information security and privacy

INFORMATION SECURITY AND PRIVACY

Presented By: Jason Rottler Mengmeng Zhao Vijak Pongtippun Weiwei Huang Ju Yang

AgendaIntroduction

IT Security Spending

IT Security Threats

Chief Information Security Officer (CISO)

Case Studies

Best Practices

2

What is IT SecurityInformation security means protecting information and information system from unauthorized access, use, disclosure, disruption, modification or destruction.

http://en.wikipedia.org/wiki/It_security

“In the case of information security, the goals of confidentiality, integrity, and availability (CIA) must be balanced against organizational priorities and the negative consequences of security breaches.”

http://proquest.umi.com/pqdweb?index=2&did=901411&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257803955&clientId=45249

3




Three dimensions: 1. Confidentiality, integrity, and availability (CIA triangle) 2.Policy, education, and technology3. Storage, processing, and transmission

NSTISSC Security Model ( McCumber Cube)

What is IT Security

Policy

Edu

cation

Techn

ology

Storage Processing Transmission

Confidentiality

Integrity

Availability

http://en.wikipedia.org/wiki/McCumber_cube4

http://upload.wikimedia.org/wikipedia/en/5/50/Mccumber.jpg

“Security is, I would say, our top priority because for all the exciting things you will be able to do with computers - organizing your lives, staying in touch with people, being creative - if we don't solve these security problems, then people will hold back.” ----Bill gates

http://www.billgatesmicrosoft.com/

http://chinadigitaltimes.net/china/bill-gates/

Why is IT Security important

5

Security Breach Example

Wireless Security and the TJX Data Breach

6

http://www.youtube.com/watch?v=6tnnuGRT088&feature=PlayList&p=3D4EE8E264394E75&playnext=1&playnext_from=PL&index=21

IT Security breaches happen everyday

http://www.privacyrights.org/ar/ChronDataBreaches.htm#2009

2009 NAME NUMBER OF RECORDS

19-Jan-09 Forcht Bank 8,500

3-Feb-09 SRA International Unknown

12-Mar-09 US Army 1,600

16-Apr-09 Myspace Unknown

4-May-09 Virginia Health Data Potentially 530,000

7-Jun-09 T-Mobile USA Unknown

8-Jul-09 AT&T 2,100

14-Aug-09 American Express Unknown

2-Sep-09 Naval Hospital Pensacola 38,000

2-Oct-09 U.S. Military Veterans 76 Million


7

IT security breaches may be from

outsider’s and Insider’s breaches. “As the network expand, including online,

it will become harder to know whether market-moving information originated improperly through an insider’s breach or properly through gathering of information in other ways”

http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6861965.eceThe Times October 6, 2009



8

http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article6861965.ece

http://www.gfi.com/blog/wp-content/uploads/2009/07/Security-Policies-Part2.jpg

Consequences of poor Security in

Organization

Why is IT Security important Unreliable Systems Unauthorized Access By Employee Reduced Employee Productivity Financial Embezzlement & Lost Revenue Theft of Customer Records

9http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf

Reno, NV, “Academy of Information and Management Sciences” Vol.11 No.2 (October 2007) p.51-53

In 2008 losses resulting from IT security breaches averaged 289,000

2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com

Losses from IT Security BreachesWhy is IT Security important

10

AgendaIntroduction


IT Security Threats


Case Studies

Best Practices

11

31%

31% of companies spend more than 5% of their overall IT budget on information security in 2008.


2008 CSI Computer Crime & Security Survey, Robert Richardson, GoCSI.com

12

IT Budget Vs. Information Security Budget

The projected percentage cut in IT spending for 2009 is greater overall than the relative projected percentage cut in security spending.


http://metrosite.files.wordpress.com/2008/06/information_security_spending_survey_2009.pdf 13

Business services

Financial services

Government sectors

Education Health Care Primary Industries

10.8B 10.4B9.9B

3.6B 3.2B2.5B

IT Security Spend in the U.S. 2006

IT departments in U.S. enterprises spent US$61 billion on security in 2006, representing 7.3% of total IT spending in the U.S.

http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexing


14

http://analystfirms.tekrati.com/Firm_Images/InfoTechRG-Logo.jpg

http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexing

"IT security has become a higher priority over the last few years, with a greater proportion of the overall IT budget being spent on security equipment and services."

------ Ed Daugavietis


15

http://analystfirms.tekrati.com/Firm_Images/InfoTechRG-Logo.jpg

AgendaIntroduction


IT Security Threats


Case Studies

Best Practices

16

Top 9 Network Security Threats

1. Malicious Insiders – Rising Threat2. Malware – Steady Threat3. Exploited Vulnerabilities – Weakening Threat4. Social Engineering – Rising Threat5. Careless Employees – Rising Threat6. Reduced Budgets – Rising Threat7. Remote workers – Steady Threat8. Unstable Third Party Providers – Strong Rising Threat9. Download Software Including Open Source & P2P

Files – Steady Threat

CSOonline.com is the website that provides news, analysis and research on a broad range of security and risk management topics. Areas of focus include information security, physical security, business continuity, identity and access management, loss prevention and more.

http://www.csoonline.com/article/print/472866 17

Rising Threat

Weakening Threat

Strong Rising Threat - Unstable Providers

Rising Threat - Malicious Insiders - Social Engineering - Careless Employees - Reduced Budgets

Steady Threat - Malware - Remote workers - Download Software

Weakening Threat - Exploited Vulnerabilities

Top 9 Network Security Threats

18

MalwareMalware (Malicious Software) is a genetic term for programs that try to secretly install themselves on your computer.

US China (inc HK)

Russia Germany

South Korea Ukraine

UK Turkey

Czech Republic Thailand

Other

37.00%27.70%

9.10%2.30%2.10%1.80%1.70%1.50%1.30%1.20%

14.30%

Top 10 malware hosting countries in 2008http://www.msun.edu/its/security/threats.htmhttp://www.sophos.com/sophos/.../sophos-security-threat-report-jan-2009-na.pdf

Type of IT Security Threats

19

Type of Malware Viruses Worms Trojan horses Spyware Adware

DamageSome viruses delete files, reformat the hard disk. Worms consume bandwidth and can cause degraded network performance. Spyware can collect various types of personal information such as credit card number, or username and password.http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx



20

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx

Social Engineering Social engineering is a term is used to describe the art of persuading people to divulge information, such as usernames, and passwords. Identity Theft steal and sell identity information.

Phishing a fake web page.

DamageCriminals can use a person’s detail to make transactions or create fake accounts in victim’s name.



21

SPAMSPAM is electronic junk email. E-mail addresses are collected from chat rooms, websites, newsgroups.

DamageSPAM can clog a personal mailbox, overload mail servers and impact network performance.



22

Denial of Service Attack (DoS Attack) DoS Attack is an attempt to make a computer resource

such as a website or web service unavailable to use..

DamageDos attacks typically target large businesses or government institutions. They can make a website or web service temporarily unavailable (for minutes, hours, or days) with ramifications for sales or customer service.


Criminals frequently use Bot to launch DoS Attack


23

Malware Use antivirus and anti spyware software. Keep current with latest security updates or patches Be wary of opening unexpected e-mails

Social Engineering Never disclose any personal information Use Strong passwords. Never e-mail personal or financial information. Check your statements often.


Prevention of IT Threats

24

SPAM Use spam filters Use a form of e-mail authentication. Using reasonable mailing and ensuring relevant e-mails. Make sure your e-mails look right in multiple e-mail clients.

DOS Attack Plan ahead Use Firewalls to allow or deny protocols, ports, or IP

addresses. Utilize routers and switches

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspxhttp://proquest.umi.com/pqdweb?index=0&did=1876359931&SrchMode=1&sid=13&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257728149&clientId=45249&cfc=1

Prevention of IT Threats

25


http://proquest.umi.com/pqdweb?index=0&did=1876359931&SrchMode=1&sid=13&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257728149&clientId=45249&cfc=1


AgendaIntroduction


IT Security Threats


Case Studies

Best Practices

26

Chief Security Officer (CSO)

The executive responsible for the organization's entire security posture, both physical and digital.

The title Chief Security Officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security.

http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed October 10,200927

Chief Information Security Officer (CISO) A more accurate description of a job

that focuses on information security within an organization , and today the CISO title is becoming more prevalent for leaders with an exclusive info security focus.

http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed October 10,2009 28

Roles & Responsibilities of a CISO Communications and Relationship

Risk and Control Assessment

Threat and Vulnerability Management

Identity and Access Management

http://en.wikipedia.org/wiki/Chief_information_security_officer, Viewed October 10,200929

http://en.wikipedia.org/wiki/Chief_information_security_officer

CISO: Skills Required for Success

Literature Review

1. CISO should first think of themselves as Business professionals and secondly as security specialist.

2. Partake in continuing security education3. Soft skills4. Management5. Problem solving6. Understand of the security threats and risks

Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer Information Systems, Page 15-18

30

Interviews with Eight Executives

1. The executives were basically in agreement that the skills which emerged from the analysis were important.

2. They suggested the addition of two items: * disaster recovery planning * security breach investigation

The interviews were conducted over a two month periodbetween December,2005 and January,2006


31



Duties % of listing included

Oversee IT security policy 70%Management 58%IT security education 42%Maintain currency 39%Vendor relations 36%Disaster recovery planning 27%Security breach investigations

27%

Frequency of Duties on Job Listings

A review of 33 recent CISO job listing posted at Chief Security Officer magazine (http://www.CSOonline.com)

32



Duties % of listing included

IT security skills 76%Communication skills 61%System experience 61%Leadership skills 39%Investigative experience 27%

Frequency of Background Experience on Job Listing

A review of 33 recent CISO job listing posted at Chief Security Officer magazine (http://www.CSOonline.com)

33


Lit. Review CISO Interview Job ListingManagement Skills

Management (D)Leadership skills (B/E)Maintain Currency (D)

IT Security Education

IT Security Education (D)Maintain Currency (D)

Soft Skills Communication skills (B/E)IT Security Oversee IT Security Policy (D)

IT Security Skills (B/E)

Problem Solving

No Match

Business Strategy

No Match

Disaster Recovery Planning

Disaster Recovery Planning (D)

Security Breach Investigations

Security Breach Investigations (D)Investigation Experience (B/E)System Experience (B/E) No MatchVendor Relations (D) No Match


34Dwayne Whitten(2008),”The Chief Information Security Officer”: An analysis of the skills required for success”, Journal of Computer Information Systems, Page 15-18


Conclusion Business strategy was given the high level of

importance by the literature and executives, but it was not in the job listing surveys.

Many of the organizations searching for new CISOs during the research period didn’t fully understand the importance of including in the business strategy formulation.

Organizations currently employing a CISO should consider the duties and responsibilities included in these results as perfunctory in their position requirement.

35


AgendaIntroduction


IT Security Threats


Case Studies

Best Practices

36

IT & Security Compliance Manager of:

Mining Company

Case StudiesChief Information Security Officer (CISO) of:

Compal Communication, Inc. (CCI)

37

Mining Company in St. Louis

Part 1 Overview


38

Mining Company

• Size:• 4,600 employees

• Revenues:• $2.9 Billion • $350 Million in profits

• Background:• 2nd largest in their industry• Ships and provide product to 35

states and 20+ countries worldwide

39IT Security and Compliance Manager of a Mining Company in St Louis, interviewed in person, by Jason Rottler, Oct, 14,2009

• Background:• Manufacturers and trades

wireless handsets and other telecommunication equipment

• Size:• 4,000 employees

• Revenues:• $3.25 Billion• $380 Million in Profit


http://www.compalcomm.com/40

Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009


Part 2 Reporting Structures


41

Mining Company

Sr. VP. Strategic Development

VP & CIO

IS Support Administrator

Mgr. IT Security &

Compliance



CEO

CIO CISO

43Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009


Part 3 The Role of CISO


44

Manager IT Security and Compliance

• In current position for 4 years• In charge of security for past 2

• Responsibilities• Overseeing IS departments of

Security, Change Management, Business Continuity, and Compliance


Chief Information Security Officer• In current position for 2 years

• In charge of security for past 4

• Responsibilities• Develop and structure information

security policies, change management, help with integrating security skills



Part 4 Threats & Risks


47

Threat Examples and Mitigation

Risk Mitigation Practice

Improper Access to Data Automated Access form that is routed to requestor’s supervisor for approval. Quarterly review of user access by Administrator.

Un-patched Software Weekly scans for vulnerabilities are performed on IS assets and reported to the administrators.

Improper Physical Access Data center access is limited to only those needing access. Entry and data centers have surveillance.

Use of social engineering to gain access

End user security training


Security Issues and Threats

Issues and/or Threats

System Reliability

SQL of Injection

Unauthorized Access by Employees



Part 5 IT Security Policies


50

IT Security Policies• Samples of policies in place:

• Information Security Policy• Risk Assessment• ID and Password Access Account• Third Party Access• Information Security Incident

Management• Data Access• Data Sharing• Mobile Device• Encryption


IT Security Policies• Samples of policies in place:

• No visitors allowed in Information Security Department

• Flash drives can only be readable, not writable

• Emergency services• Access Control System• Monitoring control from Security

Operation Center



Part 6 Lessons Learned


53

Lessons Learned• “No silver bullets to security nirvana”

• Security evolves as risk evolves• Use a layered approach


Lessons Learned• Importance of security education for EACH

user• Employees must understand risks• Provide company-wide security training• 50+ slides going through 3 tenants of

security• CIA Model


Lessons Learned

• Keep in line with international information security practice

• Integrate security needs with business objectives

• Make appropriate adjustments according to business strategy change


2008/ISO2701 Certificate


Part 7 Plans for the Future


57

Plans for the Future• Integrate different “specialties” into

overall Governance, Risk, and Compliance (GRC) Model


Plans for the Future• Review security at

each location for operational equipment

• Document standards and procedures related to IT policies

• Example: What to do if you need a user ID?


Plans for the Future

• Information security program for business processes that is “tailor-made” for the company

• Employee internet management



Part 8 Summary Comparison


61

Summary ComparisonMining

CompanyCCI

Revenues $2.9 Billion $3.25 BillionSecurity Mgr Reports to:

VP/CIO CIO

Interviewee in charge of Security for:

2 years 3 years

Policy examples IS Incident Mgmt, ID & Password,

Risk Assessment, Data Access, etc.

Data Access, Monitoring, Emergency

Services, etc.Top Threats Improper access

to dataUnauthorized access to data

Lessons Learned Layered Approach

IS in-line w/business

strategyFuture Plans GRC Model Info security

program for business processes62

AgendaIntroduction


IT Security Threats


Case Studies

Best Practices

63

Best Practices from Case Studies

• Access• Allow on a “least privilege” basis

• Review security as systems are installed• Follow CIA• Depth of Security

• Layered approach• Integrate security

needs with business objective

• Adjust according to business strategy


Mr. Qin, CISO of Compal Communication, Inc. interviewed by phone, by Mengmeng Zhao, Oct, 29, 2009

• Align process with policy• Achieve “essential” then worry about

“excellent”• Create a data retention plan• Control data with transaction zones• Monitor event logs• Incident Response Plan• Increase awareness and testing

65

The Verizon Business Risk Team:Proper Security Measures

Study of over 500 breaches from 2004 – 2007 found 87% could have been prevented

Swartz, N.. (2008). Study: Most Data Breaches Preventable. Information Management Journal, 42(5), pg 7.

THANK YOU

Jason RottlerMengmeng ZhaoVijak PongtippunWeiwei HuangJu Yang

References1. http://en.wikipedia.org/wiki/It_security2. Principles of Information Security By Michael E. Whitman, Herbert J. Mattord

http://books.google.com/books?id=gPonBssSm0kC&pg=PA13&lpg=PA13&dq=nstissc+security+model&source=bl&ots=cZ8bUHvAnV&sig=mLSw8gGbD6wrhoP2u9R4t2dLcmg&hl=en&ei=6jnrSu3SCJW6Noj8rYQM&sa=X&oi=book_result&ct=result&resnum=6&ved=0CBcQ6AEwBQ#v=onepage&q=nstissc%20security%20model&f=false

*3. Security as a contributor to knowledge management success By Murray E. Jennex & Suzanne Zyngier Published online: 9 October 2007, # Springer Science + Business Media, LLC 2007 http://proquest.umi.com/pqdweb?index=0&did=1374511721&SrchMode=1&sid=1&Fmt=6&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257259579&clientId=45249

4. http://www.billgatesmicrosoft.com/5. http://chinadigitaltimes.net/china/bill-gates/6.http://www.youtube.com/watch?

v=6tnnuGRT088&feature=PlayList&p=3D4EE8E264394E75&playnext=1&playnext_from=PL&index=21

*7. Information Age: 'Outsider Trading' and Too Much Information By L. Gordon Crovitz. Wall Street Journal. (Eastern edition). New York, N.Y.: Oct 26, 2009. pg. A.17 http://proquest.umi.com/pqdweb?index=0&did=1886259131&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257262182&clientId=45249

8. http://www.privacyrights.org/ar/ChronDataBreaches.htm#2009*9. THE CHIEF INFORMATION SECURITY OFFICER: AN ANALYSIS OF THE SKILLS

REQUIRED FOR SUCCESS BY Dwayne Whitten. The Journal of Computer Information Systems. Stillwater: Spring 2008. Vol. 48, Iss. 3; pg. 15, 5 pgs http://proquest.umi.com/pqdweb?index=0&did=1481115001&SrchMode=1&sid=2&Fmt=4&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257639426&clientId=45249

10. 2008 CSI Computer Crime & Security Survey, Robert Richardson, CoCSI.com http://i.cmpnet.com/v2.gocsi.com/pdf/CSIsurvey2008.pdf

67

http://en.wikipedia.org/wiki/It_security



http://www.billgatesmicrosoft.com/

http://proquest.umi.com/pqdweb?RQT=318&pmid=7510&TS=1257722818&clientId=45249&VInst=PROD&VName=PQD&VType=PQD

http://proquest.umi.com/pqdweb?RQT=572&VType=PQD&VName=PQD&VInst=PROD&pmid=7510&pcid=49134561&SrchMode=3







References11.Information security spending survey 2009 results By Dov Yoran, Partner, Metrosite Group

http://metrosite.files.wordpress.com/2008/06/information_security_spending_survey_2009.pdf

*12. IT Security Spending by U.S. Companies Will Hit US$61 Billion for 2006, Says Info-Tech Research Group PR Newswire. New York: Nov 15, 2006. http://proquest.umi.com/pqdweb?index=4&did=1162465461&SrchMode=1&sid=4&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257727916&clientId=45249#indexing

13. http://www.baselinemag.com/c/a/Security/Top-IT-Security-Spending-Priorities-for-2009/

14. Information Technology Services: Types of Net Threats, from http://www.msun.edu/its/security/threats.htm15. Sophos security threat report 2009, from

http://www.sophos.com/sophos/docs/eng/marketing_material/sophos-security-threat-report-jan-2009-na.pdf

16. The 11 most common computer security threats… And what you can do to protect yourself from them.

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx*17. Kevin Prince, “Top 9 Network Security Threats in 2009”, from http://www.csoonline.com/article/print/472866*18. Reno, NV, “Academy of Information and Management Sciences” Vol.11 No.2 (October

2007) p.51-53 http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf

19. McAfee logo, from http://strategyhealth.com/computer_help/mcafee_logo_1.jpg

68








http://www.baselinemag.com/c/a/Security/Top-IT-Security-Spending-Priorities-for-2009/

http://www.msun.edu/its/security/threats.htm




http://www.csoonline.com/article/print/472866

http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf

http://www.alliedacademies.org/Public/Proceedings/Proceedings21/AIMS%20Proceedings.pdf

http://strategyhealth.com/computer_help/mcafee_logo_1.jpg

References20. Symantec logo, from http://www.cstoncall.com/images/upload/symantec-logo-300dpi.jpg21. Ad-aware logo, from http://www.weatherbug.com/aws/imagesHmPg0604/img_logo_adaware.gif 22. http://www.csoonline.com/article/221739/What_is_a_Chief_Security_Officer_?page=1,viewed

October 10,200923. http://en.wikipedia.org/wiki/Chief_information_security_officer, Viewed October 10,200924. Interview with IT Manager at Mining Company.

http://www.corporatecomplianceinsights.com/2009/grc-management-best-practices-framework-for-more-effective-governance-risk-and-compliance-management

*25. Group Test: Anti-malware Michael Lipinski. SC Magazine. New York: Jan 2009. Vol. 20, Iss. 1; pg. 42, 2 pgshttp://proquest.umi.com/pqdweb?index=0&did=1783184381&SrchMode=1&sid=5&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257726601&clientId=45249

*26. Five ways to make sure your e-mail isn't flagged as spam Phil Fernandez. B to B. Chicago: Sep 28, 2009. Vol. 94, Iss. 12; pg. 18, 1 pgs


*27. Information security - The CIA model by Le Roux, Yves. Director. London: Aug 1993. pg. 53, 4 pgs http://proquest.umi.com/pqdweb?index=2&did=901411&SrchMode=1&sid=1&Fmt=3&VInst=PROD&VType=PQD&RQT=309&VName=PQD&TS=1257803955&clientId=45249

28. http://www.cert.org/cert/29. http://www.compalcomm.com/30. http://en.wikipedia.org/wiki/McCumber_cube 69

http://www.cstoncall.com/images/upload/symantec-logo-300dpi.jpg

http://www.weatherbug.com/aws/imagesHmPg0604/img_logo_adaware.gif

http://en.wikipedia.org/wiki/Chief_information_security_officer
















http://www.cert.org/cert/

http://www.compalcomm.com/

http://en.wikipedia.org/wiki/McCumber_cube

References

* Represents the documents from referred journals

70

*31. Swartz, N.. (2008). Study: Most Data Breaches Preventable. Information Management Journal, 42(5), pg 7.

32. CISO PICTURES, from “INFORMATION SECURITY - TOPIC AND SPEAKERS”http://images.google.com/imgres?imgurl=http://www.isacasv.org/speaker_images/

kenbaylo.jpg&imgrefurl=http://www.isacasv.org/SpringConferenceSecTopic2007.html&usg=__8NPq9rC9j7B_wFC9Pl36YIQMww=&h=385&w=350&sz=27&hl=zhCN&start=92&tbnid=6LVk3Bf6CFqSyM:&tbnh=123&tbnw=112&prev=/images%3Fq%3DCISO%26gbv%3D2%26ndsp%3D20%26hl%3Dzh-CN%26sa%3DN%26start%3D80

information security and privacy

Documents