Professional Documents
Culture Documents
SECURITY
SECURITY
SECURITY
ITSECUR 01
2
A Brief History of Information Security
3
A Brief History of Information Security
● 1970s and 80s – sudden growth of users (and misusers) of ARPANET, birth of
PCs and the client-server concept
○ Expansion of security beyond physical protection to include data and personnel
○ Rand Report R-609 identified management and policy issues
4
A Brief History of Information Security
● 1990s – The Internet becomes available to the public -> pervasive technology
○ De facto standards had little security assurance
○ Users were scientists who were presumes to be trustworthy
5
What Does Information Security Involve?
6
What Does Information Security Involve?
● Has a wide base that touches different areas of an organization that are
interrelated
○ People
○ Process
○ Technology
■ Network
■ Data
7
Essential Terminologies
Information
9
Information is an asset
10
Why does it matter?
11
What is security?
12
What is Information Security?
● Protection of data and systems from those who would seek to misuse it
13
Information Security == Minimizing Risk
14
Information Security == Minimizing Risk
15
Threat?
16
Information Security == Minimizing Risk
17
What is Intent?
18
Information Security == Minimizing Risk
19
What is Opportunity?
20
Information Security == Minimizing Risk
21
What is Capability?
22
Vulnerability?
● Both mutable and ephemeral. This is good because it means this component
of risk can be affected by individuals and organizations
● Examples:
○ Buggy application and operating system software
○ Inherent weaknesses in the design of technologies
○ Misconfigured infrastructure devices
○ Weak security practices in an organization
○ Users who lack an understanding of security
24
What is Information Security?
Therefore we can also say that information security is a set of strategies for managing the processes,
people, and technology needed for managing Threats, Vulnerabilities, and Risk.
25
CIA Triad - The Three Pillars of Information Security
Confidentiality
(vs. Disclosure)
Integrity
(vs. Alteration)
Availability
(vs. Destruction)
The condition where information is kept accurate and consistent unless authorized
Integrity
changes are made
Availability The situation where information is available when and where it is rightly needed
26
Exploit
● Examples
○ ETERNALBLUE SMBv1 Remote Code Execution Exploit
○ CVE-2018-7600 – Drupal remote code execution vulnerability
○ CVE-2018-8174 – DOUBLEKILL Windows VBScript Remote Code Execution Flaw
27
Attack
Interruption Attacks that cause data or resources to be unusable on a temporary or permanent basis
28
Conclusion
29
Conclusion
30
Computers and the information that they
carry have become a big part of our lives,
that it has made security a necessity rather
than just a luxury
31
Possible Careers in Information Security
● Ethical Hacker
● Digital Forensics and Incident Response Expert
● Malware Analyst
● Web Application Penetration Tester
● Chief Information Security Officer
● And a whole lot more! INFORMATION SECURITY IS EVERYWHERE
32