Introduction to information security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 13

Introduction to Information Security PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on
  • Presentation posted in: General

Introduction to Information Security. Introduction to Information Security. Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development life cycle for InfoSec Organizational influence on InfoSec. Historical Aspects of InfoSec.

Download Presentation

Introduction to Information Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Introduction to information security

Introduction to Information Security


Introduction to information security1

Introduction to Information Security

  • Historical aspects of InfoSec

  • Critical characteristics of information

  • CNSS security model

  • Systems development life cycle for InfoSec

  • Organizational influence on InfoSec


Historical aspects of infosec

Historical Aspects of InfoSec

  • Earliest InfoSec was physical security

  • In early 1960, a systems administrator worked on Message of the Day (MOTD) and another person with administrative privileges edited the password file. The password file got appended to the MOTD.

  • In the 1960s, ARPANET was developed to network computers in distant locations

  • MULTICS operating systems was developed in mid-1960s by MIT, GE, and Bell Labs with security as a primary goal


Historical aspects of infosec1

Historical Aspects of InfoSec

  • In the 1970s, Federal Information Processing Standards (FIPS) examines DES (Data Encryption Standard) for information protection

  • DARPA creates a report on vulnerabilities on military information systems in 1978

  • In 1979 two papers were published dealing with password security and UNIX security in remotely shared systems

  • In the 1980s the security focus was concentrated on operating systems as they provided remote connectivity


Historical aspects of infosec2

Historical Aspects of InfoSec

  • In the 1990s, the growth of the Internet and the growth of the LANs contributed to new threats to information stored in remote systems

  • IEEE, ISO, ITU-T, NIST and other organizations started developing many standards for secure systems

  • Information security is the protection of information and the systems and hardware that use, store, and transmit information


Cnss model

CNSS Model

  • CNSS stands for Committee on National Security Systems (a group belonging to the National Security Agency [NSA]). CNSS has developed a National Security Telecommunications and Information Systems Security (NSTISSI) standards.

  • NSTISSI standards are 4011, 4012, 4013, 4014, 4015, 4016. U of L has met the 4011 and 4012 standards in the InfoSec curriculum.


Cnss security model

Technology

Education

Policy

Confidentiality

Integrity

Availability

Storage Processing Transmission

CNSS Security Model


Cnss security model1

CNSS Security Model

  • The model identifies a 3 x 3 x 3 cube with 27 cells

  • Security applies to each of the 27 cells

  • These cells deal with people, hardware, software, data, and procedures

  • A hacker uses a computer (hardware) to attack another computer (hardware). Procedures describe steps to follow in preventing an attack.

  • An attack could be either direct or indirect

  • In a direct attack one computer attacks another. In an indirect attack one computer causes another computer to launch an attack.


Systems development life cycle for infosec

Systems Development Life Cycle for InfoSec

  • SDLC for InfoSec is very similar to SDLC for any project

  • The Waterfall model would apply to InfoSec as well

  • Investigation phase involves feasibility study based on a security program idea for the organization

  • Analysis phase involves risk assessment

  • Logical design phase involves continuity planning, disaster recovery, and incident response


Systems development life cycle for infosec1

Systems Development Life Cycle for InfoSec

  • Physical design phase involves considering alternative options possible to construct the idea of the physical design

  • Implementation phase is very similar to the SDLC model, namely put into practice the design

  • Maintenance phase involves implementing the design, evaluating the functioning of the system, and making changes as needed


Sdlc waterfall model

Investigate

Analyze

Logical Design

Physical Design

Implement

Maintain

SDLC Waterfall model


Organizational influence on infosec

Organizational influence on InfoSec

  • Security policies must be compatible with organizational culture

  • Information security related professionals have the mission of protecting the system

  • Information technology professionals who use the systems have a different set of values when it comes to security

  • The two values must be meshed together by appropriate changes to policies and procedures


References

References

  • CNSS standard www.nstissc.gov/html/library.html

  • P. Salus, “Net Insecurity”, 1998 http://www.nluug.nl/events/sane98/aftermath/salus.html

  • D. Verton, “Staffing costs spur security outsourcing,” Computerworld 35, #11, March 2001, page 20


  • Login