Initial Topics
-
Upload
danielle-pena -
Category
Documents
-
view
17 -
download
1
description
Transcript of Initial Topics
April 2010
Module 1
Module 01: 2
Introduction to Computer Securityand Information Assurance
Initial Topics• An introduction to
information assurance
• The threat environment
• Risk management• Personnel and
physical security
Module 01: 3
Introduction to Computer Securityand Information Assurance
Objectives• Recognize the impact of cyber security in
daily activities
• Recognize the evolution of information assurance over time
• Recognize the fundamental concepts of information assurance
Module 01: 4
Introduction to Computer Securityand Information Assurance
What If…• A major city lost its network for:
– E-mail– Law enforcement records– Payroll– Personnel records– Etc.
for a week or more?
• The sewage system for a major city was compromised?– Spills of raw sewage into a river, parks, and
near businesses and homes– Environmental impact to wildlife– Stench for residents– Large cleanup bill
• Railroad service was stopped – Freight and passenger– For a day or more– In 23 states
• An electric power plant was compromised?
• A nuclear power plant was compromised?• Access to the municipal network and its services were lost
• The sewer system was compromised
• Rail traffic was halted
• The power was shut down
• There were problems with a nuclear power plant
Module 01: 5
Introduction to Computer Securityand Information Assurance
Who / What Is At Risk?• Organizations:
– Transportation – Telecommunications– Medical – Utilities– Government – And more
• Devices:– Computers – Phones – Game systems– Cable TV – MP3 players – And more
Anyone connected to anyone else.
Module 01: 6
Introduction to Computer Securityand Information Assurance
A Brief History Of Information Assurance
• Not a new idea– Greeks circa 480 B.C.E.– Romans (Caesar 100-44 B.C.E.)
• Protect information / keep secret– Locks– Fences– Guards– Safes– Couriers
Photo by Adam Polselli
Module 01: 7
Introduction to Computer Securityand Information Assurance
Computers• Early
– Physical security concerns– Separate computer and
communication security– Information transfer by
physical means
• Multiuser systems– Accounts– Access controls– Remote access (modems)
SAGE computer
IBM 360Photos by tomspixels’ http://flickr.com/photos/tomspixels/
Module 01: 8
Introduction to Computer Securityand Information Assurance
Fundamental Concepts Of Information Assurance
• Confidentiality
• Integrity
• Availability
Module 01: 9
Introduction to Computer Securityand Information Assurance
Growth Of Networks• ARPANET• Development of
– TCP/IP– Other communication protocols
• Evaluating and developing secure systems– Rainbow Series– Common Criteria
Image courtesy DARPA
Module 01: 10
Introduction to Computer Securityand Information Assurance
Before The Internet• Bulletin Board Systems (BBSs)
– America Online, CompuServe, etc.– Usenet
• Need to share information– Tim Berners-Lee developed language to
permit sharing of data, including non-text data (HyperText Markup Language (HTML), based on Generalized Markup Language (GML))
– Browser development followed for graphical display of information
Module 01: 11
Introduction to Computer Securityand Information Assurance
The Internet• World Wide Web – name given to the
program by Tim Berners-Lee– Growth in number of servers– Platform independent (Windows, X Windows,
Mac)– Scripting to allow interaction from pages– Databases providing services through Web
interface
• As services grow, so do vulnerabilities• More systems connected for convenience
Module 01: 12
Introduction to Computer Securityand Information Assurance
0
100
200
300
400
500
600
700
800
900
1000
1100
1200
1300
1400
1500
1600
Dec-9
5
Jun-
96
Dec-9
6
Jun-
97
Dec-9
7
Jun-
98
Dec-9
8
Jun-
99
Dec-9
9
Jun-
00
Dec-0
0
Jun-
01
Dec-0
1
Jun-
02
Dec-0
2
Jun-
03
Dec-0
3
Jun-
04
Dec-0
4
Jun-
05
Dec-0
5
Jun-
06
Dec-0
6
Jun-
07
Dec-0
7
Jun-
08
Dec-0
8
Mill
ion
s o
f u
se
rs
Data from Internet World Stats, March 2, 2009http://www.internetworldstats.com/emarketing.htm
Internet GrowthWhere Are We Today?• Over 1.5 billion users on the Internet (12/2008)• 5,000 – 8,000 PB (PetaByte = 1015 bytes) of
Internet traffic per month worldwide (12/2008)• Traffic growth rate 50-60% per year (12/2008)• Who?
– Transportation – Telecommunications– Medical – Utilities– Government – Who else?
Module 01: 13
Introduction to Computer Securityand Information Assurance
• Information access not controlled by physical means alone– Trespassing– Eavesdropping– Alteration– Theft
The CIA triad in a cyber world.
New Information Assurance Concerns
Module 01: 14
Introduction to Computer Securityand Information Assurance
Where This Stuff Came From…• Real world issues caused by computers and
networks– Computers are everywhere, supporting daily life– Computers are connected together
• Information assurance from Greeks to today• Concepts of
– Confidentiality– Integrity– Availability