chap1lect - Introduction Information security in todays...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Introduction Information security in today’s enterprise is a “well-informed sense of assurance that the information risks and controls are in balance.” Jim Anderson, Inovant (2002) Before we can begin analyzing the details of information security, it is necessary to review the origins of this field and its impact on our understanding of information security today. The History of Information Security The need for computer security, or the need to secure the physical location of hardware from outside threats, began almost immediately after the first mainframes were developed. Groups developing code-breaking computations during World War II created the first modern computers. Badges, keys, and facial recognition of authorized personnel controlled access to sensitive military locations. In contrast, information security during these early years was rudimentary and mainly composed of simple document classification schemes. There were no application classification projects for computers or operating systems at this time, because the primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage. The 1960s During the 1960s, the Department of Defense’s Advanced Research Procurement Agency (ARPA) began examining the feasibility of a redundant networked communications system designed to support the military’s need to exchange information. Larry Roberts, known as the founder of the Internet, developed the project from its inception. The 1970s and 80s During the next decade, the ARPANET grew in popularity and use, and so did its potential for misuse. I N D ECEMBER OF 1973, R OBERT M. M ETCALFE INDICATED THAT THERE WERE FUNDAMENTAL PROBLEMS WITH ARPANET SECURITY . I NDIVIDUAL REMOTE USERS SITES DID NOT HAVE SUFFICIENT CONTROLS AND SAFEGUARDS TO PROTECT DATA AGAINST UNAUTHORIZED REMOTE USERS . T HERE WERE NO SAFETY PROCEDURES FOR DIAL - UP CONNECTIONS TO THE ARPANET. U SER IDENTIFICATION AND AUTHORIZATION TO THE SYSTEM WERE NONEXISTENT . P HONE NUMBERS WERE WIDELY DISTRIBUTED AND OPENLY PUBLICIZED ON THE WALLS OF RESTROOMS AND PHONE BOOTHS , GIVING HACKERS EASY ACCESS TO ARPANET. T HE MOVEMENT TOWARD SECURITY THAT WENT BEYOND PROTECTING PHYSICAL LOCATIONS BEGAN WITH THE R AND R EPORT R-609, SPONSORED BY THE D EPARTMENT OF D EFENSE , WHICH ATTEMPTED TO DEFINE
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
MULTIPLE CONTROLS AND MECHANISMS NECESSARY FOR THE PROTECTION OF A MULTILEVEL COMPUTER SYSTEM . T HE SCOPE OF COMPUTER SECURITY GREW FROM PHYSICAL SECURITY TO INCLUDE : S AFETY OF THE DATA ITSELF L IMITING OF RANDOM AND UNAUTHORIZED ACCESS TO THAT DATA I NVOLVEMENT OF PERSONNEL FROM MULTIPLE LEVELS OF THE ORGANIZATION A T THIS STAGE , THE CONCEPT OF COMPUTER SECURITY EVOLVED INTO THE MORE SOPHISTICATED SYSTEM WE CALL INFORMATION SECURITY . MULTICS
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 19

chap1lect - Introduction Information security in todays...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online