(完整版)企业网络安全策略白皮书

IT系统安全白皮书第一章企业与信息安全1.1 企业风险与安全1.2 信息安全的重要性及价值分析第二章信息安全基础及发展趋势2.1 进一步了解信息安全2.2 信息系统安全发展历程2.3 信息安全国际标准及组织2.4 OSI安全模型2.5 安全子系统2.6 揭穿黑客攻击术2.7 安全技术发展趋势第三章安全之道—MASS3.1 MASS的安全模型3.2 构建安全架构3.3 与总体解决方案架构的整合第四章实践及案例分析4.1 IT基础设施与网络安全4.2 访问控制4.3 身份和信任管理4.4 安全审核4.5 MASS架构整体安全解决方案实例第五章结束篇第一章企业与信息安全|信息安全的重要性及价值分析企业风险与安全1.1 企业风险与安全911事件以后，安全问题成为一个热门的话题，刚刚结束的雅典奥运会在安全方面的投入就超过了20亿美元。

对于企业来说，在进行商务活动的时候始终面临风险，这些风险是固有的，其存在于企业与客户和合作伙伴的日常接触之中。

了解这些风险与相应的安全解决方案是降低这些风险的前提。

企业通过提供产品与服务创造价值，在提供产品与服务的过程中不可避免的要跨越一些物理或逻辑上的边界。

这些边界是应该被安全地保护的，然而有效地保护这些边界并不是一件容易的事情。

大多数企业并不是一张白纸，它们已经存在了一些人员、流程和资源。

一个全面安全计划的实施会破坏当前企业的运作。

因此绝大多数企业在这些年一直为“如何实施安全解决方案以降低商业风险？”的问题所困绕。

1.1.1 企业风险安全不仅仅是产品，也不仅仅是服务。

它是企业创造价值的过程中的一个必要条件，安全包含了物理的安全：如警卫、枪支、门禁卡；安全产品：如防火墙、入侵检测系统、安全管理工具和安全管理服务。

安全不是绝对的，世界上不存在绝对的安全，企业始终面临着风险，有些风险可以避免，有些风险可以降低，而有些是可以接受的。

一个企业如果了解了这些风险，并且处理好这些风险，那么它就是安全的。

Secure Segmentation Prevents Flat Networks from Failing When AttackedBuilding Effective Enterprise Security RequiresNetwork and Business Leaders to Think Differently WHITE PAPERExecutive SummaryHybrid IT and adopting work-from-anywhere (WFA) strategies have led to theexponential expansion of new network edges. And for many organizations, thishas resulted in an expanded and fragmented attack surface that has becomea perfect opportunity for bad actors to launch cybersecurity attacks from newattack vectors, undermining the ability of network and security leaders to maintainbusiness operations.Traditional flat networks, even those using network-based segmentation ormicrosegmentation techniques, cannot detect or prevent many of today’s moresophisticated attacks. Part of the problem is that many of these networks stillprovide single-time authenticated users and devices with unfettered accessto virtually any application. Such implicit trust policies provide free rein acrosspermitted segments while reducing visibility across the network, especially intoencrypted paths. And the lack of integration between security and networkelements constrains their ability to perform essential firewall functions—let alone advanced security inspection—at the growing number of dynamic network edges and junctions, rendering them unable to contain cyberattacks.The Challenge of Securing Disparate NetworksOrganizations are deploying hybrid IT architectures comprising campuses, data centers, interconnecting branches, homeoffices, mobile workers, and multi-clouds to accelerate digital innovation and optimize and develop new products. And nearly all these networks are being enhanced with 5G, which adds hyper-performance to an already complex network environment.The recent transition to a new hybrid workforce approach has compounded this challenge. Many employees work at least part-time from home, with their devices following them everywhere they go. And applications continue to migrate to one ormore clouds, including data center and private clouds, as well as Software-as-a-Service (SaaS)-based solutions. Looking at the mobility of users and the disparate locations of applications, the question facing many IT teams is: How do we deliver consistent security everywhere? And how can users safely consume applications from any location, on any device, at any time?These new hybrid worker and IT paradigms have led to an exponential expansion of the network edge, resulting in an expanded attack surface and fragmented visibility and control. The result is a perfect platform from which bad actors can successfully launch cyberattacks and undermine business continuity. And while some of this network transformation is the result ofintentional digital acceleration, some of it is also happening organically. For example, mergers and acquisitions activity often results in a diverse and fractured infrastructure with limited coordination or visibility between different parts of the organization.One challenge arising from these expanding and fragmenting attack surfaces is that they create numerous new paths through which criminals can attack, along with new devices and interconnected applications and network environments for them to target. The need for new devices and software to support digital acceleration efforts has contributed to the growing volume of vulnerabilities targeted by new or improved cyberthreats. Common Vulnerabilities and Exposures (CVEs), the list of publiclydisclosed computer security flaws, reached an all-time high in 2022, with critical vulnerabilities up 59% over 2021.1 That listis only expected to grow. This has caused many IT teams to struggle with keeping their distributed devices and applicationspatched, especially as home networks leverage personal technologies to access business applications deployed in hybrid cloud and on-premises environments—a fact that cybercriminals have been all too eager to exploit.And at the same time, threats are increasingly sophisticated, automatically seeking and exploiting vulnerabilities with advanced malware, making security a reactive exercise in many organizations. Increasingly sophisticated threats, many enhanced with automation and artificial intelligence (AI), regularly target high-priority sectors such as critical infrastructure, healthcare, information technology, financial services, and energy. Ransomware, in particular, has become a significant concern for mostorganizations. Although 78% of organizations felt prepared for ransomware attacks, half still fell victim to attacks.2 Organizations are more concerned about ransomware than any other cyberthreat.Fortinet survey finds 78% of organizations felt prepared for ransomware attacks, yet half still fell victim.78%Difficulty Managing Disparate Networks: Is Segmentation the Answer?Network engineering and operations leaders have responded to these challenges for years by building strong perimeter defenses to prevent attacks and segmenting their networks internally for operational controls.Traditional network segmentation techniques based on IP addresses have primarily been augmented with VLANs, with VXLAN-based segmentation techniques supporting large-scale virtualization deployments and enabling more granular controls. Other methods include VMware NSX segmentation for virtualized workloads and Cisco ACI Application segmentation using physical switches. And there is a plethora of host-based segmentation techniques that leverage agents running on hosts that need to be segmented.These microsegmentation techniques enable access control policies to be defined by workloads, applications, or architectural attributes such as the virtual machines (VM) on which the applications, data, and operating systems reside.However, such segmentation and microsegmentation approaches are not the panacea they are sometimes hailed to be. Segmented and microsegmented networks must still perform advanced security inspection at each segmentation edge and juncture. Otherwise, they cannot prevent intrusions from moving laterally across the devices and applications that connect to and traverse the resulting flat network, whether within a single segment or for the many applications and workflows moving across multiple segments.Why Traditional Segmentation Fails to Protect the EnterpriseAccess control for internal network segments tends to be designed from the architecture up. As a result, security is neither intrinsically nor deeply integrated into networking. Instead, it is applied as an overlay, which may be fine for static networks and largely predictable workflows and transactions. But such tactical approaches mean that security policies, inspection, and enforcement cannot quickly adapt to evolving business needs or dynamic networks, and such changes leave security gaps targeted by cybercriminals.There are three critical reasons why segmentation alone will not protect today’s dynamic hybrid networks.1. The trust valuations on which access policies are based tend to be static, implicit, and unrestricted. The inability to continually verify users and devices creates compliance and control challenges, especially when a user or device becomes compromised.2. Access control policies cannot be effectively enforced due to a lack of advanced (Layer 7) security detection and inspection across the hybrid IT. Isolated legacy security solutions cannot see and control these components efficiently or adapt in real time to changes in the network.3. These problems often stem from network engineering and operations staff planning their segmentation architecture without adequate attention to identity, visibility, and security. Understanding these issues and their aggregate impact can lead to a more risk-aware and responsive approach to segmentation.Why a Traditional Bolted-on Network Security Approach Is IneffectiveOrganizational needs usually dictate corporate network design, with the rules governing who and what can access which network resources being determined by business policies, industry standards, and government regulations. The network operations team then uses these rules to configure the access control settings in their routers and switches that permit users, devices, and applications to access specific network resources. While this approach may seem straightforward,network engineering and operations leaders should immediately recognize some critical downsides.First, the needs of today’s organizations are evolving, and the growing demand for flexibility and agility is impacting corporate network design. As a result, business processes, compliance requirements, and network access requirements have become vastly more complex than the network structure. Consequently, it is ineffective to use the network architecture to define and secure network segments for those resources that must be simultaneously accessible to all authorized users and applications (and utterly inaccessible to all others).To effectively manage security risks, network engineering and operations leaders must instead rely on current and accurate information on the trustworthiness of users, applications, and network assets at all times. Unfortunately, traditional network connectivity—including intelligent application-driven solutions such as SD-WAN deployed in hybrid IT architectures—does not include seamless security integration. Other issues, such as the proliferation of unknown Internet-of-Things (IoT) devices and ongoing OT and IT integration, create additional challenges around visibility and security.Trust Valuations Based on Statistics and Implicit Access Allow BreachesMany of today’s most damaging security breaches are due to compromised user accounts and passwords, and users with inappropriate access levels exacerbate this problem. To effectively manage security risks, network engineering and operations leaders must always have current and accurate information on the trustworthiness of users, applications, and network assets. As a result, internal firewalls and other access control mechanisms that manage internal traffic flows between network segments must constantly identify, verify, and monitor users, devices, and applications. If trust assessments are out of date, segmentation technologies become useless at preventing threats from moving laterally across the network.Some organizations have responded to these dangers by employing a zero-trust network access (ZTNA) strategy, which controls access to applications to verify users and devices before every application session. Zero-trust network access confirms that they meet the organization’s policy to access that application, grants access to specific applications per user, and then monitors those connections to detect threats and maintain compliance.Security Requires End-to-End Visibility. Without It, Security Controls Mean LittleMost traditional approaches to segmentation assume that all necessary network security components are in place and readyto execute whatever access control policies the IT team defines. Unfortunately, this is usually an unsafe assumption.First and foremost, the rising volume of encrypted web traffic has reached 94%.3 While this is great news for organizations looking to provide secure, encrypted access to applications, it also allows bad actors to hide their activities in secure channels. Making things worse, many network teams intentionally turn off SSL/transport layer (including TLS 1.3) inspection in their next-generation firewalls (NGFWs) to optimize network performance because they fear the impact on performance. The inability of nearly all legacy firewalls to inspect encrypted traffic at digital speeds means that criminals can find their way in and out of an enterprise network undetected to launch ransomware attacks and exfiltrate data.Second, due to budgetary constraints or because deployment and management require too many resources, many network engineering and operations teams hesitate to deploy advanced network security and other solutions everywhere they are needed—within the enterprise, in every cloud, and on every endpoint and IoT device. And the ones they do deploy tend to operate in isolation. Unfortunately, point security solutions cannot easily share threat intelligence on known, emerging, orzero-day threats or easily participate in a coordinated response.Acting promptly is essential to disrupting an attack sequence, as outlined by MITRE.4 However, the overall effectiveness of security components is severely compromised when they are not tightly integrated. For example, when an isolated firewall detects a suspicious packet, it may take hours (or longer) for the information to be seen by a security administrator and disseminated to the rest of the network.Third, organizations cannot respond effectively to mitigate the impact of breaches without dealing with malicious websites, known malware, and unknown attacks. This requires integrating extended detection and response (XDR), an intrusion prevention system (IPS), and sandboxing technologies to automatically quarantine and test suspicious packets. Conversely, the lack of integration between security elements and between security and the network makes orchestration and automation across hybrid networks impossible. And the subsequent reliance on manual operations invariably leads to breaches, as they are far too slow and error-prone.Segmentation with Network and Security Convergence Becomes IneffectiveWhat’s required is an integrated, coordinated approach to security. A fully integrated and unified security solution is the only way to ensure consistent, adaptable threat detection and response across today’s segmented hybrid IT architectures. That’s where the hybrid mesh firewall (HMF) approach comes into play. A hybrid mesh firewall secures the convergence of on-premises and cloud-native domains with consistent policy enforcement and unified management. This unified security platform approach provides coordinated protection across every area of enterprise IT, including corporate sites, branches, campuses, data centers, public and private clouds, and remote workers. It’s even better when unified management and analytics span the entire secure networking framework. This single-pane-of-glass strategy results in complete visibility and protection against security threats. The hybrid mesh firewall approach simplifies operations, ensures compliance, and reduces complexity with automation to increase operational efficiency, whether you have all on-premises firewalls, all cloud firewalls, or a hybrid mix of both. Seeing Is UnderstandingWithout centralized management, orchestration, and control, network engineering and operations leaders who believe their segmented network is well-protected are likely working under a false sense of security. But without real-time data, it is impossible to know. And the best way to determine whether the security strategy being used to protect a dynamic, hybrid network is effective is to run ongoing end-to-end security assessments. However, without the end-to-end visibility providedby a fully integrated security platform—a security fabric able to touch and adapt to every edge of the network—a reliable assessment is impossible, preventing IT leaders from accurately reporting on and optimizing their company’s security posture.It is up to network engineering and operations leaders to ensure that the access control policies applied to internal network segments can withstand today’s perpetually expanding and fragmenting attack surfaces. Addressing this challenge starts by converging network and security into the hybrid network architecture. Only with careful attention to segmentation design cana company be confident in its ability to thwart attackers looking to sow destruction by moving laterally across the network.1 “We analysed 90,000+ software vulnerabilities: Here’s what we learned,” The Stack, January 9, 2022.2 “The 2023 Global Ransomware Report,“ Fortinet, April 2023.3 “HTTPS encryption on the web,“ Google, accessed May 17, 2022.4ATT&CK Matrix for Enterprise,“ MITRE ATT&CK, accessed January 31, 2022. Copyright © 2023 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.。

工业互联网安全技术标准白皮书工业互联网的快速发展为企业带来了巨大的机遇，但也伴随着安全风险的增加。

为了确保工业互联网系统的安全和稳定运行，制定一套科学且全面的安全技术标准是至关重要的。

本白皮书将从以下几个方面探讨工业互联网安全技术标准的制定和应用，以保障工业互联网系统的安全性。

一、工业互联网安全概述工业互联网安全是指在工业互联网环境下，通过采取适当的安全措施，确保系统和数据不受非法侵入、破坏或泄露的威胁。

由于工业互联网系统的复杂性和特殊性，其安全需求与一般互联网系统存在差异，因此需要制定相应的专业标准。

二、工业互联网安全技术标准的必要性1. 保障网络安全和企业利益：工业互联网的安全问题不仅涉及企业自身的利益，还关系到国家的信息安全和经济发展。

制定专业的安全技术标准可以提高网络安全的水平，保护企业利益和国家安全。

2. 统一安全技术标准：工业互联网系统的复杂性和多样性，要求制定统一的安全技术标准，以便企业在网络建设和运维过程中遵循相同的规范，实现互操作性和一致性。

3. 提升系统安全性：通过制定有效的安全技术标准，可以建立完善的安全防护体系，提升工业互联网系统的安全性，减少网络攻击和数据泄露的风险。

三、工业互联网安全技术标准的内容工业互联网安全技术标准应包括以下方面的内容：1. 身份认证与访问控制：确保系统只允许合法用户访问，并采取合适的访问控制策略，防止未授权的访问和信息泄露。

2. 传输加密与数据保护：通过使用加密技术对数据进行保护，保证数据在传输过程中不被窃取或篡改。

3. 安全接入控制：建立安全的远程接入机制，限制对工业互联网系统的远程访问，并监控接入行为，及时发现异常并采取相应的安全措施。

4. 网络监测与事件响应：建立实时监测系统，对网络流量、异常行为进行监控，及时发现和应对网络攻击和安全事件。

5. 固件和软件安全：制定合理的软硬件安全管理规范，确保系统固件和软件的可信性和安全性。

6. 安全培训与教育：加强员工的安全意识培养，提高其对工业互联网安全的重视程度和应对能力。

版权声明1一、系统背景客户端桌面安全管理技术的兴起是伴随着网络管理事务密集度的增加，作为网络管理技术的边缘产物而衍生的，它同传统安全防御体系的缺陷相关联，是传统网络安全防范体系的补充，也是未来网络安全防范体系重要的组成部分。

因此，客户端桌面安全管理技术无论在现在还是未来都应当归入基础体系网络安全产品之列。

自2003年来，以SQL 蠕虫、“冲击波”、“震荡波”等病毒的连续性爆发为起点，到计算机文件泄密、硬件资产丢失、服务器系统瘫痪等诸多客户端安全事件在各地网络中频繁发生，让政府机关和企业单位的网络管理人员头痛不已。

总结起来，政府机关和企业单位的内部网络管理大致面临着以下一些常见问题：⏹ 如何发现客户端设备的系统漏洞并自动分发补丁。

⏹ 如何防范移动电脑和存储设备随意接入内网。

⏹ 如何防范内网设备非法外联。

⏹ 如何管理客户端资产，保障网络设备正常运行。

⏹ 如何在全网制订统一的安全策略。

⏹ 如何及时发现网络中占用带宽最大的客户端。

⏹ 如何点对点控制异常客户端的运行。

⏹ 如何防范内部涉密重要信息的泄露。

⏹ 如何对原有客户端应用软件进行统一监控、管理。

⏹ 如何快速有效的定位网络中病毒、蠕虫、黑客的引入点，及时、准确的切断安全事件发生点和网络。

⏹ 如何构架功能强大的统一网络安全报警处置平台，进行安全事件响应和事件查询，全面管理网络资源。

这些常见的客户端安全威胁随时随地都可能影响着用户网络的正常运行。

在这些问题中，操作系统漏洞管理问题越来越突显，消除漏洞的根本办法就是安装软件补丁，每一次大规模蠕虫病毒的爆发，都提醒人们要居安思危，打好补丁，做好防范工作——补丁越来越成为安全管理的一个重要环节。

黑客技术2的不断变化和发展，留给管理员的时间将会越来越少，在最短的时间内安装补丁将会极大地保护网络和其所承载的机密，同时也可以使更少的用户免受蠕虫的侵袭。

对于机器众多的用户，繁杂的手工补丁安装已经远远不能适应大规模网络的管理，必须依靠新的技术手段来实现对操作系统的补丁自动修补。

网络安全技术白皮书范本技术白皮书目录第一部分公司简介6第二部分网络安全的背景6第一章网络安全的定义6第二章产生网络安全问题的几个方面72．1 信息安全特性概述72. 2 信息网络安全技术的发展滞后于信息网络技术。

72．3TCP/IP协议未考虑安全性72．4操作系统本身的安全性82．5未能对来自Internet的邮件夹带的病毒及Web浏览可能存在的恶意Java/ActiveX控件进行有效控制82．6忽略了来自内部网用户的安全威胁82．7缺乏有效的手段监视、评估网络系统的安全性82．8使用者缺乏安全意识，许多应用服务系统在访问控制及安全通信方面考虑较少，并且，如果系统设置错误，很容易造成损失8第三章网络与信息安全防范体系模型以及对安全的应对措施83．1信息与网络系统的安全管理模型93.2 网络与信息安全防范体系设计93.2.1 网络与信息安全防范体系模型93.2.1.1 安全管理93.2.1.2 预警93.2.1.3 攻击防范93.2.1.4 攻击检测103.2.1.5 应急响应103.2.1.6 恢复103.2.2 网络与信息安全防范体系模型流程103.2.3 网络与信息安全防范体系模型各子部分介绍 113.2.3.1 安全服务器113.2.3.2 预警123.2.3.3 网络防火墙123.2.3.4 系统漏洞检测与安全评估软件133.2.3.5 病毒防范133.2.3.6 VPN 132.3.7 PKI 143.2.3.8 入侵检测143.2.3.9 日志取证系统143.2.3.10 应急响应与事故恢复143.2.4 各子部分之间的关系及接口15第三部分相关网络安全产品和功能16第一章防火墙161.1防火墙的概念及作用161.2防火墙的任务171.3防火墙术语181.4用户在选购防火墙的会注意的问题：21 1.5防火墙的一些参数指标231.6防火墙功能指标详解231.7防火墙的局限性281.8防火墙技术发展方向28第二章防病毒软件332．1病毒是什么332．2病毒的特征342．3病毒术语352．4病毒的发展的趋势372．5病毒入侵渠道382．6防病毒软件的重要指标402．7防病毒软件的选购41第三章入侵检测系统（IDS）423.1入侵检测含义423.2入侵检测的处理步骤433.3入侵检测功能463.4入侵检测系统分类 483.5入侵检测系统技术发展经历了四个阶段 483.6入侵检测系统的缺点和发展方向 49第四章VPN（虚拟专用网）系统494.1 VPN基本概念494.2 VPN产生的背景494.3 VPN的优点和缺点50第五章安全审计系统505.1、安全审计的概念505.2：安全审计的重要性505.3、审计系统的功能特点50第六章漏洞扫描系统516.1网络漏洞扫描评估系统的作用516.2 网络漏洞扫描系统选购的注意事项：1、是否通过国家的各种认证目前国家对安全产品进行认证工作的权威部门包括公安部信息安全产品测评中心、国家信息安全产品测评中心、解放军安全产品测评中心、国家保密局测评认证中心。

随着信息技术的飞速发展，信息安全已经成为国家、企业和个人面临的重要挑战。

为了提高我国信息安全防护能力，确保信息系统稳定运行，保障国家安全、社会稳定和人民利益，特制定本信息安全应急预案白皮书。

本白皮书旨在明确信息安全应急响应的组织架构、职责分工、响应流程、应急措施等，为信息安全事件的处理提供指导。

二、应急预案概述1. 目的（1）保障国家信息安全，维护国家安全和社会稳定；（2）降低信息安全事件对企业和个人的损失；（3）提高信息安全应急响应能力，提升信息安全防护水平。

2. 适用范围本预案适用于我国境内各类信息系统，包括但不限于政府机关、企事业单位、社会组织等。

3. 预案等级根据信息安全事件的严重程度，将预案分为四个等级：一般级、较大级、重大级、特别重大级。

三、组织架构与职责分工1. 组织架构（1）应急指挥部：负责统一指挥、协调、调度信息安全事件应急响应工作；（2）应急小组：负责具体实施信息安全事件应急响应措施；（3）技术支持小组：负责提供信息安全事件应急响应所需的技术支持；（4）宣传报道小组：负责信息安全事件应急响应过程中的信息发布和舆论引导。

2. 职责分工（1）应急指挥部①制定信息安全事件应急响应预案；②组织、协调、调度应急响应工作；③对应急响应过程进行监督、检查、评估。

（2）应急小组负责：①对信息安全事件进行初步判断，确定事件等级；②制定信息安全事件应急响应方案；③组织实施信息安全事件应急响应措施；④向应急指挥部报告事件处理情况。

（3）技术支持小组负责：①为应急响应提供技术支持；②协助应急小组分析事件原因，提出解决方案；③协助应急小组修复信息系统。

（4）宣传报道小组负责：①及时、准确地发布信息安全事件应急响应信息；②对舆论进行引导，维护社会稳定。

四、响应流程1. 信息收集（1）应急小组通过监测、报警、投诉等渠道收集信息安全事件信息；（2）应急指挥部对收集到的信息进行初步判断，确定事件等级。

2. 事件评估（1）应急小组对事件进行详细分析，确定事件原因、影响范围、危害程度等；（2）应急指挥部根据事件评估结果，决定是否启动应急预案。

白皮书将分析复杂性是如何成为新安全挑战，怎样才能获得最佳的处理结果。

With Kaspersky, now you can.是IT 安全最大的敌人？概要2.0商业驱动：挑战缘何而起？对于 IT 安全新方法的需要来自于企业中 IT 团队的改变。

这其中有来自技术需求的原因，但究其根本，都是为了节约成本、提供更高的灵活性并提高生产力。

2.1 技术技术对商业前所未有的驱动作用，促使我们赖以高效工作的系统和平台如雨后春笋般出现。

大小规模企业都相继迅速地在各种专业化领域采用技术。

协作工具因其能帮助快速决策和缩减传输时间及成本而大放异彩，移动设备也开始广泛应用在企业中。

但同时，这也意味着更多数据的生成。

“终端”时代的到来为网络犯罪打开了一道方便之门。

2.2 准备不足，资源不足？IT 团队担负起了管理这些数据的重任，这使得 IT 的任务变得更加繁重和复杂，但 IT 团队的资源通常并未增加甚至更少了。

IT 管理员扮演着多重角色。

他们需要处理复杂任务，还需要快速学习新的技术；重置服务器是他们的工作，调整防火墙规则设置和访问控制列表也是他们的工作；他们负责管理移动设备配置，他们还负责解决边缘路由器上的网络地址转换冲突。

这些看起来都是普通的日常工作，但若考虑到它们还是几年前未存在的新兴技术和需求，便会意识到这些都是巨大的挑战。

2.3 转变工作模式企业员工如今已习惯于使用简单易用且功能全面的技术。

当今时代中协作工具、程序和设备变得唾手可得，企业环境中也开始广泛使用它们。

员工已习惯于通过他们的掌上设备随时随地获取网络服务和所需程序、信息及资源，而不必借助 IT 支持，更重要的是无需 IT 授权他们做什么及怎样做。

这是对企业灵活性的巨大考验，同时也会产生“消费”技术的副作用，无法满足传统企业 IT 期望。

3.0可以用两个词概括过去几年中网络安全风险的转变：数量和复杂性。

卡巴斯基 2012 全球 IT 风险调查显示 91% 的公司在此前一年经历过至少一次攻击。