Tuesday, June 28, 2022

Principle of Information Security: Module 1 Introduction to Information Security (Part 2)

The 1960s

During the 1960s, the Department of Defense’s Advanced Research Projects Agency (ARPA) began examining the feasibility of a redundant networked communications system designed to support the military’s need to exchange information. Larry Roberts, known as the founder of the Internet, developed the project from its inception.

The ARPANET became more popular between the 1970s and 1980s. As people continue to use the ARPANET, the increase for potential misuse was also increasing. In 1973, Internet pioneer Robert M. Metcalfe identified fundamental problems with ARPANET security. As one of the creators of Ethernet, a dominant local area networking protocol, he know that individual remote sites did not have sufficient controls and safeguards to protect data from unauthorized remote users. Other problems abounded, including vulnerability of password structure and formats, lack of safety procedures for dial-up connections, and nonexistent user identification and authorizations.

Phone numbers were widely distributed and openly publicized on the walls of phone booths, giving hackers easy access to ARPANET. Because of the range of frequency of computer security violations and the explosion in the numbers of hosts and users on ARPANET, network security was commonly referred to as network insecurity.

RAND Report R-609 was the first widely recognized published document to identify the role of management and policy issues in computer security. It noted that the wide use of networking components in military information systems introduced security risks that could not be mitigated by the routine practice then used to secure these systems. If you turn your textbook to page 6, in figure dash 4, you will see an illustration of computer network vulnerabilities from the 1979 release of this document. This paper signaled a pivotal moment in computer security history, the scope of computer security expanded significantly from the safety of physical locations and hardware to include the following:

  • Securing the data.
  • Limiting random and unauthorized access to data.
  • Involving personnel from multiple levels of the organization in information security.


Much of the early research on computer security centered on a system called multiplexed information and computing service (MULTICS). Although it is now obsolete, MULTICS is noteworthy because it was the first operating system to integrate security into its core functions. It was a mainframe, time-sharing operating system developed in the mid-19 60s by a consortium of General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT).


Post a Comment