Office 2010安全与隐私全攻略：微软官方指南

需积分: 10 160 浏览量更新于2024-07-27 收藏 7.21MB PDF 举报

《2010年Office用户安全与隐私指南》是由微软官方出版的一份详细文档，旨在为Office 2010的使用者提供关于数据保护和隐私管理的全面指导。本书由微软公司出版部——位于美国华盛顿州雷德蒙德的微软大厦——编写，版权归属于2012年的微软公司，所有内容未经许可不得复制或传播。本书的核心内容围绕以下几个关键知识点展开： 1. **安全性**： - 着重介绍了Office 2010的安全特性，包括但不限于密码保护、权限管理和身份验证机制。用户如何设置强密码、启用两步验证以及管理应用程序的访问权限是本书的重点。 - 解释了Office的安全更新和补丁程序的重要性，确保软件始终抵御最新的威胁，如病毒、间谍软件和恶意软件。 - 讨论了Office的信息保护措施，如使用BitLocker驱动器加密来保护硬盘上的敏感数据，以及文件共享和协作的安全策略。 2. **隐私保护**： - 书中详细阐述了如何在Office环境中管理用户数据隐私，如如何控制个人资料的可见性和访问，以及如何使用隐私设置保护电子邮件、联系人和日历信息不被滥用。 - 对隐私政策和法规的遵循进行了讲解，以确保用户了解并遵守相关的数据保护规定，比如欧洲的GDPR（一般数据保护条例）和美国的CCPA（加州消费者隐私法）。 3. **最佳实践**： - 提供了一系列实用的建议和技巧，帮助用户在日常办公中实施安全和隐私的最佳实践，如创建安全的工作环境、避免网络钓鱼攻击和社交工程手段。 - 教授用户如何识别和应对潜在的安全威胁，比如如何处理可疑的附件或链接，以及如何定期进行数据备份和恢复策略。 4. **技术支持**： - 包含了联系Microsoft Press Book Support的途径，以便用户在遇到与本书内容相关的问题时能够得到及时的帮助和支持。 - 鼓励读者通过微软网站反馈对书籍的评价，以便持续改进和优化安全和隐私指导。《Security and Privacy for Office 2010 Users》是一本为满足现代办公环境中对数据安全与隐私保护需求的专业指南，旨在提升用户对于Office 2010平台使用的安全性，降低风险，并符合日益严格的法规要求。通过阅读和遵循本书提供的策略，Office 2010用户可以更好地保护自己和组织的数据资产。

4 Chapter 1 Why Should I Care?

A better alternative might be to implement a Digital Rights Management System

(DRMS) on the company’s network so that users can view and work with documents

but not copy their content or open them on non-corporate devices.But this technical

solution to enforcing the company’s “shall not make copies” policy has two potential

problems associated with it. First, it costs money to do this—the business may need to

buy an additional server, pay licensing fees to the DRMS vendor, and create a training

program to educate users on how to work with DRMS-protected documents. Of course,

if management believes that the added security and privacy DRMS can provide the

company is worth the money it takes to procure, implement, and maintain the system,

then this problem can be overcome. And if you are a user in an organization that has a

DRMS in place, you’ll have to learn to adjust to how this affects the way you work.

The second problem, however, is trickier: No security is bulletproof, and even DRMS can

be circumvented. For example, all it takes is a camera-equipped cellphone for the user

to take a photo of a DRMS-protected document displayed on her computer screen, and

then she can walk out of the building with sensitive business records in her pocket. Or a

user could simply take a photo of his computer screen and then email the photo using

his cell phone. To prevent such things from occurring, the organization would need to

conscate all users’ cell phones when they enter the building, store them somewhere,

and return them to the users when they leave. This, of course, probably will be seen as

a huge inconvenience by some users, and some of these people may try to smuggle

their cell phones past the security personnel. The organization then may try to create

a technical solution to this new problem by installing a walk-through metal detector at

the entrance to the building, but such a solution is not only costly, but is also extremely

intrusive to users who may face body searches when something they’re carrying (which

may be perfectly innocent) sets off the detector.

The bottom line here is that many, if not most, security/privacy breaches can’t be

prevented by technical means alone. Organizations also need easy-to- understand and

well-communicated security policies and be consistent in how they enforce them. That’s

because users indeed are often the weak link in ensuring the security and privacy of an

organization’s condential business information.

6 Chapter 1 Why Should I Care?

Let’s consider the positive rst. How can you, a lowly ofce worker, contribute

to ensuring that your company’s business systems and data are secure and kept

condential?

■ Do your best to not just comply with company security policies, but also

understand why they are important. Remember, if the business fails, you’ll lose

your job, too.

■ Understand that not every frustrating, annoying, or even maddening policy that

upper management decrees originated from them. Organizations today are often

legally required to comply with a host of rules and regulations laid down by

various levels of government. So sometimes their hands are tied when it comes to

certain privacy and security policies they must institute in the organization.

■ Do your best to be friendly and polite in all your dealings with IT, especially with

help-desk incidents. Technology is constantly changing at a rapid pace, and few

can keep on top of all the changes. This can make IT a maddeningly challenging

eld to be in, so you need to understand the pressures that IT staff face each day.

Also, remember that those help-desk people are trying to do their jobs, just as

you are.

■ Do not try to circumvent the security controls that IT has put in place on your

company’s network. Those controls are there for a reason—usually to protect the

organization’s systems and data, but sometimes simply to make life easier for IT

staff.

■ Seek out and use the appropriate communications channels for providing

feedback to management on company security policies and for making requests

to IT for new hardware, software or services. Be sure to make the business

justication clear for any changes you request from IT. If they indicate that they

can’t do as you request, there’s probably a good reason for this.

Finally, what about the negative side of all this? What could you, the exasperated ofce

worker, do that might contribute negatively to the security of your company’s business

systems and privacy of their sensitive business data? Here are a few things you should

avoid doing if at all possible:

■ Do not deliberately do anything that’s expressly forbidden by the corporate

security policy. This might include things like taking work home by copying les to

unencrypted USB ash drives, telling others your password so they can check your

email for you when you’re sick at home, using your personal cell phone for making

condential business calls, clicking links in phishing emails instead of immediately

deleting the emails or reporting them to the help desk, and so on.

剩余97页未读，继续阅读

zmagical

粉丝: 0
资源: 8

Office 2010安全与隐私全攻略：微软官方指南

Security and Privacy for Next-Generation Wireless Networks

IEEE Symposium on Security and Privacy影响因子

cloud security alliance

大数据安全与隐私保护技术的文献综述

设计一个毕业生闲置物品管理系统功能需求

spring security

2021 security and communication networks

Trust-Aware Service Offloading for Video Surveillance in Edge Computing Enabled Internet of Vehicles

Elasticsearch built-in security features are not enabled. Without authentication, your cluster could be accessible to anyone

springboot3 security jwt

最新资源