SlideShare a Scribd company logo

Information Assurance And Security - Chapter 1 - Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

This document summarizes the history and evolution of information security from its origins during World War II to the present day. It describes how computer security began with early mainframes and military applications, then expanded to include networking and the internet. Key developments included the ARPANET, identification of security issues in the 1970s/80s, growth of hacking conferences in the 1990s, and increased threats of cyber attacks in modern times. The document also defines core information security concepts.

Education
1 of 20
Principles of Information Security, Fifth Edition Chapter 1 Introduction to Information Security Lesson 1 - Introduction
Learning Objectives Upon completion of this lesson, you should be able to: ◦ Define information security ◦ Recount the history of computer security and how it evolved into information security PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 2
Introduction Information security: a “well-informed sense of assurance that the information risks and controls are in balance.”—Jim Anderson, Emagined Security, Inc. Security professionals must review the origins of this field to understand its impact on our understanding of information security today. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 3
The History of Information Security Computer security began immediately after the first mainframes were developed. ◦ Groups developing code-breaking computations during World War II created the first modern computers. ◦ Multiple levels of security were implemented. Physical controls limiting access to sensitive military locations to authorized personnel Rudimentary in defending against physical theft, espionage, and sabotage PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 4
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 5
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 6 Figure 1-1 – The Enigma
The 1960s Advanced Research Project Agency (ARPA) began to examine the feasibility of redundant networked communications. Larry Roberts developed the ARPANET from its inception. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 7
Figure 1-2 - ARPANET PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 8
The 1970s and 80s ARPANET grew in popularity, as did its potential for misuse. Fundamental problems with ARPANET security were identified. ◦ No safety procedures for dial-up connections to ARPANET ◦ Nonexistent user identification and authorization to system PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 9
The 1970s and 80s (cont’d) Information security began with Rand Report R-609 (paper that started the study of computer security and identified the role of management and policy issues in it). The scope of computer security grew from physical security to include: ◦ Securing the data ◦ Limiting random and unauthorized access to data ◦ Involving personnel from multiple levels of the organization in information security PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 10
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 11
MULTICS Early focus of computer security research centered on a system called Multiplexed Information and Computing Service (MULTICS). First operating system was created with security integrated into core functions. Mainframe, time-sharing OS was developed in the mid-1960s by General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT). Several MULTICS key players created UNIX. ◦ Primary purpose of UNIX was text processing. Late 1970s: The microprocessor expanded computing capabilities and security threats. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 12
The 1990s Networks of computers became more common, as did the need to connect them to each other. Internet became the first global network of networks. Initially, network connections were based on de facto standards. In early Internet deployments, security was treated as a low priority. In 1993, DEFCON conference was established for those interested in information security. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 13
2000 to Present The Internet brings millions of unsecured computer networks into continuous communication with each other. The ability to secure a computer’s data was influenced by the security of every computer to which it is connected. Growing threat of cyber attacks has increased the awareness of need for improved security. ◦ Nation-states engaging in information warfare PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 14
What Is Security? “A state of being secure and free from danger or harm; the actions taken to make someone or something secure.” A successful organization should have multiple layers of security in place to protect: ◦ Operations ◦ Physical infrastructure ◦ People ◦ Functions ◦ Communications ◦ Information PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 15
What Is Security? (cont’d) The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Includes information security management, data security, and network security C.I.A. triangle ◦ Is a standard based on confidentiality, integrity, and availability, now viewed as inadequate. ◦ Expanded model consists of a list of critical characteristics of information. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 16
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 17
Key Information Security Concepts • Access • Asset • Attack • Control, safeguard, or countermeasure • Exploit • Exposure • Loss PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 18 • Protection profile or security posture • Risk • Subjects and objects • Threat • Threat agent • Vulnerability
PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 19
Key Information Security Concepts (cont’d) A computer can be the subject of an attack and/or the object of an attack. ◦When the subject of an attack, the computer is used as an active tool to conduct attack. ◦When the object of an attack, the computer is the entity being attacked. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 20

Recommended

Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in IT
Rohana K Amarakoon
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 

Recommended

Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1Information Assurance And Security - Chapter 2 - Lesson 1
Information Assurance And Security - Chapter 2 - Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2Information Assurance And Security - Chapter 2 - Lesson 2
Information Assurance And Security - Chapter 2 - Lesson 2
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Security policies
Security policiesSecurity policies
Security policies
Nishant Pahad
 
Social & professional issues in IT
Social & professional issues in ITSocial & professional issues in IT
Social & professional issues in IT
Rohana K Amarakoon
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
vasanthimuniasamy
 
Computer security overview
Computer security overviewComputer security overview
Computer security overview
CAS
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
elmuhammadmuhammad
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
EarlvonDeiparine1
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
Ersoy AKSOY
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
Kumawat Dharmpal
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
Dhani Ahmad
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
Computer Security
Computer SecurityComputer Security
Computer Security
Frederik Questier
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
Shreedevi Tharanidharan
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
Aksum Institute of Technology(AIT, @Letsgo)
 
Security risk management
Security risk managementSecurity risk management
Security risk management
G Prachi
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
Nada G.Youssef
 
The need for security
The need for securityThe need for security
The need for security
Dhani Ahmad
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 
CSS L12 STRUCTURE OF COMPUTER NETWORK
CSS L12 STRUCTURE OF COMPUTER NETWORKCSS L12 STRUCTURE OF COMPUTER NETWORK
CSS L12 STRUCTURE OF COMPUTER NETWORK
Marvin Bronoso
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
Dr. Loganathan R
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
Sibghatullah Khattak
 
IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
Asst.prof M.Gokilavani
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
Asst.prof M.Gokilavani
 

More Related Content

What's hot

Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
Aksum Institute of Technology(AIT, @Letsgo)
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
learnt
 

What's hot (20)

Computer security overview
Computer security overviewComputer security overview
Computer security overview
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
INFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdfINFORMATION ASSURANCE AND SECURITY 1.pdf
INFORMATION ASSURANCE AND SECURITY 1.pdf
 
Information Security Risk Management
Information Security Risk Management Information Security Risk Management
Information Security Risk Management
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.Ns lecture5: Introduction to Computer, Information, and Network Security.
Ns lecture5: Introduction to Computer, Information, and Network Security.
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Chapter 3: Information Security Framework
Chapter 3: Information Security FrameworkChapter 3: Information Security Framework
Chapter 3: Information Security Framework
 
The need for security
The need for securityThe need for security
The need for security
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecurity
 
CSS L12 STRUCTURE OF COMPUTER NETWORK
CSS L12 STRUCTURE OF COMPUTER NETWORKCSS L12 STRUCTURE OF COMPUTER NETWORK
CSS L12 STRUCTURE OF COMPUTER NETWORK
 
Introduction to Information Security
Introduction to Information SecurityIntroduction to Information Security
Introduction to Information Security
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 

Similar to Information Assurance And Security - Chapter 1 - Lesson 1

60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1
UDCNTT
 
MIS 7.pptx
MIS 7.pptxMIS 7.pptx
MIS 7.pptx
Omar91305
 
RaoNayakShelve inNetworkingSecurityUser levelB.docx
RaoNayakShelve inNetworkingSecurityUser levelB.docxRaoNayakShelve inNetworkingSecurityUser levelB.docx
RaoNayakShelve inNetworkingSecurityUser levelB.docx
audeleypearl
 

Similar to Information Assurance And Security - Chapter 1 - Lesson 1 (20)

IT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notesIT8073 _Information Security _UNIT I Full notes
IT8073 _Information Security _UNIT I Full notes
 
IT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdfIT8073_Information Security_UNIT I _.pdf
IT8073_Information Security_UNIT I _.pdf
 
Is ch1 (2)
Is ch1 (2)Is ch1 (2)
Is ch1 (2)
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.ppt
 
Ch01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.pptCh01_Introduction_to_Information_Securit.ppt
Ch01_Introduction_to_Information_Securit.ppt
 
Information Security : Is it an Art or a Science
Information Security : Is it an Art or a ScienceInformation Security : Is it an Art or a Science
Information Security : Is it an Art or a Science
 
Lecture 1-2.pdf
Lecture 1-2.pdfLecture 1-2.pdf
Lecture 1-2.pdf
 
Information security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information securityInformation security fundamentals topic 2: Evolution of Information security
Information security fundamentals topic 2: Evolution of Information security
 
information-security-3rd-edition2-define-information-security.ppt
information-security-3rd-edition2-define-information-security.pptinformation-security-3rd-edition2-define-information-security.ppt
information-security-3rd-edition2-define-information-security.ppt
 
MIS 7.pptx
MIS 7.pptxMIS 7.pptx
MIS 7.pptx
 
Information security.pptx
Information security.pptxInformation security.pptx
Information security.pptx
 
Jb ia
Jb iaJb ia
Jb ia
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
The Cybersecurity Mess
The Cybersecurity MessThe Cybersecurity Mess
The Cybersecurity Mess
 
Forensics
ForensicsForensics
Forensics
 
RaoNayakShelve inNetworkingSecurityUser levelB.docx
RaoNayakShelve inNetworkingSecurityUser levelB.docxRaoNayakShelve inNetworkingSecurityUser levelB.docx
RaoNayakShelve inNetworkingSecurityUser levelB.docx
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 

Recently uploaded (20)

Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural ResourcesEnergy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
Energy Resources. ( B. Pharmacy, 1st Year, Sem-II) Natural Resources
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Information Assurance And Security - Chapter 1 - Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 1 Introduction to Information Security Lesson 1 - Introduction
  • 2. Learning Objectives Upon completion of this lesson, you should be able to: ◦ Define information security ◦ Recount the history of computer security and how it evolved into information security PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 2
  • 3. Introduction Information security: a “well-informed sense of assurance that the information risks and controls are in balance.”—Jim Anderson, Emagined Security, Inc. Security professionals must review the origins of this field to understand its impact on our understanding of information security today. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 3
  • 4. The History of Information Security Computer security began immediately after the first mainframes were developed. ◦ Groups developing code-breaking computations during World War II created the first modern computers. ◦ Multiple levels of security were implemented. Physical controls limiting access to sensitive military locations to authorized personnel Rudimentary in defending against physical theft, espionage, and sabotage PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 4
  • 5. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 5
  • 6. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 6 Figure 1-1 – The Enigma
  • 7. The 1960s Advanced Research Project Agency (ARPA) began to examine the feasibility of redundant networked communications. Larry Roberts developed the ARPANET from its inception. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 7
  • 8. Figure 1-2 - ARPANET PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 8
  • 9. The 1970s and 80s ARPANET grew in popularity, as did its potential for misuse. Fundamental problems with ARPANET security were identified. ◦ No safety procedures for dial-up connections to ARPANET ◦ Nonexistent user identification and authorization to system PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 9
  • 10. The 1970s and 80s (cont’d) Information security began with Rand Report R-609 (paper that started the study of computer security and identified the role of management and policy issues in it). The scope of computer security grew from physical security to include: ◦ Securing the data ◦ Limiting random and unauthorized access to data ◦ Involving personnel from multiple levels of the organization in information security PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 10
  • 11. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 11
  • 12. MULTICS Early focus of computer security research centered on a system called Multiplexed Information and Computing Service (MULTICS). First operating system was created with security integrated into core functions. Mainframe, time-sharing OS was developed in the mid-1960s by General Electric (GE), Bell Labs, and Massachusetts Institute of Technology (MIT). Several MULTICS key players created UNIX. ◦ Primary purpose of UNIX was text processing. Late 1970s: The microprocessor expanded computing capabilities and security threats. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 12
  • 13. The 1990s Networks of computers became more common, as did the need to connect them to each other. Internet became the first global network of networks. Initially, network connections were based on de facto standards. In early Internet deployments, security was treated as a low priority. In 1993, DEFCON conference was established for those interested in information security. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 13
  • 14. 2000 to Present The Internet brings millions of unsecured computer networks into continuous communication with each other. The ability to secure a computer’s data was influenced by the security of every computer to which it is connected. Growing threat of cyber attacks has increased the awareness of need for improved security. ◦ Nation-states engaging in information warfare PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 14
  • 15. What Is Security? “A state of being secure and free from danger or harm; the actions taken to make someone or something secure.” A successful organization should have multiple layers of security in place to protect: ◦ Operations ◦ Physical infrastructure ◦ People ◦ Functions ◦ Communications ◦ Information PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 15
  • 16. What Is Security? (cont’d) The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information Includes information security management, data security, and network security C.I.A. triangle ◦ Is a standard based on confidentiality, integrity, and availability, now viewed as inadequate. ◦ Expanded model consists of a list of critical characteristics of information. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 16
  • 17. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 17
  • 18. Key Information Security Concepts • Access • Asset • Attack • Control, safeguard, or countermeasure • Exploit • Exposure • Loss PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 18 • Protection profile or security posture • Risk • Subjects and objects • Threat • Threat agent • Vulnerability
  • 19. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 19
  • 20. Key Information Security Concepts (cont’d) A computer can be the subject of an attack and/or the object of an attack. ◦When the subject of an attack, the computer is used as an active tool to conduct attack. ◦When the object of an attack, the computer is the entity being attacked. PRINCIPLES OF INFORMATION SECURITY, FIFTH EDITION 20