微软Office 2010用户的安全与隐私策略(2012年版)

需积分: 1 98 浏览量更新于2024-07-21 收藏 7.16MB PDF 举报

《安全与隐私：Microsoft Office 2010 用户指南 (2012年3月版)》由Mitch Tulloch编著，由微软出版社发行，是微软公司针对其旗舰办公软件Office 2010用户的一本专业参考书籍。这本书详细探讨了在使用Microsoft Office 2010时，用户如何保护数据安全和个人隐私，以及如何应对日益增长的信息安全管理需求。书中涵盖了以下关键知识点： 1. **安全概述**：章节首先介绍了Office 2010的安全架构，包括身份验证、访问控制和权限管理，确保只有授权用户能访问敏感信息。 2. **数据加密**：讨论了Office应用程序（如Word、Excel和PowerPoint）内置的加密功能，如信息工作簿保护和邮件加密，以及如何设置强密码策略。 3. **隐私设置**：讲解如何调整Office应用程序的隐私选项，例如阻止追踪，管理网站数据收集，以及控制个人信息在SharePoint和其他协作平台上的可见性。 4. **云安全**：针对Office 365用户，强调了如何通过Office Online服务来保护云端文档的安全，包括OneDrive和SharePoint Online的隐私设置与安全措施。 5. **恶意软件防护**：提供了有关如何识别和防御电子邮件中的病毒、宏攻击和钓鱼邮件的策略，以及如何使用Windows Defender Antivirus对Office文件进行扫描。 6. **安全更新与补丁管理**：强调定期更新Office和操作系统的重要性，以及如何管理自动安装的安全更新以保持系统的安全性。 7. **合规性与法规遵从**：针对企业用户，讨论了如何满足GDPR等数据保护法规，以及如何实施适当的数据保留策略。 8. **应急响应与恢复**：书中还包含了一部分关于灾难恢复计划、备份策略和数据丢失预防措施的实用建议。 9. **用户教育与培训**：鼓励用户了解基本的安全意识，如何创建安全的密码习惯，并提供了一些针对不同用户角色的培训材料。 10. **联系与支持**：最后，本书提供了技术支持联系信息，以便用户在遇到问题时寻求帮助，并鼓励读者参与电子书的反馈调查，以改进后续版本的内容。《安全与隐私：Microsoft Office 2010 用户指南》是一本全面且实用的资源，旨在帮助用户在享受Office 2010的强大功能的同时，有效地保护个人和组织的数据安全与隐私。随着技术的不断发展，书中的一些具体功能可能会有所变化，但其核心原则对于理解和维护现代办公环境下的信息安全仍然具有重要意义。

4 Chapter 1 Why Should I Care?

A better alternative might be to implement a Digital Rights Management System

(DRMS) on the company’s network so that users can view and work with documents

but not copy their content or open them on non-corporate devices.But this technical

solution to enforcing the company’s “shall not make copies” policy has two potential

problems associated with it. First, it costs money to do this—the business may need to

buy an additional server, pay licensing fees to the DRMS vendor, and create a training

program to educate users on how to work with DRMS-protected documents. Of course,

if management believes that the added security and privacy DRMS can provide the

company is worth the money it takes to procure, implement, and maintain the system,

then this problem can be overcome. And if you are a user in an organization that has a

DRMS in place, you’ll have to learn to adjust to how this affects the way you work.

The second problem, however, is trickier: No security is bulletproof, and even DRMS can

be circumvented. For example, all it takes is a camera-equipped cellphone for the user

to take a photo of a DRMS-protected document displayed on her computer screen, and

then she can walk out of the building with sensitive business records in her pocket. Or a

user could simply take a photo of his computer screen and then email the photo using

his cell phone. To prevent such things from occurring, the organization would need to

conscate all users’ cell phones when they enter the building, store them somewhere,

and return them to the users when they leave. This, of course, probably will be seen as

a huge inconvenience by some users, and some of these people may try to smuggle

their cell phones past the security personnel. The organization then may try to create

a technical solution to this new problem by installing a walk-through metal detector at

the entrance to the building, but such a solution is not only costly, but is also extremely

intrusive to users who may face body searches when something they’re carrying (which

may be perfectly innocent) sets off the detector.

The bottom line here is that many, if not most, security/privacy breaches can’t be

prevented by technical means alone. Organizations also need easy-to- understand and

well-communicated security policies and be consistent in how they enforce them. That’s

because users indeed are often the weak link in ensuring the security and privacy of an

organization’s condential business information.

6 Chapter 1 Why Should I Care?

Let’s consider the positive rst. How can you, a lowly ofce worker, contribute

to ensuring that your company’s business systems and data are secure and kept

condential?

■

Do your best to not just comply with company security policies, but also

understand why they are important. Remember, if the business fails, you’ll lose

your job, too.

■

Understand that not every frustrating, annoying, or even maddening policy that

upper management decrees originated from them. Organizations today are often

legally required to comply with a host of rules and regulations laid down by

various levels of government. So sometimes their hands are tied when it comes to

certain privacy and security policies they must institute in the organization.

■

Do your best to be friendly and polite in all your dealings with IT, especially with

help-desk incidents. Technology is constantly changing at a rapid pace, and few

can keep on top of all the changes. This can make IT a maddeningly challenging

eld to be in, so you need to understand the pressures that IT staff face each day.

Also, remember that those help-desk people are trying to do their jobs, just as

you are.

■

Do not try to circumvent the security controls that IT has put in place on your

company’s network. Those controls are there for a reason—usually to protect the

organization’s systems and data, but sometimes simply to make life easier for IT

staff.

■

Seek out and use the appropriate communications channels for providing

feedback to management on company security policies and for making requests

to IT for new hardware, software or services. Be sure to make the business

justication clear for any changes you request from IT. If they indicate that they

can’t do as you request, there’s probably a good reason for this.

Finally, what about the negative side of all this? What could you, the exasperated ofce

worker, do that might contribute negatively to the security of your company’s business

systems and privacy of their sensitive business data? Here are a few things you should

avoid doing if at all possible:

■

Do not deliberately do anything that’s expressly forbidden by the corporate

security policy. This might include things like taking work home by copying les to

unencrypted USB ash drives, telling others your password so they can check your

email for you when you’re sick at home, using your personal cell phone for making

condential business calls, clicking links in phishing emails instead of immediately

deleting the emails or reporting them to the help desk, and so on.

剩余97页未读，继续阅读

hyyzxqh

粉丝: 1
资源: 17

微软Office 2010用户的安全与隐私策略(2012年版)

OS.X.Security.and.Privacy.Yosemite.Edition.epub

Nmap.Network.Exploration.and.Security.Auditing.Cookbook.2nd.Edition.2017.5.pdf

neo4j.conf中没有dbms.security.credentials

no authenticationprovider found for com.ly.ad.framework.security.filter.phon

Parameter 0 of method managementSecurityFilterChain in org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration required a bean of type 'org.springframework.security.config.annotation.web.builders.HttpSecurity' that could not be found.

Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler@1e86a5a7' of type [org.springframework.security.access.expression.method

可以尝试使用 android.security.keystore.KeyProtection 代替 java.security.KeyStore$PasswordProtection 怎么代替

写两段 java 代码。第一段，读取 PEM 格式密钥，并转换为 java.security.PrivateKey；第二段， 将 byte[] 格式公钥转换为 java.security.PublicKey

最新资源

写两段 java 代码。第一段，读取 PEM 格式密钥，并转换为 java.security.PrivateKey；第二段，将 byte[] 格式公钥转换为 java.security.PublicKey