Ais7

avatar
Created by
Hannah Dezerie

Subdecks (2)

Cards (121)

  • The history of information security began immediately following the development of the first mainframes
  • Information security was developed for code-breaking computations during World War II
  • Multiple levels of security were implemented to defend against physical theft, espionage, and sabotage
  • In the 1960s, the Advanced Research Project Agency (ARPA) examined the feasibility of redundant networked communications
  • Larry Roberts developed ARPANET from its inception to link computers and enable resource sharing among 17 Computer Research Centers at a cost of 3.4M
  • ARPANET, the predecessor to the Internet, grew in popularity in the 1970s and 80s
  • The Rand Report R-609 initiated the study of computer security, expanding the scope to include the safety of data and limiting unauthorized access
  • MULTICS was an early focus of computer security research, leading to the creation of UNIX in the late 1970s
  • In the 1990s, networks of computers became more common, and the Internet emerged as a global network of networks with security treated as a low priority
  • From 2000 to the present, the growing threat of cyber attacks has increased the need for improved security as millions of computer networks communicate
  • Security is defined as the quality or state of being secure, with multiple layers of security including physical security, personal security, operations security, communications security, network security, and information security
  • Information security involves the protection of information and its critical elements, utilizing tools such as policy, awareness, training, education, and technology
  • Key information security concepts include access, asset, exposure, loss, exploit, attack, control, safeguard, countermeasure, hack, risk, security blueprint, security model, subjects and objects, threat agent, vulnerability, and critical characteristics of information
  • Critical characteristics of information include availability, accuracy, authenticity, confidentiality, integrity, and possession
  • Components of an Information System include software, hardware, data, people, procedures, and networks
  • Balancing information security and access is a process that involves finding a balance between protection and availability, recognizing that perfect security is impossible
  • Approaches to information security implementation include the bottom-up approach driven by systems administrators and the top-down approach initiated by upper management
  • Security professionals and the organization require a wide range of professionals, with senior management playing a key role, including the Chief Information Officer (CIO) and Chief Information Security Officer (CISO)
  • Data responsibilities include data owners responsible for security and use, data custodians responsible for storage and protection, and data users who work with information to support the organization's mission
  • Communities of Interest are groups of individuals within an organization united by similar interests and values, including information security management, information technology management, and organizational management
  • The Information Security Project Team consists of individuals experienced in technical and non-technical areas such as team leaders, security policy developers, risk assessment specialists, security professionals, systems administrators, and end users