Vous êtes sur la page 1sur 4

Learning Objectives

Introduction to U
Upon completion
l ti off this
thi material,
t i l you should
h ld bbe able
bl tto:
Information Security
ƒ Define information security
ƒ Relate the history of computer security and how it
Treat your password like your toothbrush.
Don't let anybody else use it, and get a new evolved
l d iinto
t information
i f ti security
one every six months.
ƒ Define key terms and critical concepts of information
~ Clifford
Cliff d Stoll
St ll security
ƒ Discuss the phases of the security systems
Business Information development life cycle
System Security & Audit ƒ Present the roles of professionals involved in
information security within an organization

Temasek Polytechnic (Diploma in BIT) 1 Temasek Polytechnic (Diploma in BIT) 2

How Seriously Should You Take Threats to How Seriously Should You Take Threats to
Network Security? Network Security?
•Prove to me that I am not at risk
“No one is coming after my •Overestimate dangers “The sky is falling!”
computer.” •Assumes that talented hackers are
•Believes that teenagers with a laptop
•Prove to me that I am at risk can traverse highly secure systems at
•No one has attacked my computers yet. will.

•Reactive approach to security

W it until
til after
ft an incident
i id t occurs to
address security issues.

Temasek Polytechnic (Diploma in BIT) 3 Temasek Polytechnic (Diploma in BIT) 4

How Seriously Should You Take Threats to
Network Security?
ƒ Information security:
y a “well-informed sense of
Middle ground assurance that the information risks and controls are in
balance.” — Jim Anderson, Inovant (2002)

•An educated awareness of true risk ƒ Necessary to review the origins of this field and its
•Understands that many “hackers” are impact on our understanding of information security
not as skilled as they claim today
•Takes a balanced view towards securityy

Temasek Polytechnic (Diploma in BIT) 5 Temasek Polytechnic (Diploma in BIT) 6

The Historyy of Information Securityy Figure

g 1-1 – The Enigma
ƒ Began
g immediatelyy after the first mainframes were

ƒ G
Groups ddeveloping
l i code-breaking
d b ki computationst ti dduring
World War II created the first modern computers

ƒ Physical controls to limit access to sensitive military

locations to authorized personnel

ƒ Rudimentary in defending against physical theft,

espionage and sabotage

Temasek Polytechnic (Diploma in BIT) 7 Temasek Polytechnic (Diploma in BIT) 8

The 1960s The 1970s and 80s

ƒ Advanced Research Project j Agency

g y ((ARPA)) began
g to ƒ Information securityy began
g with Rand Reportp R-609 (p
examine feasibility of redundant networked that started the study of computer security)
ƒ Scope of computer security grew from physical security to
ƒ Larry Roberts developed ARPANET from its inception
ƒ Safety of data
ƒ Limiting unauthorized access to data
ƒ Involvement of personnel from multiple levels of an

Temasek Polytechnic (Diploma in BIT) 9 Temasek Polytechnic (Diploma in BIT) 10

The 1990s The Present

ƒ Networks of computers
p became more common;; so too ƒ The Internet brings
g millions of computer
p networks into
did the need to interconnect networks communication with each other—many of them
ƒ Internet became first manifestation of a global network of
networks ƒ Ability to secure a computer’s data influenced by the
security of every computer to which it is connected
ƒ In early Internet deployments, security was treated as a
low priority

Temasek Polytechnic (Diploma in BIT) 11 Temasek Polytechnic (Diploma in BIT) 12

What is Security?
y What is Security?
y ((continued))

ƒ “The qqualityy or state of beingg secure—to be free from ƒ The protection of information and its critical
danger” elements, including systems and hardware that
ƒ A successful organization should have multiple layers of use, store, and transmit that information
security in place:
ƒ Physical security
ƒ Necessary tools: policy, awareness, training,
ƒ Personal security
education technology
ƒ Operations security ƒ C.I.A. triangle was standard based on
ƒ Communications security confidentiality, integrity, and availability
ƒ Network security
ƒ Information security
Temasek Polytechnic (Diploma in BIT) 13 Temasek Polytechnic (Diploma in BIT) 14

Critical Characteristics of Information

ƒ The value of information comes from the characteristics it

ƒ Availabilityy
ƒ Accuracy
ƒ Authenticity
ƒ Confidentiality
ƒ Integrity
ƒ Utility
ƒ Possession

Temasek Polytechnic (Diploma in BIT) 15