Vous êtes sur la page 1sur 4

Learning Objectives

Introduction to U
Upon completion
l ti off this
thi material,
t i l you should
h ld bbe able
bl tto:
Information Security
ƒ Define information security
ƒ Relate the history of computer security and how it
Treat your password like your toothbrush.
Don't let anybody else use it, and get a new evolved
l d iinto
t information
i f ti security
it
one every six months.
ƒ Define key terms and critical concepts of information
~ Clifford
Cliff d Stoll
St ll security
it
ƒ Discuss the phases of the security systems
Business Information development life cycle
System Security & Audit ƒ Present the roles of professionals involved in
(BBT3005)
information security within an organization

Temasek Polytechnic (Diploma in BIT) 1 Temasek Polytechnic (Diploma in BIT) 2

How Seriously Should You Take Threats to How Seriously Should You Take Threats to
Network Security? Network Security?
•Prove to me that I am not at risk
“No one is coming after my •Overestimate dangers “The sky is falling!”
computer.” •Assumes that talented hackers are
everywhere
•Believes that teenagers with a laptop
•Prove to me that I am at risk can traverse highly secure systems at
•No one has attacked my computers yet. will.
ill

•Reactive approach to security


•Wait
W it until
til after
ft an incident
i id t occurs to
t
address security issues.

Temasek Polytechnic (Diploma in BIT) 3 Temasek Polytechnic (Diploma in BIT) 4


How Seriously Should You Take Threats to
Introduction
Network Security?
ƒ Information security:
y a “well-informed sense of
Middle ground assurance that the information risks and controls are in
balance.” — Jim Anderson, Inovant (2002)

•An educated awareness of true risk ƒ Necessary to review the origins of this field and its
•Understands that many “hackers” are impact on our understanding of information security
not as skilled as they claim today
•Takes a balanced view towards securityy

Temasek Polytechnic (Diploma in BIT) 5 Temasek Polytechnic (Diploma in BIT) 6

The Historyy of Information Securityy Figure


g 1-1 – The Enigma
g
ƒ Began
g immediatelyy after the first mainframes were
developed

ƒ G
Groups ddeveloping
l i code-breaking
d b ki computationst ti dduring
i
World War II created the first modern computers

ƒ Physical controls to limit access to sensitive military


locations to authorized personnel

ƒ Rudimentary in defending against physical theft,


espionage and sabotage
espionage,

Temasek Polytechnic (Diploma in BIT) 7 Temasek Polytechnic (Diploma in BIT) 8


The 1960s The 1970s and 80s

ƒ Advanced Research Project j Agency


g y ((ARPA)) began
g to ƒ Information securityy began
g with Rand Reportp R-609 (p
(paper
p
examine feasibility of redundant networked that started the study of computer security)
communications
ƒ Scope of computer security grew from physical security to
include:
ƒ Larry Roberts developed ARPANET from its inception
ƒ Safety of data
ƒ Limiting unauthorized access to data
ƒ Involvement of personnel from multiple levels of an
organization

Temasek Polytechnic (Diploma in BIT) 9 Temasek Polytechnic (Diploma in BIT) 10

The 1990s The Present

ƒ Networks of computers
p became more common;; so too ƒ The Internet brings
g millions of computer
p networks into
did the need to interconnect networks communication with each other—many of them
unsecured
ƒ Internet became first manifestation of a global network of
networks ƒ Ability to secure a computer’s data influenced by the
security of every computer to which it is connected
ƒ In early Internet deployments, security was treated as a
low priority

Temasek Polytechnic (Diploma in BIT) 11 Temasek Polytechnic (Diploma in BIT) 12


What is Security?
y What is Security?
y ((continued))

ƒ “The qqualityy or state of beingg secure—to be free from ƒ The protection of information and its critical
danger” elements, including systems and hardware that
ƒ A successful organization should have multiple layers of use, store, and transmit that information
security in place:
ƒ Physical security
ƒ Necessary tools: policy, awareness, training,
ƒ Personal security
education technology
education,
ƒ Operations security ƒ C.I.A. triangle was standard based on
ƒ Communications security confidentiality, integrity, and availability
ƒ Network security
ƒ Information security
Temasek Polytechnic (Diploma in BIT) 13 Temasek Polytechnic (Diploma in BIT) 14

Critical Characteristics of Information

ƒ The value of information comes from the characteristics it


possesses:
ƒ Availabilityy
ƒ Accuracy
ƒ Authenticity
ƒ Confidentiality
ƒ Integrity
ƒ Utility
ƒ Possession

Temasek Polytechnic (Diploma in BIT) 15