Introduction

Modifications by Prof. Dong Xuan

and Adam C. Champion

Principles of Information Security, 5th Edition

Learning Objectives
Upon completion of this material, you should be
able to:
Understand the definition of information security
Understand the key terms and critical concepts of
information security
Comprehend the history of computer security and
how it evolved into information security

Principles of Information Security, 5th Edition

Administrative Matters
Syllabus
Class website:
http://cse.osu.edu/~champion/4471/
Group project
Textbook (4th ed. preferable)
Readings
Chaps. 12 in the book

Principles of Information Security, 5th Edition

What is an Information System?

Information System (IS) is an entire set of
software, hardware, data, people, procedures, and
networks necessary to use information as a
resource in the organization

Principles of Information Security, 5th Edition

Critical Characteristics of Information

The value of information comes from the characteristics it
possesses:

Confidentiality: self-explanatory
Integrity: (Bitwise) identical to the original
Availability: of info, services, etc.
Authenticity: it is what it claims to be
Accuracy: free from mistakes and errors
Utility: self-explanatory
Possession: different from confidentiality

Others: user authentication, auditability, non-repudiation

Principles of Information Security, 5th Edition

What is Security?
Definitions:
Book: The quality or state of being secureto be free from danger
James Anderson, Inovant: Well-informed sense that information risks
and controls are in balance
Rita Summers, IBM Systems Journal, 1984: Includes concepts,
techniques and measures that are used to protect computing systems and
the information they maintain against deliberate or accidental threats

A successful organization should have multiple layers of security

in place:

Physical security
Personal security
Operations security
Communications security
Network security
Information security

Principles of Information Security, 5th Edition

What is Information Security?

The protection of information and its critical
elements, including systems that use, store, and
transmit that information
Necessary tools: policy, awareness, training,
education, technology

Principles of Information Security, 5th Edition

Principles of Information Security, 5th Edition

Securing Components in an Information

System
Computer (software and hardware) is the key
component in an information system
Computer can be subject of an attack and/or the
object of an attack
When the subject of an attack, computer is used as
an active tool to conduct attack
When the object of an attack, computer is the entity
being attacked
Principles of Information Security, 5th Edition

Figure 1-5 Subject and Object

of Attack

Principles of Information Security, 5th Edition

10

Balancing Information Security and

Access
Impossible to obtain perfect securityit is a
process, not an absolute
Security should be considered balance between
protection and availability
To achieve balance, level of security must allow
reasonable access, yet protect against threats

Principles of Information Security, 5th Edition

11

Figure 1-6 Balancing Security

and Access

Principles of Information Security, 5th Edition

12

History of Information Security

Began immediately after the first mainframes
were developed
Groups developing code-breaking
computations during World War II created
the first modern computers

Principles of Information Security, 5th Edition

13

Figure 1-1 The Enigma

Principles of Information Security, 5th Edition

14

The 1960s
Advanced Research Procurement Agency (ARPA)
began to examine feasibility of redundant
networked communications
Larry Roberts developed ARPANET from its
inception

Principles of Information Security, 5th Edition

15

Figure 1-2 - ARPANET

Principles of Information Security, 5th Edition

16

The 1970s and 80s

ARPANET grew in popularity as did its potential for
misuse
Fundamental problems with ARPANET security were
identified
No safety procedures for dial-up connections to
ARPANET
Non-existent user identification and authorization to
system

Late 1970s: microprocessor expanded computing

capabilities and security threats
Principles of Information Security, 5th Edition

17

R-609
Information security began with Rand Report R-609
(paper that started the study of computer security)
Scope of computer security grew from physical
security to include:
Safety of data
Limiting unauthorized access to data
Involvement of personnel from multiple levels of an
organization

Principles of Information Security, 5th Edition

18

The 1990s
Networks of computers became more common; so
too did the need to interconnect networks
Internet became first manifestation of a global
network of networks
In early Internet deployments, security was treated
as a low priority

Principles of Information Security, 5th Edition

19

The Present
The Internet brings millions of computer networks
into communication with each othermany of
them unsecured
Ability to secure a computers data influenced by
the security of every computer to which it is
connected
The same problems apply for emerging networked
computer systems, e.g., smartphones
Principles of Information Security, 5th Edition

20

Summary
Information security is a well-informed sense of
assurance that the information risks and controls
are in balance.
Security should be considered a balance between
protection and availability.
Computer security began immediately after first
mainframes were developed

Principles of Information Security, 5th Edition

21