Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.

Published byClaude Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your."— Presentation transcript:

1 An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your wildest, most paranoid nightmare This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 Distributed October 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu

2 Roadmap: Introduction Introduction  Purpose  Motivation  Audience  Goals and objectives  Context  Some key vocabulary, including some integrating concepts

3 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.eduPurpose  Provide an overview of the context of digital information security, including the key “soft” factors beyond the specific hardware and software technologies typically considered to be at the core of digital information security  Provide an introduction to the key concepts, vocabulary, and issues of digital information security technology itself

4 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.eduMotivation  There is more information that is sensitive to someone some time somehow than seems obvious  The consequences of undesired disclosure are growing ever more significant  It is more difficult to protect sensitive information than most people, even technically sophisticated ones, appreciate  More and more facets of modern life are being impacted by the necessity to protect sensitive information or mitigate the consequences of our inability to do so

5 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Intended Audience  Students in an introductory Information or Computer Security course looking for an overview of the context for the subject  Computer Science or Software Engineering students in specialized courses (e.g., operating systems, database management systems, networking, cryptography, or software engineering) needing the information security context within which to understand the contributions and limitations of the specialized discipline(s) they’re studying

6 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Goals  Understand the complexities involved in protecting information (in other words, be depressed ;-)  Understand the key concepts and vocabulary for discussing information security  Understand the key elements of information security  Understand both the potential contribution and the limitations of each key element  Understand the major inter-dependencies among the key elements  Go one layer deeper into part of the onion and provide a basic understanding of the key concepts and vocabulary within computer security itself

7 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives For students in an introductory course on information security:  Be able to describe the purpose of, and types of information necessary for, a security policy  Be able to define at least 6 of the possible dimensions of a security architecture  For each dimension, be able to state another dimension on which it is heavily depends and another on which it does not  Be able to define trusted software and describe why it is expensive  Be able to state the key limitation on software based cryptography as a security mechanism

8 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives (cont’d) For students in an operating systems course, all of the introductory objectives, plus:  Be able to define a trusted computing base  Be able to define the relationship between an operating system and a trusted computing base For students in a data base management systems course, all of the introductory objectives, plus:  Be able to define the terms: subject, object, access modes, and access right  Be able to identify at least three levels of granularity in the definition of possible objects in a data base management system  Be able to state why subjects and users are not interchangeable concepts  Be able to state the relationship between DBMS software and TCB software

9 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives (cont’d) For students in an introductory networking course, the introductory objectives plus:  Be able to define the relationship between COMPUSEC, COMSEC, cryptography and network security  Be able to state the key limitation on software based cryptography as a network protection mechanism For students in an introductory cryptography course, the introductory objectives plus:  Be able to state the key limitation on software based cryptography as an INFOSEC mechanism For students in a software engineering course, all of the introductory objectives plus:  Be able to define trusted software and level of assurance  Be able to describe the limitations of testing in providing high levels of assurance

10 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Context of Information Security INFOSEC Information Assurance Information Security Informally:  Information assurance is making sure that information is accessible to the right people when you want it to be and hasn’t been improperly accessed by the wrong people  Information security is about protecting information from unauthorized disclosure or modification but not specifically about assuring all aspects of its accessibility  INFOSEC is an abbreviation of Information Systems Security, the protection of information systems --- which correctly highlights the fact that electronic data systems are by no means the only places that information can be compromised

11 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu About this Project This presentation is part of a larger package of materials on security issues. For more information, go to: http://nsfsecurity.pr.erau.edu http://nsfsecurity.pr.erau.edu Other material available on this topic are:  Overview of the key concepts and vocabulary Overview  The Key Mechanisms of Information Security: their strengths, weaknesses and inter- dependencies The Key Mechanisms of Information Security The Key Mechanisms of Information Security  Exercises (html): Decision Maze, Crossword Puzzle, Security Scene Decision MazeCrossword PuzzleSecurity SceneDecision MazeCrossword PuzzleSecurity Scene  Quizzes (html): Multiple choice, Fill-in-the-blank Multiple choiceFill-in-the-blankMultiple choiceFill-in-the-blank Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements. http://nsfsecurity.pr.erau.edu/feedback.html

Download ppt "An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your."

Similar presentations

Operating System Security

Operating System Security
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.

Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Relationships Among the TCB, the OS, the Kernel, and the Security Kernel.

Relationships Among the TCB, the OS, the Kernel, and the Security Kernel.
Cyber Education Project Accreditation Committee November 2014.

Cyber Education Project Accreditation Committee November 2014.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
CSCI 3 Introduction to Computer Science. CSCI 3 Course Description: –An overview of the fundamentals of computer science. Topics covered include number.

CSCI 3 Introduction to Computer Science. CSCI 3 Course Description: –An overview of the fundamentals of computer science. Topics covered include number.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,

Software Engineering Lifecycle. ©2002. Jan G. Hogle, Susan L. Gerhart. Software Engineering Lifecycle Authors: Jan G. Hogle,
Applied Cryptography for Network Security

Applied Cryptography for Network Security
CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: 509-359-6908 Office.

CSCD 434 Spring 2011 Lecture 1 Course Overview. Contact Information Instructor Carol Taylor 315 CEB Phone: Office.
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1.

Copyright © 2007 Ramez Elmasri and Shamkant B. Navathe Slide 1- 1.
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
 MODERN DATABASE MANAGEMENT SYSTEMS OVERVIEW BY ENGINEER BILAL AHMAD

 MODERN DATABASE MANAGEMENT SYSTEMS OVERVIEW BY ENGINEER BILAL AHMAD
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Introduction to Data bases concepts

Introduction to Data bases concepts

Similar presentations

Ads by Google