Introduction to information security
1 / 13

Introduction to Information Security - PowerPoint PPT Presentation

  • Uploaded on

Introduction to Information Security. Introduction to Information Security. Historical aspects of InfoSec Critical characteristics of information CNSS security model Systems development life cycle for InfoSec Organizational influence on InfoSec. Historical Aspects of InfoSec.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Introduction to Information Security' - cody

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Introduction to information security1
Introduction to Information Security

  • Historical aspects of InfoSec

  • Critical characteristics of information

  • CNSS security model

  • Systems development life cycle for InfoSec

  • Organizational influence on InfoSec

Historical aspects of infosec
Historical Aspects of InfoSec

  • Earliest InfoSec was physical security

  • In early 1960, a systems administrator worked on Message of the Day (MOTD) and another person with administrative privileges edited the password file. The password file got appended to the MOTD.

  • In the 1960s, ARPANET was developed to network computers in distant locations

  • MULTICS operating systems was developed in mid-1960s by MIT, GE, and Bell Labs with security as a primary goal

Historical aspects of infosec1
Historical Aspects of InfoSec

  • In the 1970s, Federal Information Processing Standards (FIPS) examines DES (Data Encryption Standard) for information protection

  • DARPA creates a report on vulnerabilities on military information systems in 1978

  • In 1979 two papers were published dealing with password security and UNIX security in remotely shared systems

  • In the 1980s the security focus was concentrated on operating systems as they provided remote connectivity

Historical aspects of infosec2
Historical Aspects of InfoSec

  • In the 1990s, the growth of the Internet and the growth of the LANs contributed to new threats to information stored in remote systems

  • IEEE, ISO, ITU-T, NIST and other organizations started developing many standards for secure systems

  • Information security is the protection of information and the systems and hardware that use, store, and transmit information

Cnss model
CNSS Model

  • CNSS stands for Committee on National Security Systems (a group belonging to the National Security Agency [NSA]). CNSS has developed a National Security Telecommunications and Information Systems Security (NSTISSI) standards.

  • NSTISSI standards are 4011, 4012, 4013, 4014, 4015, 4016. U of L has met the 4011 and 4012 standards in the InfoSec curriculum.

Cnss security model







Storage Processing Transmission

CNSS Security Model

Cnss security model1
CNSS Security Model

  • The model identifies a 3 x 3 x 3 cube with 27 cells

  • Security applies to each of the 27 cells

  • These cells deal with people, hardware, software, data, and procedures

  • A hacker uses a computer (hardware) to attack another computer (hardware). Procedures describe steps to follow in preventing an attack.

  • An attack could be either direct or indirect

  • In a direct attack one computer attacks another. In an indirect attack one computer causes another computer to launch an attack.

Systems development life cycle for infosec
Systems Development Life Cycle for InfoSec

  • SDLC for InfoSec is very similar to SDLC for any project

  • The Waterfall model would apply to InfoSec as well

  • Investigation phase involves feasibility study based on a security program idea for the organization

  • Analysis phase involves risk assessment

  • Logical design phase involves continuity planning, disaster recovery, and incident response

Systems development life cycle for infosec1
Systems Development Life Cycle for InfoSec

  • Physical design phase involves considering alternative options possible to construct the idea of the physical design

  • Implementation phase is very similar to the SDLC model, namely put into practice the design

  • Maintenance phase involves implementing the design, evaluating the functioning of the system, and making changes as needed

Sdlc waterfall model



Logical Design

Physical Design



SDLC Waterfall model

Organizational influence on infosec
Organizational influence on InfoSec

  • Security policies must be compatible with organizational culture

  • Information security related professionals have the mission of protecting the system

  • Information technology professionals who use the systems have a different set of values when it comes to security

  • The two values must be meshed together by appropriate changes to policies and procedures


  • CNSS standard

  • P. Salus, “Net Insecurity”, 1998

  • D. Verton, “Staffing costs spur security outsourcing,” Computerworld 35, #11, March 2001, page 20