Professional Documents
Culture Documents
UNIT 1 Part-I
UNIT 1 Part-I
UNIT 1 Part-I
Fourth Edition
Chapter 1
Introduction to Information Security
1
Learning Objectives
3
The History of Information Security
4
Figure 1-1 – The Enigma
6
Figure 1-2 - ARPANET
7
The 1970s and 80s
8
The 1970s and 80s (cont’d.)
9
MULTICS
12
2000 to Present
13
What is Security?
14
What is Security? (cont’d.)
15
Figure 1-3 Components of Information Security
16
Key Information Security Concepts
• Access • Protection Profile or
• Asset Security Posture
• Attack • Risk
• Control, Safeguard, or
• Subjects and Objects
Countermeasure
• Exploit • Threat
• Exposure • Threat Agent
• Loss • Vulnerability
17
Key Information Security Concepts
(cont’d.)
• Computer can be subject of an attack and/or the
object of an attack
– When the subject of an attack, computer is used as
an active tool to conduct attack
– When the object of an attack, computer is the entity
being attacked
18
Figure 1-4 Information Security Terms
19
Figure 1-5 – Subject and Object of
Attack
20
Critical Characteristics of Information
21
CNSS Security Model
22
Components of an Information System
23
Balancing Information Security and
Access
• Impossible to obtain perfect security—it is a
process, not an absolute
• Security should be considered balance between
protection and availability
• To achieve balance, level of security must allow
reasonable access, yet protect against threats
24
Figure 1-6 – Balancing Security and
Access
26
Approaches to Information Security
Implementation: Top-Down Approach
• Initiated by upper management
– Issue policy, procedures, and processes
– Dictate goals and expected outcomes of project
– Determine accountability for each required action
• The most successful also involve formal
development strategy referred to as systems
development life cycle
27
Figure 1-9 Approaches to Information Security
Implementation
28
The Systems Development Life Cycle
29
Figure 1-10 SDLC Waterfall Methodology
30
Investigation
31
Analysis
32
Logical Design
33
Physical Design
34
Implementation
35
Maintenance and Change
36
The Security Systems Development
Life Cycle
• The same phases used in traditional SDLC may be
adapted to support specialized implementation of
an IS project
• Identification of specific threats and creating
controls to counter them
• SecSDLC is a coherent program rather than a
series of random, seemingly unconnected actions
37
Investigation
38
Analysis
39
Logical Design
40
Physical Design
41
Implementation
42
Maintenance and Change
43
Security Professionals and the
Organization
• Wide range of professionals required to support a
diverse information security program
• Senior management is key component
• Additional administrative support and technical
expertise are required to implement details of IS
program
44
Senior Management
45
Information Security Project Team
46
Data Responsibilities
47
Communities of Interest
48
Information Security: Is it an Art or a
Science?
• Implementation of information security often
described as combination of art and science
• “Security artesan” idea: based on the way
individuals perceive systems technologists since
computers became commonplace
49
Security as Art
50
Security as Science
51
Security as a Social Science
52
Summary
53
Summary (cont’d.)
54