Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.

Similar presentations


Presentation on theme: "An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your."— Presentation transcript:

1 An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your wildest, most paranoid nightmare This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627 Distributed October 2002 Embry-Riddle Aeronautical University Prescott, Arizona USA An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu

2 Roadmap: Introduction Introduction  Purpose  Motivation  Audience  Goals and objectives  Context  Some key vocabulary, including some integrating concepts

3 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.eduPurpose  Provide an overview of the context of digital information security, including the key “soft” factors beyond the specific hardware and software technologies typically considered to be at the core of digital information security  Provide an introduction to the key concepts, vocabulary, and issues of digital information security technology itself

4 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.eduMotivation  There is more information that is sensitive to someone some time somehow than seems obvious  The consequences of undesired disclosure are growing ever more significant  It is more difficult to protect sensitive information than most people, even technically sophisticated ones, appreciate  More and more facets of modern life are being impacted by the necessity to protect sensitive information or mitigate the consequences of our inability to do so

5 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Intended Audience  Students in an introductory Information or Computer Security course looking for an overview of the context for the subject  Computer Science or Software Engineering students in specialized courses (e.g., operating systems, database management systems, networking, cryptography, or software engineering) needing the information security context within which to understand the contributions and limitations of the specialized discipline(s) they’re studying

6 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Goals  Understand the complexities involved in protecting information (in other words, be depressed ;-)  Understand the key concepts and vocabulary for discussing information security  Understand the key elements of information security  Understand both the potential contribution and the limitations of each key element  Understand the major inter-dependencies among the key elements  Go one layer deeper into part of the onion and provide a basic understanding of the key concepts and vocabulary within computer security itself

7 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives For students in an introductory course on information security:  Be able to describe the purpose of, and types of information necessary for, a security policy  Be able to define at least 6 of the possible dimensions of a security architecture  For each dimension, be able to state another dimension on which it is heavily depends and another on which it does not  Be able to define trusted software and describe why it is expensive  Be able to state the key limitation on software based cryptography as a security mechanism

8 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives (cont’d) For students in an operating systems course, all of the introductory objectives, plus:  Be able to define a trusted computing base  Be able to define the relationship between an operating system and a trusted computing base For students in a data base management systems course, all of the introductory objectives, plus:  Be able to define the terms: subject, object, access modes, and access right  Be able to identify at least three levels of granularity in the definition of possible objects in a data base management system  Be able to state why subjects and users are not interchangeable concepts  Be able to state the relationship between DBMS software and TCB software

9 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Objectives (cont’d) For students in an introductory networking course, the introductory objectives plus:  Be able to define the relationship between COMPUSEC, COMSEC, cryptography and network security  Be able to state the key limitation on software based cryptography as a network protection mechanism For students in an introductory cryptography course, the introductory objectives plus:  Be able to state the key limitation on software based cryptography as an INFOSEC mechanism For students in a software engineering course, all of the introductory objectives plus:  Be able to define trusted software and level of assurance  Be able to describe the limitations of testing in providing high levels of assurance

10 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu The Context of Information Security INFOSEC Information Assurance Information Security Informally:  Information assurance is making sure that information is accessible to the right people when you want it to be and hasn’t been improperly accessed by the wrong people  Information security is about protecting information from unauthorized disclosure or modification but not specifically about assuring all aspects of its accessibility  INFOSEC is an abbreviation of Information Systems Security, the protection of information systems --- which correctly highlights the fact that electronic data systems are by no means the only places that information can be compromised

11 An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu About this Project This presentation is part of a larger package of materials on security issues. For more information, go to: http://nsfsecurity.pr.erau.edu http://nsfsecurity.pr.erau.edu Other material available on this topic are:  Overview of the key concepts and vocabulary Overview  The Key Mechanisms of Information Security: their strengths, weaknesses and inter- dependencies The Key Mechanisms of Information Security The Key Mechanisms of Information Security  Exercises (html): Decision Maze, Crossword Puzzle, Security Scene Decision MazeCrossword PuzzleSecurity SceneDecision MazeCrossword PuzzleSecurity Scene  Quizzes (html): Multiple choice, Fill-in-the-blank Multiple choiceFill-in-the-blankMultiple choiceFill-in-the-blank Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements. http://nsfsecurity.pr.erau.edu/feedback.html


Download ppt "An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your."

Similar presentations


Ads by Google