level policy statement should drive subordinate controls policy, (5 от логического управления доступа) to facilities security, (6 до прогноза внештатных ситуаций). Finally, IRM policy should be effectively communicated and enforced to all parties. Note that this is important both for (7 внутреннего контроля) and, with EDI,

the Internet, and other (8 внешние воздействия), for secure interface with the rest of the world.

Translate into English.

Специалист, несущий ответственность за выполнение заданий по оценке риска должен ясно представлять области, которые охватывает информационная безопасность.

Термин «угроза» обозначает события, которые могут иметь неблагоприятные последствия.

Управление информационными рисками – сложный процесс, требующий постоянного анализа рисков.

Вопросы безопасности должны быть неотъемлемой частью разработки компьютерных приложений.

Хорошо спланированная и выполненная оценка риска должна эффективно определять и измерять последствия широкого спектра угроз.

Количественная и качественная метрические схемы, применяемые для измерения элементов риска, были впервые разработаны Национальным бюро стандартов.

Read the second part of the text, write out key words and write down short definitions of the clue terms given in the text.

Text 2.

Threat Definition. Before a vulnerability analysis can be completed, a description of the threat is required. This description includes the type of adversary, tactics, and capabilities (number in the group, weapons, equipment, and transportation mode). Also, information is needed about the threat to estimate the likelihood that they might attempt the undesired events. The specific type of threat to a facility is referred to as the design basis threat (DBT). The DBT is often reduced to several paragraphs that describe the number of adversaries, their modus operandi, the type of tools and weapons they would use, and the type of events or acts they are willing to commit.

The types of organizations that may be contacted during the development of a DBT description include local, state, and federal law enforcement (to include searching source material) and related intelligence agencies.

After the threat spectrum has been described, the information can be used together with statistics of past events and site-specific perception to categorize threats in terms of likelihood that each type of threat would attempt an undesired event. The likelihood of adversary attack can be estimated with a qualitative relative threat potential parameter. Below we describe the factors that can be used to estimate relative threat potential.

Adversary Capability

•Access to region

•Material resources

•Technical skills

•Planning/organizational skills

•Financial resources

Adversary History/Intent

•Historic interest

•Historic attacks

•Current interest in site

•Current surveillance

•Documented threats

Relative Attractiveness of Asset to Adversary

•Desired level of consequence

•Ideology

•Ease of attack

The process for estimating the threat potential follows a complete threat analysis and the parameter is estimated per undesired event and per adversary group. The basis of the parameter estimation includes:

• Characteristics of the adversary group relative to the asset to be protected

• Relative attractiveness of the asset to the adversary group.

The physical protection features must be described in detail before the security system effectiveness can be evaluated. An effective security system must be able to detect the adversary early and delay the adversary long enough for the security response force to arrive and neutralize the adversary before the mission is accomplished.

DETECTION, the first required function of a security system, is the discovery of adversary action and includes sensing covert or overt actions. In order to discover an adversary action, the following events must occur:

• sensor (equipment or personnel) reacts to an abnormal occurrence and initiates an alarm

• information from the sensor and assessment subsystems is reported and displayed

• someone assesses information and determines the alarm to be valid or invalid.

DELAYis the second required function of a security system. It impedes adversary progress. Delay can be accomplished by fixed or active barriers, (e.g., doors, vaults, locks) or by sensor-activated barriers, e.g., dispensed liquids, foams. The security police force can be considered an element of delay if personnel are in fixed and well-protected positions.

RESPONSE, the third requirement of security systems, comprises actions taken by the security police force (police force or law enforcement officers) to prevent adversarial success. Response consists of interruption and neutralization. Interruption is defined as the response force arriving at the appropriate location to stop the adversary’s progress. It includes the communication to the response force of accurate information about adversarial actions and the deployment of the response force. Neutralization is the act of stopping the adversary before the goal is accomplished. The effectiveness measures for neutralization are security police force equipment, training, tactics, and cover capabilities.

Protection System Effectiveness.Analysis and evaluation of the security system begin with a review and thorough understanding of the protection objectives and security environment. Analysis can be performed by simply checking for required features of a security system, such as intrusion detection, entry control, access delay, response communications, and a response force.

Risk Estimation

Risk is quantified by the following equation:

R = PA * (1-PE) * C

where R = risk associated with adversary attack

PA = likelihood of the attack

PE = likelihood that the security system is effective against the attack

(1 – PE) = likelihood that the adversary attack is successful (also the likelihood that security system is not effective against the attack)

C = consequence of the loss from the attack.

Upgrades and Impacts

If the estimated risk for the threat spectrum is judged to be unacceptable, upgrades to the system may be considered. The first step is to review all assumptions that were made that affect risk. All assumptions concerning undesired events, target identification, consequence definition, threat description, estimation of likelihood of attack, and safeguards functions should be carefully reevaluated. Upgrades to the system might include retrofits, additional safeguard features, or additional safety mitigation features.

Once the system upgrade has been determined, it is important to evaluate the impacts of the system upgrade on the mission of the facility and the cost. When balance is achieved in the level of risk and upgrade impact on cost, mission, and schedule, the upgraded system is ready for implementation. At this point, the design/analysis process is complete.

Поиск по сайту: