Initial Topics
14
April 2010 Module 1
-
Upload
danielle-pena -
Category
Documents
-
view
17 -
download
1
description
Telecommunications and Network. Physical and Personnel. System. Application and Individual. Planning, Policies, and Procedures. Initial Topics. An introduction to information assurance The threat environment Risk management Personnel and physical security. Objectives. - PowerPoint PPT Presentation
Transcript of Initial Topics
April 2010
Module 1
Module 01: 2
Introduction to Computer Securityand Information Assurance
Initial Topics• An introduction to
information assurance
• The threat environment
• Risk management• Personnel and
physical security
Module 01: 3
Introduction to Computer Securityand Information Assurance
Objectives• Recognize the impact of cyber security in
daily activities
• Recognize the evolution of information assurance over time
• Recognize the fundamental concepts of information assurance
Module 01: 4
Introduction to Computer Securityand Information Assurance
What If…• A major city lost its network for:
– E-mail– Law enforcement records– Payroll– Personnel records– Etc.
for a week or more?
• The sewage system for a major city was compromised?– Spills of raw sewage into a river, parks, and
near businesses and homes– Environmental impact to wildlife– Stench for residents– Large cleanup bill
• Railroad service was stopped – Freight and passenger– For a day or more– In 23 states
• An electric power plant was compromised?
• A nuclear power plant was compromised?• Access to the municipal network and its services were lost
• The sewer system was compromised
• Rail traffic was halted
• The power was shut down
• There were problems with a nuclear power plant
Module 01: 5
Introduction to Computer Securityand Information Assurance
Who / What Is At Risk?• Organizations:
– Transportation – Telecommunications– Medical – Utilities– Government – And more
• Devices:– Computers – Phones – Game systems– Cable TV – MP3 players – And more
Anyone connected to anyone else.
Module 01: 6
Introduction to Computer Securityand Information Assurance
A Brief History Of Information Assurance
• Not a new idea– Greeks circa 480 B.C.E.– Romans (Caesar 100-44 B.C.E.)
• Protect information / keep secret– Locks– Fences– Guards– Safes– Couriers
Photo by Adam Polselli
Module 01: 7
Introduction to Computer Securityand Information Assurance
Computers• Early
– Physical security concerns– Separate computer and
communication security– Information transfer by
physical means
• Multiuser systems– Accounts– Access controls– Remote access (modems)
SAGE computer
IBM 360Photos by tomspixels’ http://flickr.com/photos/tomspixels/
Module 01: 8
Introduction to Computer Securityand Information Assurance
Fundamental Concepts Of Information Assurance
• Confidentiality
• Integrity
• Availability
Module 01: 9
Introduction to Computer Securityand Information Assurance
Growth Of Networks• ARPANET• Development of
– TCP/IP– Other communication protocols
• Evaluating and developing secure systems– Rainbow Series– Common Criteria
Image courtesy DARPA
Module 01: 10
Introduction to Computer Securityand Information Assurance
Before The Internet• Bulletin Board Systems (BBSs)
– America Online, CompuServe, etc.– Usenet
• Need to share information– Tim Berners-Lee developed language to
permit sharing of data, including non-text data (HyperText Markup Language (HTML), based on Generalized Markup Language (GML))
– Browser development followed for graphical display of information
Module 01: 11
Introduction to Computer Securityand Information Assurance
The Internet• World Wide Web – name given to the
program by Tim Berners-Lee– Growth in number of servers– Platform independent (Windows, X Windows,
Mac)– Scripting to allow interaction from pages– Databases providing services through Web
interface
• As services grow, so do vulnerabilities• More systems connected for convenience
Module 01: 12
Introduction to Computer Securityand Information Assurance
0
100
200
300
400
500
600
700
800
900
1000
1100
1200
1300
1400
1500
1600
Dec-9
5
Jun-
96
Dec-9
6
Jun-
97
Dec-9
7
Jun-
98
Dec-9
8
Jun-
99
Dec-9
9
Jun-
00
Dec-0
0
Jun-
01
Dec-0
1
Jun-
02
Dec-0
2
Jun-
03
Dec-0
3
Jun-
04
Dec-0
4
Jun-
05
Dec-0
5
Jun-
06
Dec-0
6
Jun-
07
Dec-0
7
Jun-
08
Dec-0
8
Mill
ion
s o
f u
se
rs
Data from Internet World Stats, March 2, 2009http://www.internetworldstats.com/emarketing.htm
Internet GrowthWhere Are We Today?• Over 1.5 billion users on the Internet (12/2008)• 5,000 – 8,000 PB (PetaByte = 1015 bytes) of
Internet traffic per month worldwide (12/2008)• Traffic growth rate 50-60% per year (12/2008)• Who?
– Transportation – Telecommunications– Medical – Utilities– Government – Who else?
Module 01: 13
Introduction to Computer Securityand Information Assurance
• Information access not controlled by physical means alone– Trespassing– Eavesdropping– Alteration– Theft
The CIA triad in a cyber world.
New Information Assurance Concerns
Module 01: 14
Introduction to Computer Securityand Information Assurance
Where This Stuff Came From…• Real world issues caused by computers and
networks– Computers are everywhere, supporting daily life– Computers are connected together
• Information assurance from Greeks to today• Concepts of
– Confidentiality– Integrity– Availability
