Please enable JavaScript.
Coggle requires JavaScript to display documents.
Introduction to Information Security - Coggle Diagram
Introduction to Information Security
Introduction
Information security is a "critical business capability that needs to be aligned with corporate expectations and culture that provides the leadership and insight to identify risks and implement effective controls".
Aligning information
security needs
with
business objectives
must be the top priority
History of IS
World War II
IS began with the concept of
computer security
(the need to secure the physical location of computer technology from outside threats)
Need for CS arose during
WWII
when first mainframe computers were developed to
aid computations for code breaking messages
from enemy cryptographic devices like Enigma.
Security was predominantly
physical
and simple document classification schemes
Threats included; physical theft of equipment, espionage against products of the systems, and sabotage
1960s
During The Cold War there was a need for a more effective way to
exchange military information
rather than the cumbersome process of mailing magnetic tapes between computer centres
The Department of Defence's Advanced Research Projects Agency
(ARPA)
began examining the feasibility of a redundant, networked communications system to support military information exchanges.
Dr Larry Roberts developed the
ARPANET project in 1968
with objectives to
develop networking
and
support resource sharing
1970s
1970s saw the birth of the microprocessor which brought the personal computer (PC). The PC became the workhorse of modern computing and the decentralisation of data processing systems which gave rise to networking
MULTICS
- the first operating system to integrate security into its core functions
The RAND Report R-609 signalled a
pivotal moment
in CS history - the scope of CS
expanded significantly
from the safety of physical locations and hardware to include; securing the data, limiting random and unauthorised access to data, involving personnel from multiple levels of the organisation in IS.
The
RAND Report R-609
was the first widely recognised published document to identify the role of management and policy issues in CS.
Security began to consider threats and vulnerabilities beyond the physical locations of computing devices
Increase in ARPANET usage saw increase in the potential for its misuse. There were a range of security issues giving hackers easy access to data.
1980s
1980s saw the development of TCP (the Transmission Control Protocol), IP (Internet Protocol), DNS (Domain Name System, and the first dial-up ISP (Internet Service Provider)
Mid 1980's saw the introduction of computer security in the legal sphere, with the US government passing several key pieces of legislation that formalised the recognition of computer security as a critical issue for federal IS
Computer Fraud and Abuse Act 1986
Computer Security Act of 1987