Introduction to Information Security

Introduction

Information security is a "critical business capability that needs to be aligned with corporate expectations and culture that provides the leadership and insight to identify risks and implement effective controls".

Aligning information security needs with business objectives must be the top priority

click to edit

History of IS

World War II

1960s

IS began with the concept of computer security (the need to secure the physical location of computer technology from outside threats)

Need for CS arose during WWII when first mainframe computers were developed to aid computations for code breaking messages from enemy cryptographic devices like Enigma.

Security was predominantly physical and simple document classification schemes

During The Cold War there was a need for a more effective way to exchange military information rather than the cumbersome process of mailing magnetic tapes between computer centres

Threats included; physical theft of equipment, espionage against products of the systems, and sabotage

The Department of Defence's Advanced Research Projects Agency (ARPA) began examining the feasibility of a redundant, networked communications system to support military information exchanges.

Dr Larry Roberts developed the ARPANET project in 1968 with objectives to develop networking and support resource sharing

1970s

1970s saw the birth of the microprocessor which brought the personal computer (PC). The PC became the workhorse of modern computing and the decentralisation of data processing systems which gave rise to networking

MULTICS - the first operating system to integrate security into its core functions

The RAND Report R-609 signalled a pivotal moment in CS history - the scope of CS expanded significantly from the safety of physical locations and hardware to include; securing the data, limiting random and unauthorised access to data, involving personnel from multiple levels of the organisation in IS.

The RAND Report R-609 was the first widely recognised published document to identify the role of management and policy issues in CS.

Security began to consider threats and vulnerabilities beyond the physical locations of computing devices

Increase in ARPANET usage saw increase in the potential for its misuse. There were a range of security issues giving hackers easy access to data.

1980s

1980s saw the development of TCP (the Transmission Control Protocol), IP (Internet Protocol), DNS (Domain Name System, and the first dial-up ISP (Internet Service Provider)

Mid 1980's saw the introduction of computer security in the legal sphere, with the US government passing several key pieces of legislation that formalised the recognition of computer security as a critical issue for federal IS

Computer Fraud and Abuse Act 1986

Computer Security Act of 1987

click to edit