Learning Objectives
Upon
completion of this material, you should be able to:
Define
information security
Relate
the history of computer security and how it evolved into information security
Define
key terms and critical concepts of information security as presented in this
chapter
Discuss
the phases of the security systems development life cycle
Present
the roles of professionals involved in information security within an
organization.
Introduction
Information
security: a ―well-informed sense of assurance that the information risks and
controls are in balance.‖ — Jim Anderson, Inovant
(2002)
Necessary
to review the origins of this field and its impact on our understanding of
information security today.
The
1970s and 80s
ARPANET
grew in popularity as did its potential for misuse
Fundamental
problems with ARPANET security were identified
No
safety procedures for dial-up connections to ARPANET
Nonexistent
user identification and authorization to system
Late
1970s: microprocessor expanded computing capabilities and security threats
Information
security began with Rand Report R-609 (paper that started the study of
computer security)
Scope
of computer security grew from physical security to include:
Safety
of data
Limiting
unauthorized access to data
Involvement
of personnel from multiple levels of an organization
The 1990s
Networks
of computers became more common; so too did the need to interconnect
networks
Internet
became first manifestation of a global network of networks
In
early Internet deployments, security was treated as a low priority
The Present
The
Internet brings millions of computer networks into communication with each
other—
many of them unsecured
