Date post: | 08-Jul-2018 |
Category: |
Documents |
Upload: | puise-thitalampoon |
View: | 215 times |
Download: | 0 times |
of 24
8/19/2019 ch01_EDIT
1/56
ITE 420 Information Security
8/19/2019 ch01_EDIT
2/56
Principles of Information Security, 3rd Edition 2
Grading
Midterm: 30%
Final: 40%
Class attendance 10% exercises: 20%
8/19/2019 ch01_EDIT
3/56
Principles of Information Security, 3rd Edition 3
Define information security
Relate te istory of com!uter security and o" it
e#ol#ed into information security Define $ey terms and critical conce!ts of information
security as !resented in tis ca!ter
Discuss te !ases of te security systems
de#elo!ment life cycle
resent te roles of !rofessionals in#ol#ed in
information security "itin an organi&ation
'earning ()*ecti#es+!on com!letion of tis material, you sould )e a)le to:
8/19/2019 ch01_EDIT
4/56
Principles of Information Security, 3rd Edition 4
-ntroduction
-nformation security: a ."ell/informed sense of
assurance tat te information ris$s and controls are in
)alance im nderson, -no#ant 520026
7ecessary to re#ie" te origins of tis field and its
im!act on our understanding of information security
today
8/19/2019 ch01_EDIT
5/56
Principles of Information Security, 3rd Edition 5
8e 9istory of -nformation ecurity
;egan immediately after te first mainframes "ere
de#elo!ed
Grou!s de#elo!ing code/)rea$ing com!utations during
8/19/2019 ch01_EDIT
6/56
Principles of Information Security, 3rd Edition 6
Figure 1/1 = 8e >nigma
8/19/2019 ch01_EDIT
7/56Principles of Information Security, 3rd Edition 7
8e 1?@0s
d#anced Researc ro*ect gency 5R6 )egan to
examine feasi)ility of redundant net"or$ed
communications
'arry Ro)erts de#elo!ed R7>8 from its ince!tion
8/19/2019 ch01_EDIT
8/56Principles of Information Security, 3rd Edition 8
Figure 1/2 / R7>8
8/19/2019 ch01_EDIT
9/56Principles of Information Security, 3rd Edition 9
8e 1?A0s and B0s
R7>8 gre" in !o!ularity as did its !otential for misuse
Fundamental !ro)lems "it R7>8 security "ere
identified
7o safety !rocedures for dial/u! connections to R7>8
7onexistent user identification and autori&ation to system
'ate 1?A0s: micro!rocessor ex!anded com!utingca!a)ilities and security treats
8/19/2019 ch01_EDIT
10/56Principles of Information Security, 3rd Edition 1
8e 1?A0s and B0s 5continued6
-nformation security )egan "it Rand Re!ort R/@0? 5!a!er
tat started te study of com!uter security6
co!e of com!uter security gre" from !ysical security to
include:
afety of data
'imiting unautori&ed access to data
-n#ol#ement of !ersonnel from multi!le le#els of an
organi&ation
8/19/2019 ch01_EDIT
11/56Principles of Information Security, 3rd Edition 11
M+'8-C
>arly focus of com!uter security researc "as a system
called Multi!lexed -nformation and Com!uting er#ice
5M+'8-C6
First o!erating system created "it security as its !rimarygoal
Mainframe, time/saring ( de#elo!ed in mid/1?@0s )y
General >lectric 5G>6, ;ell 'a)s, and Massacusetts
-nstitute of 8ecnology 5M-86
e#eral M+'8-C $ey !layers created +7-
rimary !ur!ose of +7- "as text !rocessing
8/19/2019 ch01_EDIT
12/56Principles of Information Security, 3rd Edition 12
8e 1??0s
7et"or$s of com!uters )ecame more common so too
did te need to interconnect net"or$s
-nternet )ecame first manifestation of a glo)al net"or$ ofnet"or$s
-n early -nternet de!loyments, security "as treated as a
lo" !riority
8/19/2019 ch01_EDIT
13/56Principles of Information Security, 3rd Edition 13
8e resent
8e -nternet )rings millions of com!uter net"or$s into
communication "it eac otermany of tem
unsecured
)ility to secure a com!uterEs data influenced )y te
security of e#ery com!uter to "ic it is connected
8/19/2019 ch01_EDIT
14/56Principles of Information Security, 3rd Edition 14
8/19/2019 ch01_EDIT
15/56Principles of Information Security, 3rd Edition 15
8/19/2019 ch01_EDIT
16/56Principles of Information Security, 3rd Edition 16
8/19/2019 ch01_EDIT
17/56
ประว ต ของการร กษาความปลอดภ ย
ysical ecurity/ ข อมลท ส าค ญก อย ในรปแ
ว ต!"#$ นก น
/ Hno"ledge is !o"er/ ภ ยอ นตราย%ะอย ในรปแทาง
กายภา&ท งส น
Communicationecurity
/ &ข อก&ร องในย"ค%#ล ยส' ' าร (
/
ค ดค นกลว) ' อน*ร +อการ#ข าร* สข อมล/ >nigma
/ การส + อสารด านการท*าร
/ ข อความท ,ม ใ$ แค ต วอ กษร/ (ne time !ad
Principles of Information Security, 3rd Edition 17
8/19/2019 ch01_EDIT
18/56
ประว ต ของการร กษาความปลอดภ ย
>missions ecurity/ อ านส ญญาน,-- าท ส ง. านสาย
/ทร0 &ท (
/ 8em!est
Com!uter ecurity/ น าคอม& ว#ตอร (#ข ามางานแทน
#คร + องส ง/ทรสาร
/ แม แส า*ร การร กษาความปลอดภ ย/ 8C>C
D Minimal !rotection
C1 Discretionary ecurity rotection
C2 Controlled ccess rotection
;1 'a)eled ecurity rotection
;2 tructured rotection
;3 ecurity Domains
1 Ierified Design
Principles of Information Security, 3rd Edition 18
8/19/2019 ch01_EDIT
19/56
ประว ต ของการร กษาความปลอดภ ย
7et"or$ ecurity/
8/19/2019 ch01_EDIT
20/56Principles of Information Security, 3rd Edition 2
Critical Caracteristics of -nformation
8e #alue of information comes from te caracteristics it!ossesses:
#aila)ility
Confidentiality
-ntegrity
8/19/2019 ch01_EDIT
21/56Principles of Information Security, 3rd Edition 21
*ล กการ#ก ยวก การร กษาความปลอดภ ยข อมล
ri#acy -dentification
utentication
utori&ation ccounta)ility
8/19/2019 ch01_EDIT
22/56
Principles of Information Security, 3rd Edition 22
Com!onents of an -nformation ystem
-nformation system 5-6 is entire set of soft"are,
ard"are, data, !eo!le, !rocedures, and net"or$s
necessary to use information as a resource in te
organi&ation
8/19/2019 ch01_EDIT
23/56
Principles of Information Security, 3rd Edition 23
ecuring Com!onents
Com!uter can )e su)*ect of an attac$ andJor te o)*ect
of an attac$
8/19/2019 ch01_EDIT
24/56
Principles of Information Security, 3rd Edition 24
!!roaces to -nformation ecurity
-m!lementation: ;ottom/+! !!roac
Grassroots effort: systems administrators attem!t to
im!ro#e security of teir systems
Hey ad#antage: tecnical ex!ertise of indi#idual
administrators
eldom "or$s, as it lac$s a num)er of critical features:
artici!ant su!!ort
(rgani&ational staying !o"er
8/19/2019 ch01_EDIT
25/56
Principles of Information Security, 3rd Edition 25
!!roaces to -nformation ecurity
-m!lementation: 8o!/Do"n !!roac
-nitiated )y u!!er management
-ssue !olicy, !rocedures, and !rocesses
Dictate goals and ex!ected outcomes of !ro*ect
Determine accounta)ility for eac reuired action
8e most successful also in#ol#e formal de#elo!mentstrategy referred to as systems de#elo!ment life cycle
8/19/2019 ch01_EDIT
26/56
Principles of Information Security, 3rd Edition 26
8/19/2019 ch01_EDIT
27/56
Principles of Information Security, 3rd Edition 27
8e ystems De#elo!ment 'ife Cycle
ystems De#elo!ment 'ife Cycle 5D'C6 is metodology for
design and im!lementation of information system "itin anorgani&ation
Metodology is formal a!!roac to !ro)lem sol#ing )ased
on structured seuence of !rocedures +sing a metodology:
>nsures a rigorous !rocess
#oids missing ste!s
Goal is creating a com!reensi#e security !ostureJ!rogram
8raditional D'C consists of six general !ases
8/19/2019 ch01_EDIT
28/56
Principles of Information Security, 3rd Edition 28
8/19/2019 ch01_EDIT
29/56
Principles of Information Security, 3rd Edition 29
-n#estigation
8/19/2019 ch01_EDIT
30/56
Principles of Information Security, 3rd Edition 3
nalysis
Consists of assessments of te organi&ation, status of
current systems, and ca!a)ility to su!!ort !ro!osed
systems
nalysts determine "at ne" system is ex!ected to do
and o" it "ill interact "it existing systems
>nds "it documentation of findings and u!date of
feasi)ility analysis
8/19/2019 ch01_EDIT
31/56
Principles of Information Security, 3rd Edition 31
'ogical Design
Main factor is )usiness need a!!lications ca!a)le of!ro#iding needed ser#ices are selected
Data su!!ort and structures ca!a)le of !ro#iding te
needed in!uts are identified
8ecnologies to im!lement !ysical solution aredetermined
Feasi)ility analysis !erformed at te end
8/19/2019 ch01_EDIT
32/56
Principles of Information Security, 3rd Edition 32
ysical Design
8ecnologies to su!!ort te alternati#es identified and
e#aluated in te logical design are selected
Com!onents e#aluated on ma$e/or/)uy decision
Feasi)ility analysis !erformed entire solution !resented
to end/user re!resentati#es for a!!ro#al
8/19/2019 ch01_EDIT
33/56
Principles of Information Security, 3rd Edition 33
-m!lementation
7eeded soft"are created com!onents ordered, recei#ed,
assem)led, and tested
+sers trained and documentation created
Feasi)ility analysis !re!ared users !resented "it
system for !erformance re#ie" and acce!tance test
8/19/2019 ch01_EDIT
34/56
Principles of Information Security, 3rd Edition 34
Maintenance and Cange
Consists of tas$s necessary to su!!ort and modify
system for remainder of its useful life
'ife cycle continues until te !rocess )egins again fromte in#estigation !ase
8/19/2019 ch01_EDIT
35/56
Principles of Information Security, 3rd Edition 35
Hey 8erms -8>420K$eytermsK-D
ccess
sset
ttac$
Control, afeguard, orCountermeasure
>x!loit
>x!osure
9ac$
()*ect
Ris$
ecurity ;lue!rint ecurity Model
ecurity osture or
ecurity rofile u)*ect
8reats
8reat gent Iulnera)ility
8/19/2019 ch01_EDIT
36/56
Principles of Information Security, 3rd Edition 36
ummary
-nformation security is a ."ell/informed sense ofassurance tat te information ris$s and controls are in)alance
Com!uter security )egan immediately after firstmainframes "ere de#elo!ed
uccessful organi&ations a#e multi!le layers of securityin !lace: !ysical, !ersonal, o!erations, communications,net"or$, and information
8/19/2019 ch01_EDIT
37/56
Principles of Information Security, 3rd Edition 37
ummary 5continued6
ecurity sould )e considered a )alance )et"een
!rotection and a#aila)ility
-nformation security must )e managed similarly to anyma*or system im!lemented in an organi&ation using a
metodology li$e ecD'C
-m!lementation of information security often descri)ed asa com)ination of art and science
8/19/2019 ch01_EDIT
38/56
ภ ยค"กคาม58reat6
Principles of Information Security, 3rd Edition 38
8/19/2019 ch01_EDIT
39/56
ภ ยค"กคาม58reat6
Principles of Information Security, 3rd Edition 39
8/19/2019 ch01_EDIT
40/56
การสอดแนม5noo!ing6
Principles of Information Security, 3rd Edition 4
8/19/2019 ch01_EDIT
41/56
ท า,ม!2งสอดแนม,ด
Principles of Information Security, 3rd Edition 41
8/19/2019 ch01_EDIT
42/56
การ#ปล ยนแปลงข อมล5Modification6
Principles of Information Security, 3rd Edition 42
8/19/2019 ch01_EDIT
43/56
การปลอมต ว5!oofing6
Principles of Information Security, 3rd Edition 43
การปฏเสธการใหบรการ (Denial
8/19/2019 ch01_EDIT
44/56
การปฏเสธการให บร การ (Denialof Service)
Principles of Information Security, 3rd Edition 44
การปฏเสธแหลงทมา
8/19/2019 ch01_EDIT
45/56
การปฏเสธแหล งท มา (Repudiation of Origin)
Principles of Information Security, 3rd Edition 45
การปฏเสธการไดรบ(Repudiation
8/19/2019 ch01_EDIT
46/56
การปฏเสธการได ร บ (Repudiationof Receipt)
Principles of Information Security, 3rd Edition 46
8/19/2019 ch01_EDIT
47/56
การหน วงเวลา (Delay)
Principles of Information Security, 3rd Edition 47
8/19/2019 ch01_EDIT
48/56
ไวร ส เวร ม และโทรจ นฮอร ส
Principles of Information Security, 3rd Edition 48
8/19/2019 ch01_EDIT
49/56
เร ! องม ! อส " าหร บร ก#าวาม ปลอด$ %
Principles of Information Security, 3rd Edition 49
8/19/2019 ch01_EDIT
50/56
Principles of Information Security, 3rd Edition 5
8/19/2019 ch01_EDIT
51/56
Principles of Information Security, 3rd Edition 51
8/19/2019 ch01_EDIT
52/56
Principles of Information Security, 3rd Edition 52
8/19/2019 ch01_EDIT
53/56
Principles of Information Security, 3rd Edition 53
8/19/2019 ch01_EDIT
54/56
Principles of Information Security, 3rd Edition 54
8/19/2019 ch01_EDIT
55/56
Principles of Information Security, 3rd Edition 55
1
8/19/2019 ch01_EDIT
56/56
ค า!ามททวนทท 11 >nigma #ป น#คร+ องม+อส า*ร ท าอะ,ร ค ดค น/ดยประ#ท0อะ,ร ใ$ ใน$ วง,*น และมข อ
ก&ร องในการใ$ งานอย าง,ร2 (range ;oo$ ค +ออะ,ร และม ป ญ*า#ก ยวก การน า,ปใ$ อย าง,ร
3 C- ย อมมา%ากอะ,ร อ) ายความส าค ญและความ*มายของแต ละส วน
4 %งว#คราะ* (ว าการ/%มต แต ละรปแว าท ม .ลกระท/ดยตรงก C- ด านใด าง
L %งว#คราะ* (และประ#ม นว าแน ว/น มการ/%มต ในอนาคต%ะ#ป นอย าง,ร
@ การ#ข าร* สข อมล#ป นการปกป องค"3สม ต ของความปลอด! ยข อมลด านใดและสามาร!ป องก นการ/%มต แใด,ด าง
A อ)ายข อแตกต างระ*ว าง,วร ส /ทร% น และ#วร (ม
B อ) ายข อแตกต างระ*ว างการ#ข าร* สข อมลและการ' อน&รางข อมล
? การใ$ ร* ส ass"ord % ดอย ในการ& ส%น
(ทราต วตนแใด
10 อ) ายข อแตกต างระ*ว างการ#ข าร* ส ymmetric $ey encry!tion และ u)lic $eyencry!tion
-8>420Kc1K-D