Introduction & Fundamentals of Information Security
James Anderson, Vice President of Information Security at Inovant, the world's largest commercial processor of financial payment transactions, believes information security in today's enterprise is a "well-informed sense of assurance that the information risks and controls are in balance." He is not alone in his perspective. Many information security practitioners recognize that aligning information security needs with business objectives must be the top priority.
For this chapter, you will need to .....
- Read chapter 1 of Principles of Information Security
- Complete 2 quizes on this page
- Do case exercises 1 thru 3
- Complete Review questions 1 thru 20. Do either the odd or even numbers - your choice!
- Define information security
- Recount the history of computer security, and explain how it evolved into information security
- Define key terms and critical concepts of information security
- Enumerate the phases of the security systems development life cycle
- Describe the information security roles of professionals within an organization
- What does ARPA stand for?
- Which DoD report attempted to define the multiple control mechanisms necessary to the protection of a multilevel computer system?
- True or False: MULTICS is now an obsolete operating system designed for security objectives.
What is security?
· Personal security to protect the individual or group of individuals who are authorized to access the organization and its operations
· Operations security to protect the details of a particular operation or series of activities
· Communications security to protect an organization’s communications media, technology, and content
· Network security to protect networking components, connections, and contents
· Information security to protect information assets
Characteristics of Information
· Accuracy occurs when information is free from mistakes or errors and has the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
· Authenticity is the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
· Confidentiality is the quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
· Integrity is the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
· Utility is the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful.
· Possession is the quality or state of having ownership or control of some object or item. Information is said to be in one's possession if one obtains it, independent of format or other characteristics. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
- What security addresses the protection of individuals or groups authorized to access an organization?
- What security encompasses the protection of an organization's communications media, technology and content?
- Ownership or control of information is called a characteristic of ___________________
- True or False: If information has a state of being genuine or original and is not a fabrication, it has the characteristic of authenticity.
- The characteristic of information that deals with preventing disclosure is _______________________.