180 likes | 390 Views
2. Introduction to Information Security. Historical aspects of InfoSecCritical characteristics of informationCNSS security modelSystems development life cycle for InfoSecOrganizational influence on InfoSec. 3. Historical Aspects of InfoSec. Earliest InfoSec was physical securityIn early 1960, a
E N D
1. 1 Introduction to Information Security
2. 2 Introduction to Information Security Historical aspects of InfoSec
Critical characteristics of information
CNSS security model
Systems development life cycle for InfoSec
Organizational influence on InfoSec
3. 3 Historical Aspects of InfoSec Earliest InfoSec was physical security
In early 1960, a systems administrator worked on Message of the Day (MOTD) and another person with administrative privileges edited the password file. The password file got appended to the MOTD.
In the 1960s, ARPANET was developed to network computers in distant locations
MULTICS operating systems was developed in mid-1960s by MIT, GE, and Bell Labs with security as a primary goal
4. 4 Historical Aspects of InfoSec In the 1970s, Federal Information Processing Standards (FIPS) examines DES (Data Encryption Standard) for information protection
DARPA creates a report on vulnerabilities on military information systems in 1978
In 1979 two papers were published dealing with password security and UNIX security in remotely shared systems
In the 1980s the security focus was concentrated on operating systems as they provided remote connectivity
5. 5 Historical Aspects of InfoSec In the 1990s, the growth of the Internet and the growth of the LANs contributed to new threats to information stored in remote systems
IEEE, ISO, ITU-T, NIST and other organizations started developing many standards for secure systems
Information security is the protection of information and the systems and hardware that use, store, and transmit information
6. 6 Critical Characteristics of Information An early security standard was known as the C.I.A. (Confidentiality, Integrity, Availability) triangle
Availability means that an authorized user who needs information has access to it when needed without interference or obstruction
To make information available to proper users one needs to authenticate the user, often remotely and in an automated manner
7. 7 Critical Characteristics of Information Accuracy of information relates to its reliability, i.e., it is free from mistakes or errors
E.g., everyone expect their bank statement to reflect accurate information
Authenticity of information refers to the quality of the information. This refers to the information being first hand. E.g., email is considered authentic if the sender is one whom you recognize.
Confidentiality of information refers to not falling into the hands of unauthorized people
8. 8 Critical Characteristics of Information Ways to protect confidentiality are:
Classification of information (e.g., top secret, managers only, no foreign government)
Secure storage
Training for information handlers for protecting confidentiality
Integrity of information refers to the quality of information as uncorrupted and reliable. Integrity of information could be compromised by people handling it or by errors in communicating devices or the medium of communication.
9. 9 Critical Characteristics of Information Utility of information refers to timeliness or relevance to the party using the information
Ownership of information refers to the person or group that controls information as it was responsible for its creation
10. 10 CNSS Model CNSS stands for Committee on National Security Systems (a group belonging to the National Security Agency [NSA]). CNSS has developed a National Security Telecommunications and Information Systems Security (NSTISSI) standards.
NSTISSI standards are 4011, 4012, 4013, 4014, 4015, 4016. U of L has met the 4011 and 4012 standards in the InfoSec curriculum.
11. 11 CNSS Security Model