Tuesday, June 28, 2022

Principle of Information Security: Module 1 Introduction to Information Security (Part 1)

Welcome to module one, introduction to information security.

  • By the end of this chapter, you will be able to define what is information security.

  • Discuss the history of computer security and explain how it evolved into information security.

  • Be able to define some key terms and critical concepts of information security.

  • And describe the information security roles of professionals within an organization. 


  • Every company, and organization that does business using computers and network will have some kind of information they want to protect.

  • All organizations have a responsibility to their stakeholders to protect the information they've obtained from their customers, employees and investors.

  • Protecting the information is important. However, their are not enough security professionals to go around, that is why, when it comes to information security, it is everyone's responsibility, and if you are not part of the solution, you're part of the problem.

  • Computer security began when mainframes were developed.

  • During World War two, there were groups of people that develop code breaking computation, also known as the first modern computers.

  • During the development of the first modern computers, multiple levels of security were implemented to protect these devices.

  • Physical controls were implemented to limit access to sensitive military locations to authorized personnel.

  • During World War two, physical security was the main security control people placed on system to prevent theft, espionage against products of the system, and sabotage because computers back in those days were not connected to the internet like it is today. 

The enigma machine is a cipher device developed and used in the early to mid 20th century to protect commercial, diplomatic, and military communication. The picture above shows the earlier version of the German code Enigma machine, which was first broken by the Polish Cipher Bureau in the 1930s, with the collaboration of the French secret service and the British government. The British and Americans managed to break later, more complex versions during World War two.

Key Dates in Information Security

1968, Maurice Wilkes discusses password security in Time-Sharing Computer Systems.

1970, Willis H. Ware authors the report "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security-RAND Report R-609," which was not declassified until 1979. It became known as the seminal work identifying the need for computer security.

1973, Schell, Downey, and Popek examine the need for additional security in military systems in Preliminary Notes on the Design of Secure Military Computer Systems.

1975, The Federal Information Processing Standards (FIPS) examines DES (Digital Encryption Standard) in the Federal Register.

1978, Bisbey and Hollingworth publish their study “Protection Analysis: Final Report," which discussed the Protection Analysis project created by ARPA to better understand the vulnerabilities of operating system security and examine the possibility of automated vulnerability detection techniques in existing system software.

1979, Morris and Thompson author “Password Security: A Case History," published in the Communications of the Association for Computing Machinery (ACM). The paper examined the design history of a password security scheme on a remotely accessed, time-sharing system. Dennis Ritchie publishes “On the Security of UNIX" and "Protection of Data File Contents," which discussed secure user IDs, secure group IDs, and the problems inherent in the systems.

1982, The U.S. Department of Defense Computer Security Evaluation Center publishes the first version of the Trusted Computer Security (TCSEC) documents, which came to be known as the Rainbow Series.

1984, Grampp and Morris write “The UNIX System: UNIX Operating System Security." In this report, the authors examined four "important handles to computer security": physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security.

Reeds and Weinberger publish “File Security and the UNIX System Crypt Command." Their premise was: “No technique can be secure against wiretapping or its equivalent on the computer. Therefore, no technique can be secure against the system administrator or other privileged users . . . the naive user has no chance.“

1992, Researchers for the Internet Engineering Task Force, working at the Naval Research Laboratory, develop the Simple Internet Protocol Plus (SIPP) Security protocols, creating what is now known as IPSEC security.


Post a Comment