Chapter 1 - Introduction to Information Security Flashcards
Where did the information security began?
It began after the creation of mainframe. It was developed for code breaking computations during WWII.
What are the threats in mainframe era of information seurity?
Physical theft, espionage, and sabotage.
1960 events
- Advance Research Project Agency examine the feasibility redundant communication.
- Larry Roberts was the one who developed ARPANET from its inception. It linked computers (17 computer research centers), resource sharing and it cost 3.4 million dollar.
- ARPANET is the predecessor to the internet.
1970’s - 1980’s events in ISec
It grew popular as well as its misuse. Fundamental problems with ARPANET security were the:
1. Individual remote sites are not secured for unauthorized users.
2. Vulnerability of password structure and formats.
3. No safety procedure for dial up connections to ARPANET.
4. Non-existent user identification and authorization to system.
1970’s - 1980’s events in ISec
Rand Report R-609 - it is a paper that stated the study of computer security. It grew physical security to; safety of data, limiting unauthorize access to data, and involvement of personnel from multiple levels of organization.
MULTICS - Multiplexed information computing services
It is the first operating system that was created with security as its primary goals. Several multics key players created the UNIX.
Late 1970’s
Microprocessor expanded computing capabilities. The presence of mainframe reduced, and it also expanded the security threats.
1990’s
Network of computers became common. The need for interconnect networks grew. It was also the time where security was treated as low priority.
2000 to present
Millions of computer network communicate and the need for security is needed.
What is security?
“The quality or state of being secure—to be free from danger”
What are the 6 security of an organization?
Physical, personal, operational, communication, network, and information security.
What are the components of Isec
Management of Information Security, Network Security, and Computer, data security. and policy.
Access
-a subject or object’s ability to use, manipulate, modify, or affect another subject or object.
Assets
the organizational resource that is being protected.
Exposure
a single instance of being open to damage.
Loss
When an organization’s information is stolen, it has suffered a loss.
Exploit
to take advantage of weaknesses or vulnerability in a system.
Attack
an act that is an intentional or unintentional attempt
to cause damage or compromise to the information and/or the systems that support it.
Control, Safeguard, or Countermeasure-
security mechanisms, policies, or procedures that can successfully counter attacks, reduce risk, resolve vulnerabilities, and otherwise improve the security within an organization.