Presentation is loading. Please wait.

Presentation is loading. Please wait.

Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I.

Published byMyles Horn Modified over 8 years ago

Similar presentations

Presentation on theme: "Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I."— Presentation transcript:

1 Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I

2 Learning Objectives –What is information security –History of computer security and how it evolved into information security –Concepts of information security –Phases of the security systems development life cycle –Information security roles of professionals within an organization 2Principles of Information Security, Fourth Edition

3 What Is Information Security? Information security: is the protection of information assets that use, store, or transmit information from risk through the application of policy, education, and technology. Principles of Information Security, Fourth Edition3

4 The History of Information Security 4 Computational computers to crack the codes sent between the enemies World War II Mod Pack

5 5 Figure 1-1 – The Enigma Principles of Information Security, Fourth Edition Figure 1-1 The Enigma Source: Courtesy of National Security Agency

6 The 1960s Advanced Research Project Agency (ARPA) began to examine feasibility of redundant networked communications Larry Roberts developed ARPANET from its inception 6Principles of Information Security, Fourth Edition

7 The 1970s and 80s ARPANET grew in popularity as did its potential for misuse Fundamental problems with ARPANET security were identified –No safety procedures for dial-up connections to ARPANET –Nonexistent user identification and authorization to system Late 1970s: microprocessor expanded computing capabilities and security threats 7Principles of Information Security, Fourth Edition

8 MULTICS Early focus of computer security research was a system called Multiplexed Information and Computing Service (MULTICS)‏ First operating system created with security as its primary goal Mainframe, time-sharing OS developed in mid- 1960s by General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT)‏ Several MULTICS key players created UNIX Primary purpose of UNIX was text processing Principles of Information Security, Fourth Edition8

9 9 Table 1-1 Key Dates for Seminal Works in Early Computer Security

10 The 1990s Networks of computers became more common; so too did the need to interconnect networks Internet became first manifestation of a global network of networks Initially based on de facto standards In early Internet deployments, security was treated as a low priority Principles of Information Security, Fourth Edition10

11 2000 to Present The Internet brings millions of computer networks into communication with each other—many of them unsecured Ability to secure a computer’s data influenced by the security of every computer to which it is connected Growing threat of cyber attacks has increased the need for improved security 11Principles of Information Security, Fourth Edition

12 What is Security? “The quality or state of being secure—to be free from danger” A successful organization should have multiple layers of security in place: –Physical security –Personal security –Operations security –Communications security –Network security –Information security 12Principles of Information Security, Fourth Edition

13 What is Security? (cont’d.)‏ The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Necessary tools: policy, awareness, training, education, technology C.I.A. triangle –Was standard based on confidentiality, integrity, and availability –Now expanded into list of critical characteristics of information Principles of Information Security, Fourth Edition13

14 14Principles of Information Security, Fourth Edition Figure 1-3 Components of Information Security

15 Principles of Information Security, Fourth Edition15 Figure 1-4 Information Security Terms

16 16 Figure 1-5 – Subject and Object of Attack Principles of Information Security, Fourth Edition Figure 1-5 Computer as the Subject and Object of an Attack

17 Critical Characteristics of Information The value of information comes from the characteristics it possesses: –Availability –Accuracy –Authenticity –Confidentiality –Integrity –Utility –Possession Principles of Information Security, Fourth Edition17

18 CNSS Security Model Principles of Information Security, Fourth Edition18 Figure 1-6 The McCumber Cube

19 Components of an Information System Information system (IS) is entire set of components necessary to use information as a resource in the organization –Software –Hardware –Data –People –Procedures –Networks Principles of Information Security, Fourth Edition19

20 Balancing Information Security and Access Impossible to obtain perfect security—it is a process, not an absolute Security should be considered balance between protection and availability To achieve balance, level of security must allow reasonable access, yet protect against threats Principles of Information Security, Fourth Edition20

21 21 Figure 1-6 – Balancing Security and Access Principles of Information Security, Fourth Edition Figure 1-8 Balancing Information Security and Access

22 Email, Skype, Phone, or Face to Face Questions? Principals of Information Security, Fourth Edition22

Download ppt "Principles of Information Security, Fourth Edition Chapter 1 Introduction to Information Security Part I."

Similar presentations

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
Principles of Information Security, Fourth Edition

Principles of Information Security, Fourth Edition
An Introduction to Information Systems in Organizations

An Introduction to Information Systems in Organizations
Learning Objectives Upon completion of this material, you should be able to:

Learning Objectives Upon completion of this material, you should be able to:
Introduction to Information Security Chapter 1

Introduction to Information Security Chapter 1
Introduction to Software Architecture. What is Software Architecture?  It is the body of methods and techniques that help us to manage the complexities.

Introduction to Software Architecture. What is Software Architecture?  It is the body of methods and techniques that help us to manage the complexities.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Introduction to Information Security

Introduction to Information Security
If this is the information superhighway, it’s

If this is the information superhighway, it’s
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.

Comptroller of the Currency Administrator of National Banks E- Security Risk Mitigation: A Supervisor’s Perspective Global Dialogue World Bank Group September.
Learning Objectives Upon completion of this material, you should be able to:

Learning Objectives Upon completion of this material, you should be able to:
Principles of Information Security, 2nd Edition1 Introduction.

Principles of Information Security, 2nd Edition1 Introduction.
Information Security Lecture for week 5 October 19, 2014 Abhinav Dahal

Information Security Lecture for week 5 October 19, 2014 Abhinav Dahal
INFORMATION SECURITY MANAGEMENT

INFORMATION SECURITY MANAGEMENT
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Fundamentals of Information Systems, Second Edition 1 Information Systems in Organizations.

Fundamentals of Information Systems, Second Edition 1 Information Systems in Organizations.
1 Introduction to Information Security. 2 Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development.

1 Introduction to Information Security. 2 Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development.

Similar presentations

Ads by Google