{"id":2784,"date":"2013-07-07T21:05:40","date_gmt":"2013-07-07T14:05:40","guid":{"rendered":"http:\/\/science-technology.vn\/?p=2784"},"modified":"2013-07-07T21:05:40","modified_gmt":"2013-07-07T14:05:40","slug":"an-ninh-cong-nghe-thong-tin","status":"publish","type":"post","link":"https:\/\/science-technology.vn\/?p=2784","title":{"rendered":"An ninh c\u00f4ng ngh\u1ec7 th\u00f4ng tin"},"content":{"rendered":"

Theo b\u00e1o c\u00e1o an ninh m\u1edbi nh\u1ea5t c\u1ee7a Vi\u1ec7n K\u0129 ngh\u1ec7 ph\u1ea7n m\u1ec1m Carnegie Mellon, n\u0103m ngo\u00e1i \u0111\u00e3 c\u00f3 h\u01a1n m\u01b0\u1eddi ngh\u00ecn tr\u01b0\u1eddng h\u1ee3p t\u1ea5n c\u00f4ng m\u00e1y t\u00ednh, x\u00e2m nh\u1eadp, v\u00e0 c\u1ea5y m\u00e3 \u0111\u1ed9c t\u1eeb “nh\u1eefng ng\u01b0\u1eddi kh\u00f4ng bi\u1ebft” tr\u00ean kh\u1eafp th\u1ebf gi\u1edbi. \u0110i\u1ec1u \u0111\u00f3 l\u00ean t\u1edbi 86 ph\u1ea7n tr\u0103m so v\u1edbi n\u0103m tr\u01b0\u1edbc v\u00e0 146 ph\u1ea7n tr\u0103m so v\u1edbi hai n\u0103m tr\u01b0\u1edbc. Vi\u1ec7c t\u0103ng v\u1ee5 t\u1ea5n c\u00f4ng m\u00e1y t\u00ednh \u0111\u00e3 n\u00e2ng t\u1ea7m quan tr\u1ecdng c\u1ee7a qu\u1ea3n l\u00ed r\u1ee7i ro an ninh trong m\u1ecdi c\u00f4ng ti c\u0169ng nh\u01b0 \u1edf m\u1ee9c c\u00e1 nh\u00e2n. M\u1ecdi ng\u01b0\u1eddi \u0111\u1ec1u c\u00f3 th\u1ec3 l\u00e0 m\u1ee5c ti\u00eau c\u1ee7a t\u1ea5n c\u00f4ng, t\u1eeb gi\u00e1m \u0111\u1ed1c th\u00f4ng tin c\u1ee7a m\u1ed9t c\u00f4ng ti l\u1edbn t\u1edbi h\u1ecdc sinh ph\u1ed5 th\u00f4ng trong m\u1ed9t th\u00e0nh ph\u1ed1 nh\u1ecf, b\u1ea5t k\u00ec ai v\u1edbi m\u00e1y t\u00ednh c\u00e1 nh\u00e2n hay \u0111i\u1ec7n tho\u1ea1i th\u00f4ng minh \u0111\u1ec1u c\u00f3 th\u1ec3 l\u00e0 n\u1ea1n nh\u00e2n.<\/span><\/p>\n

V\u00e0i tu\u1ea7n tr\u01b0\u1edbc, ch\u1ee7 t\u1ecbch m\u1ed9t ng\u00e2n h\u00e0ng l\u1edbn \u1edf M\u0129 \u0111\u00e3 th\u1ea5y r\u1eb1ng m\u00e1y t\u00ednh c\u1ee7a m\u00ecnh t\u1ef1 \u0111\u1ed9ng g\u1eedi \u0111i d\u1eef li\u1ec7u t\u00e0i ch\u00ednh quan tr\u1ecdng cho c\u00e1c m\u00e1y t\u00ednh \u1edf nhi\u1ec1u n\u01b0\u1edbc tr\u00ean kh\u1eafp th\u1ebf gi\u1edbi. N\u00f3i c\u00e1ch kh\u00e1c, \u00f4ng \u1ea5y \u0111\u00e3 l\u00e0 n\u1ea1n nh\u00e2n c\u1ee7a \u201ct\u1ea5n c\u00f4ng gi\u1ea3 m\u1ea1o\u201d b\u1edfi hacker. M\u1ed9t l\u1ea7n ch\u00fang l\u1ecdt v\u00e0o b\u00ean trong m\u00e1y t\u00ednh c\u1ee7a \u00f4ng \u1ea5y, ch\u00fang c\u00f3 th\u1ec3 d\u00f9ng m\u00e1y t\u00ednh c\u00e1 nh\u00e2n c\u1ee7a \u00f4ng \u1ea5y nh\u01b0 c\u00f4ng c\u1ee5 \u0111\u1ec3 b\u1eaft l\u1ea5y b\u1ea5t k\u00ec th\u00f4ng tin n\u00e0o ch\u00fang mu\u1ed1n v\u00e0 truy nh\u1eadp v\u00e0o m\u00e1y t\u00ednh c\u1ee7a nh\u1eefng ng\u01b0\u1eddi l\u00e0m vi\u1ec7c cho ng\u00e2n h\u00e0ng c\u1ee7a \u00f4ng \u1ea5y, b\u1edfi v\u00ec sau r\u1ed1t, \u00f4ng \u1ea5y l\u00e0 \u1edf m\u1ee9c qu\u1ea3n l\u00ed cao nh\u1ea5t. Bao nhi\u00eau t\u1ed5n h\u1ea1i th\u1ebf n\u00e0o kh\u00f4ng \u0111\u01b0\u1ee3c bi\u1ebft v\u00e0o l\u00fac n\u00e0y, \u0111i\u1ec1u hacker \u0111ang l\u00e0m v\u1edbi th\u00f4ng tin c\u0169ng l\u00e0 ch\u01b0a \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh nh\u01b0ng n\u00f3 c\u00f3 th\u1ec3 l\u00e0 nghi\u00eam tr\u1ecdng.<\/p>\n

C\u00f3 nh\u1eefng v\u1ea5n \u0111\u1ec1 t\u01b0\u01a1ng t\u1ef1 x\u1ea3y ra cho c\u00e1c quan ch\u1ee9c ch\u00ednh ph\u1ee7 tr\u00ean kh\u1eafp th\u1ebf gi\u1edbi khi h\u1ecd t\u1edbi th\u0103m nh\u1eefng websites n\u00e0o \u0111\u00f3 hay m\u1edf c\u00e1c email \u0111\u01b0\u1ee3c t\u1ef1 g\u1eedi t\u1edbi t\u1eeb ng\u01b0\u1eddi kh\u00f4ng bi\u1ebft. T\u1ea5t nhi\u00ean, c\u00e1c quan ch\u1ee9c ch\u00ednh ph\u1ee7 kh\u00f4ng bao gi\u1edd ph\u01a1i b\u00e0y th\u00f4ng tin v\u1ec1 \u0111i\u1ec1u \u0111\u00e3 x\u1ea3y ra cho m\u00e1y t\u00ednh c\u1ee7a h\u1ecd nh\u01b0ng \u0111\u00e2y l\u00e0 nh\u1eefng v\u1ea5n \u0111\u1ec1 nghi\u00eam tr\u1ecdng do b\u1ea3n ch\u1ea5t c\u1ee7a th\u00f4ng tin nh\u1ea1y c\u1ea3m \u0111\u01b0\u1ee3c l\u01b0u trong m\u00e1y t\u00ednh c\u1ee7a h\u1ecd. Ng\u00e0y nay, kh\u00f4ng c\u00f2n ch\u1ec9 l\u00e0 chuy\u1ec7n c\u00e1c hacker mu\u1ed1n ch\u1ee9ng minh r\u1eb1ng h\u1ecd c\u00f3 th\u1ec3 g\u00e2y h\u1ea1i g\u00ec \u0111\u00f3, hay nh\u1eefng k\u1ebb t\u1ed9i ph\u1ea1m mu\u1ed1n \u0111\u00e1nh c\u1eafp t\u00e0i kho\u1ea3n ng\u00e2n h\u00e0ng c\u00e1 nh\u00e2n v\u00e0 bu\u00f4n b\u00e1n c\u1ed5 ph\u1ea7n, m\u00e0 c\u1ea3 c\u00e1c c\u01a1 quan ch\u00ednh ph\u1ee7 c\u1ee7a c\u00e1c qu\u1ed1c gia n\u01b0\u1edbc ngo\u00e0i c\u0169ng mu\u1ed1n thu th\u1eadp th\u00f4ng tin nh\u1ea1y c\u1ea3m n\u1eefa.<\/p>\n

Theo b\u00e1o c\u00e1o an ninh, m\u1ecdi n\u0103m h\u00e0ng ngh\u00ecn h\u1ec7 th\u00f4ng tin b\u1ecb truy nh\u1eadp b\u1edfi nh\u1eefng ng\u01b0\u1eddi kh\u00f4ng c\u00f3 th\u1ea9m quy\u1ec1n b\u1edfi v\u00ec ng\u01b0\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m c\u1ee7a h\u1ecd \u0111\u00e3 t\u1ea1o ra l\u1ed7i l\u1eadp tr\u00ecnh. Ph\u1ea7n l\u1edbn c\u00e1c v\u1ea5n \u0111\u1ec1 an ninh \u0111\u1ec1u l\u00e0 k\u1ebft qu\u1ea3 t\u1eeb nh\u1eefng khi\u1ebfm khuy\u1ebft \u0111\u01b0\u1ee3c \u0111\u01b0a v\u00e0o m\u1ed9t c\u00e1ch b\u1ea5t c\u1ea9n trong khi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m. \u0110\u1ec3 gi\u1ea3m b\u1edbt v\u1ea5n \u0111\u1ec1 an ninh, \u0111i\u1ec1u quan tr\u1ecdng l\u00e0 t\u1ed5 ch\u1ee9c ph\u1ea3i gi\u1ea3m s\u1ed1 l\u1ed7i trong ph\u1ea7n m\u1ec1m nh\u01b0ng \u0111\u00e0o t\u1ea1o hi\u1ec7n th\u1eddi, \u0111\u1eb7c bi\u1ec7t trong ch\u01b0\u01a1ng tr\u00ecnh khoa h\u1ecdc m\u00e1y t\u00ednh l\u1ea1i ch\u1ec9 h\u1ed9i t\u1ee5 v\u00e0o v\u00f2ng \u0111\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m thay v\u00ec d\u1ef1a v\u00e0o ki\u1ec3m th\u1eed sau khi ph\u1ea7n m\u1ec1m \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e2y d\u1ef1ng. V\u1ea5n \u0111\u1ec1 kh\u00e1c l\u00e0 ng\u00e0y nay, nhi\u1ec1u ng\u01b0\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c \u0111\u00e0o t\u1ea1o trong “tr\u01b0\u1eddng hu\u1ea5n luy\u1ec7n” ch\u1ee9 KH\u00d4NG \u1edf \u0111\u1ea1i h\u1ecdc, c\u00e1c tr\u01b0\u1eddng n\u00e0y th\u1eadm ch\u00ed KH\u00d4NG d\u1ea1y c\u1ea5u tr\u00fac l\u1eadp tr\u00ecnh c\u01a1 b\u1ea3n m\u00e0 ch\u1ec9 “c\u00e1ch vi\u1ebft m\u00e3” \u0111\u1ec3 \u0111\u00e1p \u1ee9ng nhu c\u1ea7u th\u1ecb tr\u01b0\u1eddng. Sinh vi\u00ean \u0111\u01b0\u1ee3c d\u1ea1y nhi\u1ec1u v\u1ec1 “c\u00f4ng c\u1ee5 v\u00e0 th\u1ee7 thu\u1eadt” cho n\u00ean h\u1ecd c\u00f3 th\u1ec3 vi\u1ebft m\u00e3 m\u00e0 kh\u00f4ng hi\u1ec3u \u0111i\u1ec1u n\u1ec1n t\u1ea3ng.<\/p>\n

Vi\u1ec7n K\u0129 ngh\u1ec7 ph\u1ea7n m\u1ec1m (SEI) \u0111\u00e3 ph\u00e2n t\u00edch h\u00e0ng ngh\u00ecn ch\u01b0\u01a1ng tr\u00ecnh tr\u00ean kh\u1eafp th\u1ebf gi\u1edbi v\u00e0 th\u1ea5y r\u1eb1ng ngay c\u1ea3 nh\u1eefng ng\u01b0\u1eddi ph\u00e1t tri\u1ec3n c\u00f3 kinh nghi\u1ec7m c\u0169ng v\u1eabn \u0111\u01b0a v\u00e0o nhi\u1ec1u khi\u1ebfm khuy\u1ebft khi h\u1ecd ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m. V\u1ec1 c\u0103n b\u1ea3n ng\u01b0\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m trung b\u00ecnh \u0111\u01b0a v\u00e0o m\u1ed9t l\u1ed7i trong 10 d\u00f2ng m\u00e3. M\u1eb7c d\u1ea7u nhi\u1ec1u l\u1ed7i b\u1ecb b\u1eaft v\u00e0 lo\u1ea1i b\u1ecf b\u1edfi tr\u00ecnh bi\u00ean d\u1ecbch v\u00e0 ki\u1ec3m th\u1eed nh\u01b0ng m\u1ed9t s\u1ed1 v\u1eabn c\u00f2n l\u1ea1i. Nghi\u00ean c\u1ee9u ph\u1ea7n m\u1ec1m c\u1ee7a Carnegie Mellon ti\u1ebfn h\u00e0nh tr\u00ean h\u00e0ng ngh\u00ecn d\u1ef1 \u00e1n ph\u1ea7n m\u1ec1m ch\u1ec9 ra r\u1eb1ng n\u1ed9i dung khi\u1ebfm khuy\u1ebft trung b\u00ecnh c\u1ee7a ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c \u0111\u01b0a ra bi\u1ebfn thi\u00ean t\u1eeb 1 t\u1edbi 7 khi\u1ebfm khuy\u1ebft trong m\u1ed9t ngh\u00ecn d\u00f2ng m\u00e3. S\u1ef1 ki\u1ec7n th\u00fa v\u1ecb l\u00e0 tr\u00ean 90% v\u1ea5n \u0111\u1ec1 an ninh ph\u1ea7n m\u1ec1m b\u1ecb g\u00e2y ra b\u1edfi c\u00e1c ki\u1ec3u khi\u1ebfm khuy\u1ebft \u0111\u00e3 bi\u1ebft v\u00e0 m\u01b0\u1eddi nguy\u00ean nh\u00e2n h\u00e0ng \u0111\u1ea7u chi\u1ebfm t\u1edbi 75% c\u1ee7a t\u1ea5t c\u1ea3 nh\u1eefng \u0111i\u1ec3m mong manh. M\u1ed9t s\u1ed1 v\u1ea5n \u0111\u1ec1 b\u1ecb g\u00e2y ra b\u1edfi v\u1ea5n \u0111\u1ec1 thi\u1ebft k\u1ebf v\u00e0 ki\u1ebfn tr\u00fac ph\u00fac t\u1ea1p nh\u01b0 x\u00e1c th\u1ef1c kh\u00f4ng th\u00edch h\u1ee3p, th\u1ea9m quy\u1ec1n kh\u00f4ng h\u1ee3p th\u1ee9c, d\u00f9ng kh\u00f4ng \u0111\u00fang m\u1eadt m\u00e3, kh\u00f4ng b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u, v\u00e0 kh\u00f4ng ph\u00e2n ho\u1ea1ch c\u1ea9n th\u1eadn c\u00e1c \u1ee9ng d\u1ee5ng. Nh\u01b0ng ph\u1ea7n l\u1edbn b\u1ecb g\u00e2y ra b\u1edfi vi\u1ec7c b\u1ecf qu\u00ean \u0111\u01a1n gi\u1ea3n d\u1eabn t\u1edbi c\u00e1c ki\u1ec3u khi\u1ebfm khuy\u1ebft nh\u01b0 l\u1ed7i khai b\u00e1o, l\u1ed7i logic, l\u1ed7i ki\u1ec3m so\u00e1t chu tr\u00ecnh, l\u1ed7i bi\u1ec3u th\u1ee9c \u0111i\u1ec1u ki\u1ec7n, l\u1ed7i h\u1ee3p th\u1ee9c c\u00e1i v\u00e0o, l\u1ed7i \u0111\u1eb7c t\u1ea3 giao di\u1ec7n, l\u1ed7i c\u1ea5u h\u00ecnh, v\u00e0 kh\u00f4ng hi\u1ec3u v\u1ea5n \u0111\u1ec1 an ninh c\u01a1 s\u1edf. R\u00f5 r\u00e0ng l\u00e0 th\u1ef1c h\u00e0nh ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m ng\u00e0y nay d\u1eabn t\u1edbi ph\u1ea7n m\u1ec1m khi\u1ebfm khuy\u1ebft cho n\u00ean \u0111i\u1ec1u quan tr\u1ecdng l\u00e0 ng\u01b0\u1eddi ph\u00e1t tri\u1ec3n ph\u1ea3i \u0111\u01b0\u1ee3c \u0111\u00e0o t\u1ea1o trong l\u1eadp tr\u00ecnh an ninh nh\u01b0ng thay \u0111\u1ed5i trong \u0111\u00e0o t\u1ea1o \u0111\u1ea1i h\u1ecdc l\u1ea1i r\u1ea5t ch\u1eadm v\u00e0 \u0111\u00f3 l\u00e0 l\u00ed do t\u1ea1i sao an ninh v\u1eabn l\u00e0 v\u1ea5n \u0111\u1ec1 ch\u00ednh.<\/p>\n

\u0110\u1ec3 qu\u1ea3n l\u00ed c\u00e1c r\u1ee7i ro an ninh n\u00e0y, ng\u01b0\u1eddi qu\u1ea3n l\u00ed h\u1ec7 th\u00f4ng tin ph\u1ea3i ti\u1ebfn h\u00e0nh c\u00e1c cu\u1ed9c ki\u1ec3m \u0111i\u1ec3n an ninh th\u01b0\u1eddng xuy\u00ean. H\u1ecd ph\u1ea3i bi\u1ebft c\u00e1ch thi\u1ebft l\u1eadp b\u1ea3o v\u1ec7 n\u00e0o \u0111\u00f3 ch\u1ed1ng l\u1ea1i c\u00e1c m\u1ed1i \u0111e do\u1ea1 c\u1ee7a ng\u01b0\u1eddi ngo\u00e0i v\u00e0 \u0111\u1ea3m b\u1ea3o r\u1eb1ng ng\u01b0\u1eddi c\u1ee7a h\u1ecd c\u00f3 hi\u1ec3u bi\u1ebft v\u1ec1 th\u1ef1c h\u00e0nh an ninh. Sai l\u1ea7m th\u00f4ng th\u01b0\u1eddng nh\u1ea5t c\u1ee7a ng\u01b0\u1eddi d\u00f9ng l\u00e0 m\u1edf email \u0111\u01b0\u1ee3c t\u1ef1 nhi\u00ean g\u1eedi t\u1edbi kh\u00f4ng c\u00f3 quan h\u1ec7 hay b\u1ea5m v\u00e0o th\u00f4ng tin qu\u1ea3ng c\u00e1o kh\u00f4ng bi\u1ebft cho n\u00ean \u0111i\u1ec1u b\u1ea3n ch\u1ea5t l\u00e0 ng\u01b0\u1eddi qu\u1ea3n l\u00ed h\u1ec7 th\u00f4ng tin ti\u1ebfn h\u00e0nh \u0111\u00e0o t\u1ea1o \u0111\u1ec3 nh\u1eafc nh\u1edf ng\u01b0\u1eddi d\u00f9ng v\u1ec1 nguy hi\u1ec3m c\u1ee7a nh\u1eefng ki\u1ec3u sai l\u1ea7m n\u00e0y. C\u00e1ch kh\u00e1c t\u1ed1t h\u01a1n l\u00e0 c\u1ea3i ti\u1ebfn qui tr\u00ecnh ph\u00e1t tri\u1ec3n ph\u1ea7n m\u1ec1m v\u00e0 x\u00e2y d\u1ef1ng ph\u1ea7n m\u1ec1m t\u1ed1t h\u01a1n v\u00e0 an ninh h\u01a1n, b\u1edfi v\u00ec n\u00f3 s\u1ebd t\u1ea1o ra ph\u1ea7n m\u1ec1m v\u1edbi \u00edt khi\u1ebfm khuy\u1ebft h\u01a1n v\u00e0 \u00edt mong manh cho hacker t\u1ea5n c\u00f4ng. \u0110i\u1ec1u c\u0169ng quan tr\u1ecdng l\u00e0 nh\u1eadn di\u1ec7n b\u1ea5t k\u00ec c\u1ea5u ph\u1ea7n ph\u1ea7n m\u1ec1m c\u1ed1t y\u1ebfu n\u00e0o ki\u1ec3m so\u00e1t c\u00e1c ch\u1ee9c n\u0103ng li\u00ean k\u1ebft v\u1edbi an ninh. Nh\u1eefng c\u1ea5u ph\u1ea7n \u0111\u00f3 ph\u1ea3i \u0111\u01b0\u1ee3c gi\u00e1m s\u00e1t ch\u1eb7t ch\u1ebd qua ph\u00e1t tri\u1ec3n v\u00e0 ki\u1ec3m th\u1eed.<\/p>\n

H\u01a1n bao gi\u1edd h\u1ebft, \u0111\u00e0o t\u1ea1o \u201cl\u1eadp tr\u00ecnh an ninh\u201d cho m\u1ecdi nh\u00e2n vi\u00ean v\u00e0 c\u00f3 ng\u01b0\u1eddi qu\u1ea3n l\u00ed h\u1ec7 th\u00f4ng tin c\u00f3 hi\u1ec3u bi\u1ebft v\u1ec1 an ninh c\u00f3 th\u1ec3 l\u00e0 \u0111\u1ea7u t\u01b0 t\u1ed1t nh\u1ea5t m\u00e0 c\u00f4ng ti c\u00f3 th\u1ec3 l\u00e0m.<\/p>\n

 <\/p>\n

—-English version—-<\/p>\n

 <\/p>\n

IT security<\/p>\n

According to the latest Carnegie Mellon\u2019s Software Engineering Institute security report, last year there were more than ten thousand cases of computer attacks, intrusions, and plantings of malicious code from \u201cunknown people\u201d around the world. That\u2019s up 86 percent from the previous year and 146 percent from two years ago. The increase of computer attack has raised the importance of managing security risk in every company as well as at the individual level. Everybody could be the target of attack, from the Chief Information Officer (CIO) of a large company to a highschool student in a small city, anyone with a personal computer or a smart-phone could be victim.<\/p>\n

Few weeks ago, a president of a large bank in the U.S found that his computer was automatically sending important financial data to computers located in several countries around the world. In other word, he had been the victim of a \u201cphishing attack\u201d by hackers. Once they got inside his computer, they can use his personal computer as an instrument to capture any information they wanted and access to computers of people who work for his bank, because after all, he is at the highest level of management. How much damage is not known at this time, what hackers are doing with the information is also not determined yet but it could be severe.<\/p>\n

There were similar problems happened to government officials around the world when they visited certain websites or opened an unsolicited emails from unknown persons. Of course, government officers never disclosed information about what happened to their computers but theses were all serious problems due to the nature of sensitive information stored in their computers. Today, it is no longer just hackers want to prove that they can do some damages, or criminals who want to steal personal bank and stock trading accounts, but also government agencies of foreign nationals who want to collect sensitive information too.<\/p>\n

According to the security reports, every year thousands of information systems are accessed by unauthorized persons because their software developers have made programming errors. Most security issues are resulting from defects that are unintentionally introduced during software development. To reduce security problems, it is important that organization must reduce number of defects in software but current training, especially in computer science program is only focusing on teaching programming not \u201csecured programming\u201d where security is integrated into the software development life cycle rather than rely on testing after software already being built. Another problem is today, many software developers are trained in \u201ctraining school\u201d NOT university, these schools do NOT even teach basic programming structure but only on \u201chow to code\u201d to meet market demand. Students are taught a lot of \u201cTools and tricks\u201d so they can code without any understanding of the fundamental.<\/p>\n

The Software Engineering Institute (SEI) have analyzed thousands of programs all over the world and found that even experienced developers still inject many defects as they develop software. Typically an average developer injects one defect for every 10 lines of code. Although many are caught and removed by compilers and tests but some are still remain. Carnegie Mellon\u2019s software studies conducted on thousands of software projects show that the average defect content of released software varies from about 1 to 7 defects per thousand lines of code. The interesting fact is over 90% of software security issues are caused by known defect types and the top ten causes account for about 75% of all vulnerabilities. Some problems are caused by sophisticated architectural and design issues such as inadequate authentication, invalid authorization, incorrect use of cryptography, failure to protect data, and failure to carefully partition applications. But most are caused by simple oversight that leads to defect types such as declaration errors, logic errors, loop control errors, conditional expressions errors, failure to validate input, interface specification errors, configuration errors, and failure to understand basic security issues. It is clear that software development practices today lead to defective software so it is important that developers must be trained in security programming but change in university training is very slow and that is why security is still a major issue.<\/p>\n

To manage these security risks, information system manager must conduct security reviews often. They must know how to set up certain protection against threats by outsiders and ensure that their people is knowledgeable about security practices. The most common mistake of users is opening of unsolicited emails or click into unknown advertising information so it is essential that information system managers conduct trainings to remind users about the dangerous of these mistakes. The other better ways are improving the software development process and building better and more secured software, because it will produce software with fewer defects and less vulnerable to hackers attack. It is also important to identify any critical software components that control functions associated with security. Those components must be monitored closely throughout development and testing.<\/p>\n

More than ever, \u201csecured programming\u201d training for all employees and having a security knowledgeable Information System Manager could be the best investment a company could make.<\/p>\n","protected":false},"excerpt":{"rendered":"

Theo b\u00e1o c\u00e1o an ninh m\u1edbi nh\u1ea5t c\u1ee7a Vi\u1ec7n K\u0129 ngh\u1ec7 ph\u1ea7n m\u1ec1m Carnegie Mellon, n\u0103m ngo\u00e1i \u0111\u00e3 c\u00f3 h\u01a1n m\u01b0\u1eddi ngh\u00ecn tr\u01b0\u1eddng h\u1ee3p t\u1ea5n … <\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[],"class_list":["post-2784","post","type-post","status-publish","format-standard","hentry","category-cong-nghe-thong-tin"],"_links":{"self":[{"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/posts\/2784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/science-technology.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2784"}],"version-history":[{"count":1,"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/posts\/2784\/revisions"}],"predecessor-version":[{"id":2785,"href":"https:\/\/science-technology.vn\/index.php?rest_route=\/wp\/v2\/posts\/2784\/revisions\/2785"}],"wp:attachment":[{"href":"https:\/\/science-technology.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/science-technology.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/science-technology.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}