IAS

avatar
Created by
Llorente, Jose

Subdecks (1)

Cards (58)

  • Computer security
    Began immediately after the first mainframes were developed
  • Groups developing code-breaking computations during World War II
    Created the first modern computers
  • Physical controls

    • Were needed to limit access to authorized personnel to sensitive military locations
    • Only rudimentary controls were available to defend against physical theft, espionage, and sabotage
  • Enigma machine

    A famous encryption machine used by the Germans during WWII to transmit coded messages
  • Department of Defense's Advanced Research Project Agency (ARPA) began examining the feasibility of a redundant networked communications

    1960s
  • Larry Roberts

    Developed the ARPANET project from its inception
  • ARPANET in the 1970s and 80s

    1. Grew in popularity as did its potential for misuse
    2. Fundamental problems with ARPANET security were identified
    3. No safety procedures for dial-up connections to the ARPANET
    4. User identification and authorization to the system were non-existent
  • In the late 1970s the microprocessor expanded computing capabilities and security threats
  • Networks of computers in the 1990s

    1. Became more common, so too did the need to interconnect the networks
    2. Resulted in the Internet, the first manifestation of a global network of networks
    3. In early Internet deployments, security was treated as a low priority
  • The Internet has brought millions of computer networks into communication with each other – many of them unsecured
  • Ability to secure each now influenced by the security on every computer to which it is connected
  • Security
    • The quality or state of being secure--to be free from danger
    • To be protected from adversaries
  • Layers of security in a successful organization

    • Physical security
    • Personal security
    • Operations security
    • Communications security
    • Network security
  • Information security

    The protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information
  • Tools necessary for information security

    • Policy
    • Awareness
    • Training
    • Education
    • Technology
  • C.I.A. triangle

    A model designed to guide policies for information security within an organization, based on confidentiality, integrity, and availability
  • 12 Principles of Information Security

    • Principle 1: There is No Such Thing as Absolute Security
    • Principle 2: The Three Security Goals are Confidentiality, Integrity, and Availability
    • Principle 3: Defense in Depth as Strategy
    • Principle 4: When Left on Their Own, People Tend to Make the Worst Security Decisions
    • Principle 5: Computer Security Depends on Two Types of Requirements: Functional and Assurance
    • Principle 6: Security through Obscurity in Not an Answer
    • Principle 7: Security = Risk Management
    • Principle 8: The Three Types of Security Controls Are Preventative, Detective, and Responsive
    • Principle 9: Complexity is the Enemy of Security
    • Principle 10: Fear, Uncertainty, and Doubt Do Not Work in Selling Security
    • Principle 11: People, Process, and Technology Are All Needed to Adequately Secure a System or Facility
    • Principle 12: Open Disclosure of Vulnerabilities Is Good for Security!