01 IntroToIS

Principles of Information Security
Chapter 1 Introduction to Information Security

Based on the Fourth Edition of:
M. E. Whitman, H. J. Mattord:. Principles of Information Security
School of Business, Department of Information Technology
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Do not figure on opponents not attacking;

worry about your own lack of preparation.
Book of the Five Rings
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Learning Objectives
Define information security

Recount the history of computer security and how it evolved
into information security
Define key terms and critical concepts of information security
Enumerate the phases of the security systems development life
cycle
Describe the information security roles of professionals within
an organization
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Outline
1
Introduction
What is Security?
Components of an Information System
Approaches to Information Security Implementation
The System Development Life Cycle (SDLC)
The Security System Development Life Cycle (SecSDLC)
Security Professionals and the Organization
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Introduction
Information security:
a well-informed sense of assurance that the information risks and
controls are in balance.
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
The history of information security

Computer security began immediately after the first
mainframes were developed (World War II, Code breaking)
Physical controls to limit access to sensitive military locations
to authorized personnel
Rudimentary in defending against physical theft, espionage,
and sabotage
The 1960s Advanced Research Project Agency (ARPA)
began to examine feasibility of redundant networked
communications. Larry Roberts developed ARPANET from its
inception
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
The history of information security (cont.)
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

The 1970s and 80s Fundamental problems with ARPANET
security were identified:
No safety procedures for dial-up connections to ARPANET
Nonexistent user identification and authorization to system
Late 1970s Microprocessor expanded computing

capabilities and security threats. The scope of computer
security grew from physical security to include:
Safety of the data itself.
Limiting of random and unauthorized access to that data
Involvement of personnel from multiple levels of the
organization
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

MULTICS
Early focus of computer security research was a system called
Multiplexed Information and Computing Service (MULTICS).
It was the first operating system (OS) created with security as
its primary goal.
MULTICS was a mainframe, time-sharing OS developed in
mid-1960s by General Electric (GE), Bell Labs, and
Massachusetts Institute of Technology (MIT).
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

MULTICS
Early focus of computer security research was a system called
Multiplexed Information and Computing Service (MULTICS).
It was the first operating system (OS) created with security as
its primary goal.
MULTICS was a mainframe, time-sharing OS developed in
mid-1960s by General Electric (GE), Bell Labs, and
Massachusetts Institute of Technology (MIT).
Several MULTICS key players created UNIX. Primary purpose
of UNIX was text processing.
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
The 1990s Networks of computers became more common;

so too did the need to interconnect networks (Internet)
In early Internet deployments, security was treated as a low
priority
2000 to Present The Internet brings millions of computer
networks into communication with each other many of them
unsecured
Growing threat of cyber attacks has increased the need for
improved security
10
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
What is computer security?

Answer:
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

Answer: Protection of physical locations, hardware, and
software of computers from outside threats.
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

Name three primary threats to security of computers.

Answer:
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1


Answer: Physical theft, espionage, and sabotage.
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1


Name two fundamental problems with ARPANET security?

Answer:
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1



Answer:
1
2
No safety for dial-up connections.

Nonexistent user identification and authorization.
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1



Answer:
1
2

What was the name of the now obsolete operating system

designed for security objectives?
Answer:
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1



Answer:
1
2

What was the name of the now obsolete operating system

designed for security objectives?
Answer: MULTICS.
11
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security?
Security is the quality of being free from danger (e.g.,
National security is a multi-layered system that protects
assets, resources, and people of a state).
12
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security?
Security is the quality of being free from danger (e.g.,
National security is a multi-layered system that protects
assets, resources, and people of a state).
A successful organization should have the following multiple
layers of security in place for the protection of its operations:
Physical security
Personnel security
Operations security
Communications security
Network security
Information security
12
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security? (cont.)
To protect the information and its related systems from

danger, tools, such as policy, awareness, training, education,
and technology, are necessary.
13
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is Security? (cont.)
To protect the information and its related systems from

danger, tools, such as policy, awareness, training, education,
and technology, are necessary.
The C.I.A. triangle (i.e. Confidentiality, Integrity, and
Availability) has been considered the industry standard for
computer security since the development of the mainframe.
The C.I.A. triangle has expanded into a list of critical
characteristics of information.
13
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
What is security? (cont.)
Figure 1-3 Components of Information Security

14
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
What is the security that addresses the issues needed to

protect items, objects, or areas?
Answer:
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: Physical security
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

What is the security that addresses the protection of

individuals or groups authorized to access an organization?
Answer:
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz


Answer: Personnel security
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz


What is the security that encompasses the protection of an

organizations communications media, technology, and
content?
Answer:
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz


What is the security that encompasses the protection of an

organizations communications media, technology, and
content?
Answer: Communications security
15
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Key Information Security Concepts
Figure 1-4 Information Security Terms

16
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Key Information Security Concepts (cont.)
Figure 1-5 Computer as the Subject and Object of an Attack
17
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Critical Characteristics of Information

The value of information comes from the characteristics it
possesses:
1
Availability
Accuracy
Authenticity
Confidentiality
Integrity
Utility
Possession
18
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
NSTISSC Security Model

To ensure system security, each of the 27 areas of McCumber Cube
must be properly addressed during the security process.
Figure 1-6 The McCumber Cube

19
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
True or False: Personnel security addresses the issues needed

to protect items, objects, or areas.
Answer:
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

Answer: False
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

Answer: False
In regard to critical characteristics of information, a breach of

confidentiality always results in a breach of:
(a)
(b)
(c)
(d)
(e)
availability.
accuracy.
authenticity
integrity
possession
Answer:
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

Answer: False
In regard to critical characteristics of information, a breach of

confidentiality always results in a breach of:
(a)
(b)
(c)
(d)
(e)
availability.
accuracy.
authenticity
integrity
possession
Answer: (e)
20
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3
security addresses the protection of individuals or

groups authorized to access an organization.
(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer:
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3

(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer: (b)
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3

(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer: (b)
4
security encompasses the protection of an

organizations communication media, technology, and content.
Answer:
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3

(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer: (b)
4

Answer: Communications
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3

(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer: (b)
4

The characteristic of information that deals with preventing

disclosure is
.
Answer:
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
3

(a)
(b)
(c)
(d)
Public
Personnel
Physical
Personal
Answer: (b)
4

The characteristic of information that deals with preventing

disclosure is
.
Answer: confidentiality
21
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Components of an Information System

An information system (IS) is the entire set of components
necessary to use information as a resource in the organization.
Figure 1-7 Components of an Information System

22
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Balancing Information Security and Access
Impossible to obtain perfect security; it is a process, not an

absolute
Security should be considered balance between protection and
availability
To achieve balance, level of security must allow reasonable
access, yet protect against threats
23
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Balancing Information security ans Access (cont.)
Figure 1-8 Balancing Information Security and Access

24
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz
When a computer is used as an active tool to conduct an

attack on another information asset, that computer is then
.
considered
Answer:
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz

.
considered
Answer: the subject of an attack
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz

.
considered
When a computer is the information asset that is being

.
attacked, it is considered
Answer:
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz

.
considered

.
Answer: the object of an attack
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz

.
considered

.
Ownership or control of information is called the characteristic

of
.
Answer:
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quiz

.
considered

.
Ownership or control of information is called the characteristic

of
.
Answer: possession
25
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Bottom-Up Approach Security can begin as a grassroots

effort when systems administrators attempt to improve the
security of their systems (seldom works)
26
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Bottom-Up Approach Security can begin as a grassroots

effort when systems administrators attempt to improve the
security of their systems (seldom works)
Top-Down Approach Initiated by upper management who
issue policy, procedures, and processes, dictate the goals and
expected outcomes of the project (usually works)
The most successful top-down approach also involves a formal
development strategy referred to as a systems development
life cycle (SDLC).
26
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Figure 1-9 Approaches to Information Security Implementation
27
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
If information has a state of being genuine or original and is

not a fabrication, it has the characteristic of
.
Answer:
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

.
Answer: authenticity
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

.
A formal approach to solving a problem based on a structured

sequence of procedures is called a(n)
.
Answer:
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

.

.
Answer: SDLC methodology
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

.

.
When projects are initiated at the highest levels of an

organization and then pushed to all levels, they are said to
follow a(n)
approach.
(a)
(b)
(c)
(d)
executive led
trickle down
top-down
bottom-up
Answer:
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

.

.
When projects are initiated at the highest levels of an

organization and then pushed to all levels, they are said to
follow a(n)
approach.
(a)
(b)
(c)
(d)
executive led
trickle down
top-down
bottom-up
Answer: (c)
28
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

Methodology and Phases
The Systems Development Life Cycle (SDLC) is a
methodology for design and implementation of information
system within an organization.
A Methodology is a formal approach to problem solving based
on a structured sequence of procedures. Using a methodology:
Ensures a rigorous process
Increases probability of success
29
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

Methodology and Phases
The Systems Development Life Cycle (SDLC) is a
methodology for design and implementation of information
system within an organization.
A Methodology is a formal approach to problem solving based
on a structured sequence of procedures. Using a methodology:
Ensures a rigorous process
Increases probability of success
Traditional SDLC consists of 6 general phases.
29
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Figure 1-10 SDLC Waterfall Methodology

30
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Investigation (Phase 1):

What problem is the system being developed to solve?
Objectives, constraints, and scope of project are specified
Preliminary cost-benefit analysis is developed
At the end, feasibility analysis is performed to assess
economic, technical, and behavioral feasibilities of the process
31
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

Analysis (phase 2)
Assessments of:
The organization
Current systems
Capability to support proposed systems
Analysts determine what new system is expected to do and

how it will interact with existing systems
Ends with documentation of findings and update of feasibility
analysis
32
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Logical Design (phase 3)

Main factor is business need
Applications capable of providing needed services are selected
Data support and structures capable of providing the needed

inputs are identified
Technologies to implement physical solution are determined
Feasibility analysis performed at the end
33
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Physical Design (phase 4)

Technologies to support the alternatives identified and
evaluated in the logical design are selected
Components evaluated on make-or-buy decision
Feasibility analysis performed
Entire solution presented to end-user representatives for
approval
34
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Implementation (phase 5)
Needed software created
Components ordered, received, and tested
Users trained and documentation created
Feasibility analysis prepared
Users presented with system for performance review and
acceptance test
35
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Maintenance and Changes (phase 6)

Longest and most expensive phase
Consists of tasks necessary to support and modify system for
remainder of its useful life
Life cycle continues until the process begins again from the
investigation phase
When current system can no longer support the organizations
mission, a new project is implemented
36
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
The Security Systems Development Life Cycle
The same phases used in traditional SDLC may be adapted to

support specialized implementation of an IS project
Identification of specific threats and creating controls to
counter them
SecSDLC is a coherent program rather than a series of
random, seemingly unconnected actions
37
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Investigation (phase 1)
Identifies process, outcomes, goals, and constraints of the
project
Begins with Enterprise Information Security Policy (EISP)
Organizational feasibility analysis is performed
38
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Analysis (phase 2)
Documents from investigation phase are studied
Analysis of existing security policies or programs, along with
documented current threats and associated controls
Includes analysis of relevant legal issues that could impact
design of the security solution
Risk management task begins
39
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Logical Design (phase 3)

Creates and develops blueprints for information security
Incident response actions planned:
Continuity planning
Incident response
Disaster recovery
Feasibility analysis to determine whether project should be

continued or outsourced
40
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Physical Design (phase 4)

Needed security technology is evaluated, alternatives are
generated, and final design is selected
At end of phase, feasibility study determines readiness of
organization for project
41
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Implementation (phase 5)
Security solutions are acquired, tested, implemented, and
tested again
Personnel issues evaluated; specific training and education
programs conducted
Entire tested package is presented to management for final
approval
42
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Maintenance and Change (phase 6)

Perhaps the most important phase, given the ever-changing
threat environment
Often, repairing damage and restoring information is a
constant duel with an unseen adversary
Information security profile of an organization requires
constant adaptation as new threats emerge and old threats
evolve
43
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
True or False: Information security programs that begin at a

grassroots level by system administrators to improve security
are often called a bottom-up approach.
Answer:
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: True
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: True
Which SecSDLC phase identifies information assets?

Answer:
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: True

Answer: Analysis
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: True

Answer: Analysis
Which SecSDLC phase keeps the security systems in a high

state of readiness?
Answer:
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz

Answer: True

Answer: Analysis
Which SecSDLC phase keeps the security systems in a high

state of readiness?
Answer: Maintenance and Change
44
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Wide range of professionals required to support a diverse

information security program
Senior management is key component
Additional administrative support and technical expertise are
required to implement details of IS program
45
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

Senior Management
Chief Information Officer (CIO)
Senior technology officer
Primarily responsible for advising senior executives on strategic
planning
Chief Information Security Officer (CISO)

Primarily responsible for assessment, management, and
implementation of IS in the organization
Usually reports directly to the CIO
46
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals

Information Security Project Team
A number of individuals who are experienced in one or more facets
of required technical and nontechnical areas:
Champion
Team leader
Security policy developers
Risk assessment specialists
Security professionals
Systems administrators
End users
47
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Data Responsibilities
Data owner: responsible for the security and use of a
particular set of information
Data custodian: responsible for storage, maintenance, and
protection of information
Data users: end users who work with information to perform
their daily jobs supporting the mission of the organization
48
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Communities of Interest
A community of interest is a group of individuals who are

united by similar interests or values within an organization and
who share a common goal of helping the organization to meet
its objectives.
Three community of interests that are most often
encountered, are
49
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Communities of Interest
A community of interest is a group of individuals who are

united by similar interests or values within an organization and
who share a common goal of helping the organization to meet
its objectives.
Three community of interests that are most often
encountered, are
1
2
3
Information security management and professionals

Information technology management and professionals
Organizational management and professionals
49
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
A senior executive who promotes an information security

project and ensures its support, both financially and
administratively, at the highest levels of the organization is
called a(n)
.
Answer:
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

called a(n)
.
Answer: champion
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

called a(n)
.
Answer: champion
Who is the person responsible for the security and use of a

particular set of information?
Answer:
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

called a(n)
.
Answer: champion

Answer: The data owner
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

called a(n)
.
Answer: champion

Who is the person responsible for the storage, maintenance,

and protection of the information?
Answer:
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

called a(n)
.
Answer: champion

Who is the person responsible for the storage, maintenance,

and protection of the information?
Answer: The data custodian
50
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Information security: Is it an Art or a Science?
Security as Art
No hard and fast rules nor many universally accepted
complete solutions
No manual for implementing security through entire system
51
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Information security: Is it an art or a Science?

Security as Science
Dealing with technology designed to operate at high levels of
performance
Specific conditions cause virtually all actions that occur in
computer systems
Nearly every fault, security hole, and systems malfunction are
a result of interaction of specific hardware and software
If developers had sufficient time, they could resolve and
eliminate these faults.
52
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Information security: Is it an art or a Science?
There is a third view: Security as a Social Science

Social science examines the behavior of individuals interacting
with systems
Security begins and ends with the people that interact with
the system
Security administrators can greatly reduce levels of risk caused
by end users, and create more acceptable and supportable
security profiles
53
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1
True or False: With the level of complexity in todays

information systems, the implementation of information
security has often been described as a combination of art and
technology.
Answer:
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

technology.
Answer: False
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

technology.
Answer: False
examines the behavior of individuals as they interact

with systems, whether societal systems or information
systems.
(a)
(b)
(c)
(d)
Community science
Social science
Societal science
Interaction management
Answer:
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Quick Quiz
1

technology.
Answer: False
examines the behavior of individuals as they interact

with systems, whether societal systems or information
systems.
(a)
(b)
(c)
(d)
Community science
Social science
Societal science
Interaction management
Answer: (b)
54
Introduction
What is Security?
Components
Approach
SDLC
SecSDLC
Professionals
Additional Resources
Internet Society Histories of the Internet

http://www.isoc.org/internet/history/brief.shtml
CNSS National Information Assurance Glossary

http://www.isoc.org/internet/history/brief.shtml
Microsoft Security Development Lifecycle

http://www.mocrosoft.com/security/sdl/
What is a Chief Security Officer

http://www.csoonline.com/article/221739/what-is-a-chiefsecurity-officer-
55

01 IntroToIS

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

01 IntroToIS

Încărcat de

Drepturi de autor:

Formate disponibile

Principles of Information Security

Chapter 1 Introduction to Information Security

School of Business, Department of Information Technology

Do not figure on opponents not attacking;

Chapter 1 Introduction to Information Security

Principles of Information Security

Define information security

Chapter 1 Introduction to Information Security

Principles of Information Security

Components of an Information System

Approaches to Information Security Implementation

The System Development Life Cycle (SDLC)

The Security System Development Life Cycle (SecSDLC)

Security Professionals and the Organization

Chapter 1 Introduction to Information Security

Principles of Information Security

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security (cont.)

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security (cont.)

Late 1970s Microprocessor expanded computing

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security (cont.)

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security (cont.)

Chapter 1 Introduction to Information Security

Principles of Information Security

The history of information security (cont.)

The 1990s Networks of computers became more common;

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Name three primary threats to security of computers.

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Name three primary threats to security of computers.

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Name three primary threats to security of computers.

Name two fundamental problems with ARPANET security?

Chapter 1 Introduction to Information Security

Principles of Information Security

What is computer security?

Name three primary threats to security of computers.

Name two fundamental problems with ARPANET security?

No safety for dial-up connections.

Chapter 1 Introduction to Information Security

Principles of Information Security