Introduction
Modifications by Prof. Dong Xuan
and Adam C. Champion
Principles of Information Security, 5th Edition
�Learning Objectives
Upon completion of this material, you should be
able to:
Understand the definition of information security
Understand the key terms and critical concepts of
information security
Comprehend the history of computer security and
how it evolved into information security
Principles of Information Security, 5th Edition
�Administrative Matters
Syllabus
Class website:
http://cse.osu.edu/~champion/4471/
Group project
Textbook (4th ed. preferable)
Readings
Chaps. 12 in the book
Principles of Information Security, 5th Edition
�What is an Information System?
Information System (IS) is an entire set of
software, hardware, data, people, procedures, and
networks necessary to use information as a
resource in the organization
Principles of Information Security, 5th Edition
�Critical Characteristics of Information
The value of information comes from the characteristics it
possesses:
Confidentiality: self-explanatory
Integrity: (Bitwise) identical to the original
Availability: of info, services, etc.
Authenticity: it is what it claims to be
Accuracy: free from mistakes and errors
Utility: self-explanatory
Possession: different from confidentiality
Others: user authentication, auditability, non-repudiation
Principles of Information Security, 5th Edition
�What is Security?
Definitions:
Book: The quality or state of being secureto be free from danger
James Anderson, Inovant: Well-informed sense that information risks
and controls are in balance
Rita Summers, IBM Systems Journal, 1984: Includes concepts,
techniques and measures that are used to protect computing systems and
the information they maintain against deliberate or accidental threats
A successful organization should have multiple layers of security
in place:
Physical security
Personal security
Operations security
Communications security
Network security
Information security
Principles of Information Security, 5th Edition
�What is Information Security?
The protection of information and its critical
elements, including systems that use, store, and
transmit that information
Necessary tools: policy, awareness, training,
education, technology
Principles of Information Security, 5th Edition
�Principles of Information Security, 5th Edition
�Securing Components in an Information
System
Computer (software and hardware) is the key
component in an information system
Computer can be subject of an attack and/or the
object of an attack
When the subject of an attack, computer is used as
an active tool to conduct attack
When the object of an attack, computer is the entity
being attacked
Principles of Information Security, 5th Edition
�Figure 1-5 Subject and Object
of Attack
Principles of Information Security, 5th Edition
10
�Balancing Information Security and
Access
Impossible to obtain perfect securityit is a
process, not an absolute
Security should be considered balance between
protection and availability
To achieve balance, level of security must allow
reasonable access, yet protect against threats
Principles of Information Security, 5th Edition
11
�Figure 1-6 Balancing Security
and Access
Principles of Information Security, 5th Edition
12
�History of Information Security
Began immediately after the first mainframes
were developed
Groups developing code-breaking
computations during World War II created
the first modern computers
Principles of Information Security, 5th Edition
13
�Figure 1-1 The Enigma
Principles of Information Security, 5th Edition
14
�The 1960s
Advanced Research Procurement Agency (ARPA)
began to examine feasibility of redundant
networked communications
Larry Roberts developed ARPANET from its
inception
Principles of Information Security, 5th Edition
15
�Figure 1-2 - ARPANET
Principles of Information Security, 5th Edition
16
�The 1970s and 80s
ARPANET grew in popularity as did its potential for
misuse
Fundamental problems with ARPANET security were
identified
No safety procedures for dial-up connections to
ARPANET
Non-existent user identification and authorization to
system
Late 1970s: microprocessor expanded computing
capabilities and security threats
Principles of Information Security, 5th Edition
17
�R-609
Information security began with Rand Report R-609
(paper that started the study of computer security)
Scope of computer security grew from physical
security to include:
Safety of data
Limiting unauthorized access to data
Involvement of personnel from multiple levels of an
organization
Principles of Information Security, 5th Edition
18
�The 1990s
Networks of computers became more common; so
too did the need to interconnect networks
Internet became first manifestation of a global
network of networks
In early Internet deployments, security was treated
as a low priority
Principles of Information Security, 5th Edition
19
�The Present
The Internet brings millions of computer networks
into communication with each othermany of
them unsecured
Ability to secure a computers data influenced by
the security of every computer to which it is
connected
The same problems apply for emerging networked
computer systems, e.g., smartphones
Principles of Information Security, 5th Edition
20
�Summary
Information security is a well-informed sense of
assurance that the information risks and controls
are in balance.
Security should be considered a balance between
protection and availability.
Computer security began immediately after first
mainframes were developed
Principles of Information Security, 5th Edition
21
