Professional Documents
Culture Documents
CH 01
CH 01
Learning Objectives:
Introduction to Information
Upon completion of this chapter you should be able to:
Security • Understand what information security is and how it came to mean
what it does today.
Chapter 1 • Comprehend the history of computer security and how it evolved into
information security.
Do not figure on opponents not attacking; worry about your own lack of • Understand the key terms and critical concepts of information security
preparation. as presented in the chapter.
-- Book of the Five Rings • Outline the phases of the security systems development life cycle.
• Understand the role professionals involved in information security in
an organizational structure.
Principles of Information Security - Chapter 1 Slide 5 Principles of Information Security - Chapter 1 Slide 6
1
1/28/2021
Principles of Information Security - Chapter 1 Slide 7 Principles of Information Security - Chapter 1 Slide 8
Principles of Information Security - Chapter 1 Slide 9 Principles of Information Security - Chapter 1 Slide 10
Principles of Information Security - Chapter 1 Slide 11 Principles of Information Security - Chapter 1 Slide 12
2
1/28/2021
Critical Characteristics
Of Information Figure 1-3 – NSTISSC Security Model
The value of information comes Accuracy
Components of an
Information System Securing the Components
• The computer can be either or both
the subject of an attack and/or the
object of an attack
• When a computer is
• To fully understand the importance of information security, you need • the subject of an attack, it is used as
to know the elements of an information system an active tool to conduct the attack
• the object of an attack, it is the entity
• An Information System (IS) is much more than computer hardware; it is being attacked
the entire set of software, hardware, data, people, and procedures
necessary to use information as a resource in the organization
Principles of Information Security - Chapter 1 Slide 17 Principles of Information Security - Chapter 1 Slide 18
3
1/28/2021
Principles of Information Security - Chapter 1 Slide 19 Principles of Information Security - Chapter 1 Slide 20
Principles of Information Security - Chapter 1 Slide 23 Principles of Information Security - Chapter 1 Slide 24
4
1/28/2021
Principles of Information Security - Chapter 1 Slide 25 Principles of Information Security - Chapter 1 Slide 26
5
1/28/2021
for approval
Principles of Information Security - Chapter 1 Slide 31 Principles of Information Security - Chapter 1 Slide 32
Security Systems
Maintenance and Change Development Life Cycle
• Tasks necessary to support and • The same phases used in the traditional
modify the system for the SDLC adapted to support the specialized
remainder of its useful life implementation of a security project
• The life cycle continues until the
process begins again from the • Basic process is identification of threats and
investigation phase controls to counter them
• When the current system can no • The SecSDLC is a coherent program rather
longer support the mission of than a series of random, seemingly
the organization, a new project unconnected actions
is implemented
Principles of Information Security - Chapter 1 Slide 33 Principles of Information Security - Chapter 1 Slide 34
Investigation Analysis
• Identifies process, outcomes and goals of the • Analysis of existing security policies or
project, and constraints programs, along with documented
• Begins with a statement of program security policy current threats and associated
controls
• Teams are organized, problems analyzed, and scope
defined, including objectives, and constraints not • Includes an analysis of relevant legal
covered in the program policy issues that could impact the design of
the security solution
• An organizational feasibility analysis is performed
• The risk management task (identifying,
assessing, and evaluating the levels of
This Photo by Unknown Author is licensed under CC BY-SA-NC
6
1/28/2021
Principles of Information Security - Chapter 1 Slide 39 Principles of Information Security - Chapter 1 Slide 40
Principles of Information Security - Chapter 1 Slide 41 Principles of Information Security - Chapter 1 Slide 42
7
1/28/2021
• End users
Principles of Information Security - Chapter 1 Slide 43 Principles of Information Security - Chapter 1 Slide 44
Information Security:
Communities Of Interest Is It an Art or a Science?
• Each organization develops and • With the level of
maintains its own unique culture and complexity in
values. Within that corporate culture, today’s information
there are communities of interest: systems, the
• Information Security Management and implementation of
Professionals
information
• Information Technology Management and
Professionals
security has often
• Organizational Management and
been described as a
Professionals combination of art
This Photo by Unknown Author is licensed under CC
BY and science
Principles of Information Security - Chapter 1 Slide 45 Principles of Information Security - Chapter 1 Slide 46
Principles of Information Security - Chapter 1 Slide 47 Principles of Information Security - Chapter 1 Slide 48
8
1/28/2021