IAS lesson 1.pdf
Document Details
Uploaded by SeasonedMetonymy
Tags
Full Transcript
*WW II- 1st modern computers 1930 *The Enigma- cipher machine, German code solved by Alan Turing; unterseeboot submarine 1960 *ARPANET (Advanced Research Project Agency Network)- developed by Larry Roberts Late 70s & 80s *Subject of attack: computer is used...
*WW II- 1st modern computers 1930 *The Enigma- cipher machine, German code solved by Alan Turing; unterseeboot submarine 1960 *ARPANET (Advanced Research Project Agency Network)- developed by Larry Roberts Late 70s & 80s *Subject of attack: computer is used *expanded computing capabilities *Object of attack: computer is attacked *Rand Report R-609 (study of computer security) CHARACTERISTICS OF INFORMATION SCOPE OF COMPUTER SECURITY 1. Availability 2. Accuracy 1. Safety of data 3. Authenticity 2. Limiting unauthorized access to data 4. Confidentiality 3. Involvement of personnel from multiple 5. Integrity levels of an organization 6. Utility *MULTICS (Multiplexed Information and Computing 7. Possession Service)- 1st OS with security as its primary goal COMPONENTS OF AN INFO. SYSTEM - developed mid 60s by: General Electric 1. Software (GE), Bell Labs, & Massachusetts Institute of 2. Hardware Technology (MIT) 3. Data *UNIX- created by several key players of MULTICS 4. People 5. Procedures - primary purpose is text processing 6. Networks 1990 *networks of computers are common *manifestation of internet 2000-Present *internet Information Security Implementation *threat of cyber attacks 1. Bottom-Up- grassroots effort; seldom works *Security- be free from danger 2. Top-Down- upper management; most successful LAYERS OF SECURITY *SDLC (Systems Development Life Cycle)- 1. Physical security methodology 2. Personal security 3. Operations security TRADITIONAL SECSDLC PHASES 4. Communications security 1. Investigation 5. Network security 2. Analysis 6. Information security 3. Logical Design *Use, store, and transmit 4. Physical Design 5. Implementation *Necessary tools: policy, awareness, training, 6. Maintenance & Change education, technology *Senior Management *C.I.A. Triangle- Confidentiality, Integrity, Availability - CIO (Chief Info. Officer) - CISO (Chief Info. Security Officer) INFORMATION SECURITY PROJECT TEAM 1. Champion 2. Team leader 3. Security policy developers 4. Risk assessment specialists 5. Security professionals 6. Systems administrators 7. End users DATA RESPONSIBILITIES 1. Data owner- security & use 2. Data custodian- storage 3. Data users- end users *Security is a combination of art & science *Security artesan Security as: 1. Art- no rules and universally accepted 2. Science- technology-designed 3. Social Science- behavior of individuals interacting with systems
