Wednesday, 9 January 2019

Introduction of Information Security

Introduction
  • Information security a "well-informed sense of assurance that the information risks and controls are in balance." - Jim Anderson, Inovant (2002)
  • Security professionals must review the origins of this field to understand its impact on our understanding of information security today.
The History of Information Security
  • Computer security began immediately after the first mainframes were developed.
           - Groups developing code-breaking computations during World War 2 created the first modern computers.

           - Multiple levels of security were implemented: Badges, key, and facial recognition of authorized personnel controlled access to sensitive military locations.
  • Physical controls to limit access to sensitive military locations to authorized personnel.
  • In contrast, information security during these early years was rudimentary and mainly composed of simple document classification schemes.
  • There were no application classification projects for computers or operating systems at this time,because the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. 

The 1960s
  • During the 1960s, the Department of Defense's Advanced Research Procurement Agency (ARPA) began examining the feasibility of a redundant networked communications system designed to support the military's need to exchange information.
  • Larry Roberts, known as the founder of the internet, developed the project from its inception.
The 1970s and 80s
  • ARPANET grew in popularity as did its potential for misuse.
  • Fundamental problems with ARPANET security were indentified
             - No safety procedures for dial-up connections to ARPANET
             - Nonexistent user identification and authorization to system
  • Late 1970s: microprocessor expanded computing capabilities and security threats
  • Information security began with Rand Report R-609 (paper that started the study of computer security)
  • Scope of computer security grew from physical security to include:
          - Safety of data
          - Limiting unauthorized access to data
          - Involvement of personnel from multiple levels of an organization 


What is Security?
  • "The quality or state to being secure - to be free from danger"
  • A successful organization should have multiple layers of security in place:
         - Physical security
         - Personal security
         - Operations security
         - Communications security
         - Network security
         - Information security
  • A successful organization should have the following multiple layers of security in place for the protection of its operations:
         - Physical security :- To protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
         - Personal security :- To protect the individual or group of individuals who are authorized to access the organization and its operations.
         - Operations security :- To protect the details of a particular operation or series of activities.
         - Communications security :- To protect an organization's communications media, technology, and content.
         - Network security :- To protect networking components, connections, and contents.

0 Comments:

Post a Comment

Popular Posts

Categories

Android (21) AngularJS (1) Books (3) C (75) C++ (81) Data Strucures (4) Engineering (13) FPL (17) HTML&CSS (38) IS (25) Java (85) PHP (20) Python (83) R (68) Selenium Webdriver (2) Software (13) SQL (27)