Information security began with Ran

Information security began with Rand Report R-609 (paper that started the study of computer security) • Scope of computer security grew from physical security to include: • Safety of data • Limiting unauthorized access to data • Involvement of personnel from multiple levels of an organization
Background image of page 32
The 1990s • Networks of computers became more common; so too did the need to interconnect networks • Internet became first manifestation of a global network of networks • In early Internet deployments, security was treated as a low priority
Background image of page 33
The Present • The Internet brings billions of computer networks into communication with each other— many of them unsecured • Ability to secure a computer’s data influenced by the security of every computer to which it is connected
Background image of page 34
What is Security? • “The quality or state of being secure—to be free from danger” • A successful organization should have multiple layers of security in place: • Physical security • Personal security • Operations security • Communications security • Network security • Information security
Background image of page 35
What is Information Security? • The protection of information and its critical elements, including systems and hardware that use, store, and transmit that information • Necessary tools: policy, awareness, training, education, technology
Background image of page 36
Information and Computer Security Figure 1.0 – CIA Triangle • C.I.A. triangle was standard based on confidentiality, integrity, and availability • C.I.A. triangle now expanded into list of critical characteristics of information
Background image of page 37
Critical Characteristics of Information • The value of information comes from the characteristics it possesses: • Availability • Accuracy • Authenticity • Confidentiality • Integrity • Utility • Possession
Background image of page 38
Components of an Information System • Information System (IS) is entire set of software, hardware, data, people, procedures, and networks necessary to use information as a resource in the organization
Background image of page 39
Role of Computer in Information Security • Computer can be subject of an attack and/or the object of an attack • When the subject of an attack, computer is used as an active tool to conduct attack • When the object of an attack, computer is the entity being attacked
Background image of page 40
Balancing Information Security and Access • Impossible to obtain perfect security—it is a process, not an absolute • Security should be considered balance between protection and availability • To achieve balance, level of security must allow reasonable access, yet protect against threats