It never rains but it pours. Just as bosses and boards have finally sorted out their worst accounting and compliance troubles, and improved their feeble corporation governance, a new problem threatens to earn them – especially in America – the sort of nasty headlines that inevitably lead to heads rolling in the executive suite: data insecurity. Left, until now, to odd, low-level IT staff to put right, and seen as a concern only of data-rich industries such as banking, telecoms and air travel, information protection is now high on the boss’s agenda in businesses of every variety.

Several massive leakages of customer and employee data this year – from organizations as diverse as Time Warner, the American defense contractor Science Applications International Corp and even the University of California, Berkeley – have left managers hurriedly peering into their intricate IT systems and business processes in search of potential vulnerabilities.

“Data is becoming an asset which needs to be guarded as much as any other assets, says Haim Mendelson of Stanford University’s business school. “The ability to guard customer data is the key to market value, which the board is responsible for on behalf of shareholders.” Indeed, just as there is the concept of Generally Accepted Accounting Principles （GAAP）, perhaps it is time for GASP, Generally Accepted Security Practices, suggested Eli Noam of New York’s Columbia Business School. “Setting the proper investment level for security, redundancy, and recovery is a management issue, not a technical one,” he says.

The mystery is that this should come as a surprise to any boss. Surely it should be obvious to the dimmest executive that trust, that most valuable of economic assets, is easily destroyed and hugely expensive to restore – and that few things are more likely to destroy trust than a company letting sensitive personal data get into the wrong hands.

The current state of affaires may have been encouraged – though not justified – by the lack of legal penalty （in America, but not Europe）for data leakage. Until California recently passed a law, American firms did not have to tell anyone, even the victim, when data went astray. That may change fast: lots of proposed data-security legislation is now doing the rounds in Washington, D.C. Meanwhile, the theft of information about some 40 million credit-card accounts in America, disclosed on June 17th, overshadowed a hugely important decision a day earlier by America’s Federal Trade Commission （FTC）that puts corporate America on notice that regulators will act if firms fail to provide adequate data security.

16. The statement “It never rains but it pours” is used to introduce

[A] the fierce business competition.[B] the feeble boss-board relations.

[C] the threat from news reports.[D] the severity of data leakage.

17. According to Paragraph 2, some organizations check their systems to find out

[A] whether there is any weak point.[B] what sort of data has been stolen.

[C] who is responsible for the leakage.[D] how the potential spies can be located.

18. In bringing up the concept of GASP the author is making the point that

[A] shareholders’ interests should be properly attended to.

[B] information protection should be given due attention.

[C] businesses should enhance their level of accounting security.

[D] the market value of customer data should be emphasized.

19. According to Paragraph 4, what puzzles the author is that some bosses fail to

[A] see the link between trust and data protection.[B] perceive the sensitive of personal data.

[C] realize the high cost of data restoration. [D] appreciate the economic value of trust.

20. It can be inferred from Paragraph 5 that

[A] data leakage is more severe in Europe.

[B] FTC’s decision is essential to data security.

[C] California takes the lead in security legislation.

[D] legal penalty is a major solution to data leakage.

Unit 14（2007） Part 4

试题解析：

16. 【正确答案】【D】

【解析】结构题，题干中的“is used to introduce”表明本题是结构题。本题考查考生对文章第一段内容的理解。题干中的信号句出自文章第一段第一句话中。文章第一段首先提到，这里从不下雨，但却下倾盆大雨，随后引出了人们面临的一个新问题——信息的不安全性，接着具体介绍了这个问题。这说明，这个句子被用来介绍信息不安全的问题。D为正确选项。A、B和C都是误解了作者的意图。

17. 【正确答案】【A】

【解析】细节题，题干中的“According to Paragraph 2”表明本题是事实细节题。本题考查考生对文章第二段内容的理解。题干中的信号词是“some organizations”，出自文章第二段中。文章第二段指出，好几次消费者和员工信息的重大泄密事件使得管理人员匆忙检查其复杂的信息系统和商业程序，以便寻找可能的弱点，接着介绍了发生泄密事件的机构。这说明，这些机构检查系统的目的是为了查明系统是否有弱点。A为正确选项。B和C与文意不符；D属于无中生有。

18. 【正确答案】【B】

【解析】细节题，题干中的“the author is making the point”表明本题是观点细节题。本题考查考生对文章第三段内容的理解。题干中的信号词是“GASP”，出自文章第三段第三句话中。文章第三段首先提到，保护消费者信息的能力是市场价值的关键因素，这是董事会应该为了股东的利益而承担的责任，接着指出，正如存在公认的会计原则观念一样，现在可能是采取公认的安全措施的时候了。这说明，作者认为，现在应该采取措施保护消费者的信息。B为正确选项。A和D不准确；C属于无中生有。

19. 【正确答案】【A】

【解析】细节题，题干中的“According to Paragraph 4”表明本题是事实细节题。本题考查考生对文章第四段内容的理解。文章第四段指出，对于所有老板来说，这可能是一个意外，对于最怀疑的管理人员来说，诚信被轻易破坏，而要恢复诚信却代价高昂，此外，很少有什么比一个公司听任敏感的个人信息落入不妥当人之手更可能破坏诚信的了。这说明，作者感到迷惑的是，这些老板宁可让敏感的个人信息落入不妥当人之手，也要保护诚信，说明他们不了解诚信与信息保护之间的关系。A为正确选项。D与文意相反；B和C明显与文意不符。

20. 【正确答案】【D】

【解析】推论题，题干中的“can be inferred”表明本题是推论题。本题考查考生对文章第五段内容的理解。文章前面的段落介绍了信息泄露问题，第五段指出，这类事情的现状可能受到缺乏有关信息泄露的法律处罚的激励，而这种情况可能迅速改变，随后提到了可能实施的相关法律。由此可知，法律手段可能是解决信息泄露问题的关键。D为正确选项。A和C属于无中生有；B与该段最后一句话的意思不符。

全文翻译：

不雨则已，一雨倾盆。就在老板和董事会最终挑选出其最严重的清算帐目和顺从问题、改善其无效的公司管理之际，一个新问题预示着有为他们——尤其是在美国——赢得那种令人不愉快的头条新闻的危险，这些头条新闻不可避免地给这些带来管理方面的附属品——信息的不安全性。迄今为止，信息保护工作一直被留给临时的、低层次的信息技术人员承担，并且只被看成是信息资源丰富产业所关切的一个问题，比如银行业、电信业以及航空旅行产业，如今，信息保护成为各类商业老板的议事日程中需要优先考虑的问题。

今年，好几次消费者和员工信息的重大泄密事件使得管理人员匆忙检查其复杂的信息系统和商业程序，以便寻找可能的弱点——这些泄密事件发生在像时代华纳、美国国防部承包人科学应用国际公司以及加州大学伯克利分校这样的不同机构。

“信息正在成为一种需要像保护其他财产一样而保护的财产，”斯坦福大学商学院的海姆?门德尔森说。“保护消费者信息的能力是市场价值的关键因素，这是董事会应该为了股东的利益而承担的责任”。纽约哥伦比亚商学院的埃尼?诺姆暗示，实际上，正如存在公认的会计原则观念一样，现在可能是采取公认的安全措施的时候了。“为安全、备份以及恢复确定适当的投资标准是一个管理问题，不是技术问题，”他说。

其神秘在于，对于所有老板来说，这可能是一个意外。当然，对于最怀疑的管理人员来说，显而易见的应该是，诚信（最珍贵的经济财产）被轻易破坏，而要恢复诚信却代价高昂，此外，很少有什么比一个公司听任敏感的个人信息落入不妥当人之手更可能破坏诚信的了。

这类事情的现状可能受到缺乏有关信息泄露的法律处罚（在美国，不是在欧洲）的激励，尽管没有证据证明泄露为合法。直到加利福尼亚最近通过了一项法律，美国的公司才不必告知任何人信息何时泄露的，甚至包括受害者的信息。这种情况可能迅速改变：如今，许多被提议的信息保护立法正在华盛顿特区讨论。同时，6月17日有关偷窃大约4000万信用卡账户信息这种事件的披露使得一天前美国商务委员会的一个重要决定黯然失色，该决定提请全美国注意，如果公司没有提供适当的信息安全保护措施，那么管理人员就会采取行动。