漏洞的进化(CNCERT/CC CNVD)

漏洞的进化 ,[object Object]

漏洞是什么？什么是漏洞？

风险评估国家标准中风险管理的要素化

最精简的风险管理３要素

风险立方体中的安全工作资产威胁措施

GB 中的风险 10 要素与三要素对应

对于资产，漏洞有寄生属性

漏洞的寄生，是其存在 ,[object Object],[object Object]

从资产的演化看漏洞的寄生进化

对于威胁，漏洞有利用属性 ,[object Object]

漏洞被利用，是其宿命 ,[object Object]

广义威胁用例威胁标识 : nnnn P 防范 W 预警 D 检测 R 响应 R 恢复 C 反击威胁环境 ** ** 威胁来源 ** ** ** 威胁对象 ** 威胁内因 **** ** ** ** 威胁途径 **** ** ** ** ** 威胁时序 **** ** ** ** 威胁结果 ** ** ** 其他

奥巴马 60 天报告：中期行动计划 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

围绕威胁利用所推进的研究工作 ,[object Object],[object Object],威胁场景多维属性分类树

对于措施，漏洞有抗生属性

漏洞的抗生，是其必然 ,[object Object]

安全的两个认识观 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

漏洞的抗生，是其必然 ,[object Object],[object Object],[object Object],[object Object]

基于缓冲的安全 ,[object Object]

安全——及时的检测和处理时间 Pt Dt Rt

什么是安全？ Pt Dt Rt > + ,[object Object]

缓冲的观点 ,[object Object],[object Object],[object Object],[object Object]

缓冲的观点 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

中药方剂的君臣佐使之道 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

研究中 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

2010RSA 大会看热度变化绿 2009 ，蓝 2010 ，红增额

2010 年增加最多的产品类 2010 差额 Data Security 44 44 Threat Management 32 32 Encryption 30 30 Cloud Computing 36 29 Online Security 17 17 PCI 30 14 Mobile Device Security 14 14 Insider Threats 12 12 Zero Day Vulnerability 11 11 Forensics 19 10 Biometrics 10 10 Identity Theft 10 10 Security Architecture 10 10 2010 差额 Botnet 9 9 Standard 9 9 Healthcare 8 8 Governance 7 7 Hacking 7 7 Intrusion Detection 34 6 Security Education 12 6 Visualization 8 6 Exploit of Vulnerability 6 6 Web2.0 6 6 Cybercrime 20 5 DLP 8 5 Web Server Security 5 5

2010 年减少最多的产品类产品类 2009 差 Secure File Transfer 14 -5 Software Code Vul. Analysis 11 -5 Physical Security 10 -5 User Awareness 5 -5 Messaging Security 17 -6 Network Protocol Security 15 -6 Configuration Patch Management 11 -6 Risk Management 41 -7 Policy management enforcement 26 -7 Wireless Security 19 -7 Content Filtering 24 -8 Password Management 21 -8 Endpoint Security 45 -9 VPN 15 -9 2009 差 Application Security 46 -10 Encryption key management 25 -10 Identity Management 40 -11 Authentication 47 -12 Database Security 22 -12 Access Control 45 -14 Web Services Security 24 -16 Web Filtering 16 -16 Compliance PCI 24 -24 Enterprise Security Management 76 -28

变化不大的热门产品 2009 2010 Security Ecommerce 12 12 Virtualization 14 12 Privacy 8 11 Government Standards 10 11 Security Consulting 15 11 Storage Security 10 10 Penetration Testing 10 9 SSO 10 9 Incident Response 13 9 2009 2010 Compliance Management 55 55 Anti Malware 33 30 Vulnerability Assessment 28 28 Firewalls 24 24 Managed Security Services 18 22 Anti Spam 20 19 SIEM 15 15 Audit 19 15 Remote Access 16 14

漏洞，我们与其共生在一个生态系统中

漏洞的进化(CNCERT/CC CNVD)

Recommended

Recommended

More Related Content

What's hot

What's hot (11)

Viewers also liked

Viewers also liked (20)

Similar to 漏洞的进化(CNCERT/CC CNVD)

Similar to 漏洞的进化(CNCERT/CC CNVD) (20)

漏洞的进化(CNCERT/CC CNVD)

Editor's Notes