Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I.

Slides:



Advertisements
Similar presentations
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Advertisements

Principles of Information Security, Fourth Edition
An Introduction to Information Systems in Organizations
Learning Objectives Upon completion of this material, you should be able to:
Introduction to Information Security Chapter 1
Introduction to Software Architecture. What is Software Architecture?  It is the body of methods and techniques that help us to manage the complexities.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Introduction to Information Security
If this is the information superhighway, it’s
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Risk Management Vs Risk avoidance William Gillette.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Learning Objectives Upon completion of this material, you should be able to:
Principles of Information Security, 2nd Edition1 Introduction.
Information Security Lecture for week 5 October 19, 2014 Abhinav Dahal
INFORMATION SECURITY MANAGEMENT
SEC835 Database and Web application security Information Security Architecture.
Fundamentals of Information Systems, Second Edition 1 Information Systems in Organizations.
1 Introduction to Information Security. 2 Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development.
Information Security. What is Information Security? A. The quality of being secure B. To protect the confidentiality, integrity, and availability of information.
ETHICS & Information Security Issues
About the Presentations The presentations cover the objectives found in the opening of each chapter. All chapter objectives are listed in the beginning.
Security Architecture
Introduction To Internet
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Management of Information Security Chapter 1: Introduction to the Management of Information Security If this is the information superhighway, it’s going.
Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Information Security What is Information Security?
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
How would you define a computer? Computers are... Electronic devices that receives (input), processes & stores data & produces a result (output).
Enterprise Cybersecurity Strategy
INFORMATION SECURITY MANAGEMENT I NTRODUCTION TO THE M GT OF I NFORMATION S ECURITY.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
INFORMATION SECURITY MANAGEMENT MIS534. Course Outline – Topics Covered  Planning for Security and Contingencies  Information Security Policy  Developing.
Principles of information security
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Risk Identification and Risk Assessment
Describe the potential of IT to improve internal and external communications By Jim Green.
I NTRODUCTION TO C OMPUTER S ECURITY Dr. Shahriar Bijani Shahed University.
Introduction to Information Security Chapter 1 Do not figure on opponents not attacking; worry about your own lack of preparation. -- Book of the Five.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Fundamentals of Information Systems, Sixth Edition Chapter 1 Part A An Introduction to Information Systems in Organizations.
MANAGEMENT of INFORMATION SECURITY Second Edition.
MANAGEMENT of INFORMATION SECURITY Third Edition C HAPTER 1 I NTRODUCTION TO THE M ANAGEMENT OF I NFORMATION S ECURITY If this is the information superhighway,
Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part II.
Principles of Information Security, Fourth Edition Risk Management Ch4 Part I.
INFORMATION SECURITY MANAGEMENT MIS534. Course Outline – Topics Covered  Planning for Security and Contingencies  Information Security Policy  Developing.
Slide 1 MANAGEMENT OF INFORMATION SECURITY  “ If this is the information superhighway, it is going through a bad, bad neighborhoods” Dorian Berger, 1997.
INFORMATION SECURITY MANAGEMENT
Learning Objectives Upon completion of this material, you should be able to:
CS457 Introduction to Information Security Systems
About the Presentations
TOPIC 1 INTRODUCTION TO INFORMATION SECURITY
Topic 1: Introduction to Information Security.
Introduction to Information Security
Security Engineering.
Principles of Information Security, Fourth Edition
About the Presentations
About the Presentations
Introduction Principles of Information Security, 2nd Edition
Introduction Principles of Information Security, 2nd Edition
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I

Learning Objectives –What is information security –History of computer security and how it evolved into information security –Concepts of information security –Phases of the security systems development life cycle –Information security roles of professionals within an organization 2Principles of Information Security, Fourth Edition

What Is Information Security? Information security: is the protection of information assets that use, store, or transmit information from risk through the application of policy, education, and technology. Principles of Information Security, Fourth Edition3

The History of Information Security 4 Computational computers to crack the codes sent between the enemies World War II Mod Pack

5 Figure 1-1 – The Enigma Principles of Information Security, Fourth Edition Figure 1-1 The Enigma Source: Courtesy of National Security Agency

The 1960s Advanced Research Project Agency (ARPA) began to examine feasibility of redundant networked communications Larry Roberts developed ARPANET from its inception 6Principles of Information Security, Fourth Edition

The 1970s and 80s ARPANET grew in popularity as did its potential for misuse Fundamental problems with ARPANET security were identified –No safety procedures for dial-up connections to ARPANET –Nonexistent user identification and authorization to system Late 1970s: microprocessor expanded computing capabilities and security threats 7Principles of Information Security, Fourth Edition

MULTICS Early focus of computer security research was a system called Multiplexed Information and Computing Service (MULTICS)‏ First operating system created with security as its primary goal Mainframe, time-sharing OS developed in mid- 1960s by General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT)‏ Several MULTICS key players created UNIX Primary purpose of UNIX was text processing Principles of Information Security, Fourth Edition8

9 Table 1-1 Key Dates for Seminal Works in Early Computer Security

The 1990s Networks of computers became more common; so too did the need to interconnect networks Internet became first manifestation of a global network of networks Initially based on de facto standards In early Internet deployments, security was treated as a low priority Principles of Information Security, Fourth Edition10

2000 to Present The Internet brings millions of computer networks into communication with each other—many of them unsecured Ability to secure a computer’s data influenced by the security of every computer to which it is connected Growing threat of cyber attacks has increased the need for improved security 11Principles of Information Security, Fourth Edition

What is Security? “The quality or state of being secure—to be free from danger” A successful organization should have multiple layers of security in place: –Physical security –Personal security –Operations security –Communications security –Network security –Information security 12Principles of Information Security, Fourth Edition

What is Security? (cont’d.)‏ The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Necessary tools: policy, awareness, training, education, technology C.I.A. triangle –Was standard based on confidentiality, integrity, and availability –Now expanded into list of critical characteristics of information Principles of Information Security, Fourth Edition13

14Principles of Information Security, Fourth Edition Figure 1-3 Components of Information Security

Principles of Information Security, Fourth Edition15 Figure 1-4 Information Security Terms

16 Figure 1-5 – Subject and Object of Attack Principles of Information Security, Fourth Edition Figure 1-5 Computer as the Subject and Object of an Attack

Critical Characteristics of Information The value of information comes from the characteristics it possesses: –Availability –Accuracy –Authenticity –Confidentiality –Integrity –Utility –Possession Principles of Information Security, Fourth Edition17

CNSS Security Model Principles of Information Security, Fourth Edition18 Figure 1-6 The McCumber Cube

Components of an Information System Information system (IS) is entire set of components necessary to use information as a resource in the organization –Software –Hardware –Data –People –Procedures –Networks Principles of Information Security, Fourth Edition19

Balancing Information Security and Access Impossible to obtain perfect security—it is a process, not an absolute Security should be considered balance between protection and availability To achieve balance, level of security must allow reasonable access, yet protect against threats Principles of Information Security, Fourth Edition20

21 Figure 1-6 – Balancing Security and Access Principles of Information Security, Fourth Edition Figure 1-8 Balancing Information Security and Access

, Skype, Phone, or Face to Face Questions? Principals of Information Security, Fourth Edition22

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.