Introduction
The History of Information Security- Information security a "well-informed sense of assurance that the information risks and controls are in balance." - Jim Anderson, Inovant (2002)
- Security professionals must review the origins of this field to understand its impact on our understanding of information security today.
- Computer security began immediately after the first mainframes were developed.
- Multiple levels of security were implemented: Badges, key, and facial recognition of authorized personnel controlled access to sensitive military locations.
- Physical controls to limit access to sensitive military locations to authorized personnel.
- In contrast, information security during these early years was rudimentary and mainly composed of simple document classification schemes.
- There were no application classification projects for computers or operating systems at this time,because the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
The 1960s
- During the 1960s, the Department of Defense's Advanced Research Procurement Agency (ARPA) began examining the feasibility of a redundant networked communications system designed to support the military's need to exchange information.
- Larry Roberts, known as the founder of the internet, developed the project from its inception.
- ARPANET grew in popularity as did its potential for misuse.
- Fundamental problems with ARPANET security were indentified
- Nonexistent user identification and authorization to system
- Late 1970s: microprocessor expanded computing capabilities and security threats
- Information security began with Rand Report R-609 (paper that started the study of computer security)
- Scope of computer security grew from physical security to include:
- Limiting unauthorized access to data
- Involvement of personnel from multiple levels of an organization
What is Security?
- "The quality or state to being secure - to be free from danger"
- A successful organization should have multiple layers of security in place:
- Physical security
- Personal security
- Operations security
- Communications security
- Network security
- Information security
- A successful organization should have the following multiple layers of security in place for the protection of its operations:
- Personal security :- To protect the individual or group of individuals who are authorized to access the organization and its operations.
- Operations security :- To protect the details of a particular operation or series of activities.
- Communications security :- To protect an organization's communications media, technology, and content.
- Network security :- To protect networking components, connections, and contents.
0 Comments:
Post a Comment