Last week 8,400 British students about to enter university received an e-mail from the Student Loans Company (SLC), a government

admin2013-06-26  47

问题     Last week 8,400 British students about to enter university received an e-mail from the Student Loans Company (SLC), a government body, reminding them to complete their application forms. It came with an attachment that listed all 8,400 e-mail addresses. The outfit later issued a sheepish apology and promised an "internal investigation". At best, such data breaches make a small dent in a firm’s reputation and the whole thing blows over, as it did SLC’s case; at worst, though, companies lose the trust of their customers and also have to pay large fines. Sony, an ailing Japanese electronics giant, may never quite recover from breach last year, when hackers stole the personal details of over 100m customers.
    The explosion of data in recent years was always going to make data breaches more common, as two recent reports make clear. The first is an annual publication commissioned by Symantec, a maker of security software, and carried out by the Ponemon Institute, a data-protection researcher, to look into the cost of data breaches in several countries. Now in its seventh year, the report had some good news for Americans. Calculating the costs of investigations, compensation, customer support and projected loss of revenue, it found that the average cost to a company per breached record declined for the first time since the numbers are tracked. The figure dropped from $214 in 2010 to $194 in 2011, suggesting that companies had become better both at preventing and responding to breaches.
    Europeans fared less well. The cost rose from £ 71 to £ 79 ($113 to $126) in Britain, from ¢98 to ¢122 ($ 130 to $ 162) in France and from € 138 to ¢ 146 in privacy-conscious Germany. In all four countries, around two-thirds of all breaches were the result of technical faults and malicious attacks. But the remaining third was down to negligence. They could, in other words, never have happened.
    The second study goes some way to explaining why they did. Iron Mountain, a data-management company, commissioned PricewaterhouseCoopers, a consultancy, to assess the risk of information loss faced by mid-size European companies based on their attitudes to managing data. The report looks at 600 businesses in six European countries across different sectors. It found that businesses tend to regard data protection issues as the responsibility of IT departments. More than half thought that technology can solve the problem. Only 1% of the businesses surveyed believed it concerned all employees—and thus required a change in behavior.
    Both reports conclude that is precisely what is needed. Symantec’s study found a correlation between having a senior executive in charge of information security and lower costs of data breaches. " It has to start at the top," says Marc Duale, Iron Mountain’s head. The best solution need not be the most expensive—employee-awareness programs and staff training can be more effective than pricey IT upgrades. Malicious attacks may be unavoidable but silly mistakes are unforgivable.
From the last paragraph, we know that the best way to improve data protection performance, companies should______.

选项 A、start a top-down information security training involving all employees
B、upgrade data processing software of IT department
C、equip senior executives with more knowledge about information protection
D、include data protection in the performance assessment of all employees

答案A

解析 文章最后一段具体指明了公司加强数据保护的方法,最好的方法不是升级信息软件,而是开展员工培训。“The best solution need not be the most expensive—employee-awareness programs and staff training can be more effective than pricey IT upgrades”。[A]正确,[B]错误。[C]是最后一段提到的内容,公司管理层对于信息安全的管理作用非常明显,但是基于题干里的best solution一词,[C]并非最佳答案。[D]属于过度引申,提升员工的信息安全意识,并不代表一定要在员工的考核中加入对数据保护方面的表现的考核。
转载请注明原文地址:https://jikaoti.com/ti/xYsRFFFM
0

最新回复(0)