+ All Categories
Home > Documents > ch01_EDIT

ch01_EDIT

Date post: 08-Jul-2018
Category:
Upload: puise-thitalampoon
View: 215 times
Download: 0 times
Share this document with a friend

of 24

Transcript
  • 8/19/2019 ch01_EDIT

    1/56

    ITE 420 Information Security

  • 8/19/2019 ch01_EDIT

    2/56

    Principles of Information Security, 3rd Edition 2

    Grading

    Midterm: 30%

    Final: 40%

    Class attendance 10% exercises: 20%

  • 8/19/2019 ch01_EDIT

    3/56

    Principles of Information Security, 3rd Edition 3

    Define information security

    Relate te istory of com!uter security and o" it

    e#ol#ed into information security Define $ey terms and critical conce!ts of information

    security as !resented in tis ca!ter

    Discuss te !ases of te security systems

    de#elo!ment life cycle

    resent te roles of !rofessionals in#ol#ed in

    information security "itin an organi&ation

    'earning ()*ecti#es+!on com!letion of tis material, you sould )e a)le to:

  • 8/19/2019 ch01_EDIT

    4/56

    Principles of Information Security, 3rd Edition 4

    -ntroduction

    -nformation security: a ."ell/informed sense of

    assurance tat te information ris$s and controls are in

    )alance im nderson, -no#ant 520026

    7ecessary to re#ie" te origins of tis field and its

    im!act on our understanding of information security

    today

  • 8/19/2019 ch01_EDIT

    5/56

    Principles of Information Security, 3rd Edition 5

    8e 9istory of -nformation ecurity

    ;egan immediately after te first mainframes "ere

    de#elo!ed

    Grou!s de#elo!ing code/)rea$ing com!utations during

  • 8/19/2019 ch01_EDIT

    6/56

    Principles of Information Security, 3rd Edition 6

    Figure 1/1 = 8e >nigma

  • 8/19/2019 ch01_EDIT

    7/56Principles of Information Security, 3rd Edition 7

    8e 1?@0s

    d#anced Researc ro*ect gency 5R6 )egan to

    examine feasi)ility of redundant net"or$ed

    communications

    'arry Ro)erts de#elo!ed R7>8 from its ince!tion

  • 8/19/2019 ch01_EDIT

    8/56Principles of Information Security, 3rd Edition 8

    Figure 1/2 / R7>8

  • 8/19/2019 ch01_EDIT

    9/56Principles of Information Security, 3rd Edition 9

    8e 1?A0s and B0s

    R7>8 gre" in !o!ularity as did its !otential for misuse

    Fundamental !ro)lems "it R7>8 security "ere

    identified

    7o safety !rocedures for dial/u! connections to R7>8

    7onexistent user identification and autori&ation to system

    'ate 1?A0s: micro!rocessor ex!anded com!utingca!a)ilities and security treats

  • 8/19/2019 ch01_EDIT

    10/56Principles of Information Security, 3rd Edition 1

    8e 1?A0s and B0s 5continued6

    -nformation security )egan "it Rand Re!ort R/@0? 5!a!er

    tat started te study of com!uter security6

    co!e of com!uter security gre" from !ysical security to

    include:

    afety of data

    'imiting unautori&ed access to data

    -n#ol#ement of !ersonnel from multi!le le#els of an

    organi&ation

  • 8/19/2019 ch01_EDIT

    11/56Principles of Information Security, 3rd Edition 11

    M+'8-C

    >arly focus of com!uter security researc "as a system

    called Multi!lexed -nformation and Com!uting er#ice

    5M+'8-C6

    First o!erating system created "it security as its !rimarygoal

    Mainframe, time/saring ( de#elo!ed in mid/1?@0s )y

    General >lectric 5G>6, ;ell 'a)s, and Massacusetts

    -nstitute of 8ecnology 5M-86

    e#eral M+'8-C $ey !layers created +7-

    rimary !ur!ose of +7- "as text !rocessing

  • 8/19/2019 ch01_EDIT

    12/56Principles of Information Security, 3rd Edition 12

    8e 1??0s

    7et"or$s of com!uters )ecame more common so too

    did te need to interconnect net"or$s

    -nternet )ecame first manifestation of a glo)al net"or$ ofnet"or$s

    -n early -nternet de!loyments, security "as treated as a

    lo" !riority

  • 8/19/2019 ch01_EDIT

    13/56Principles of Information Security, 3rd Edition 13

    8e resent

    8e -nternet )rings millions of com!uter net"or$s into

    communication "it eac otermany of tem

    unsecured

    )ility to secure a com!uterEs data influenced )y te

    security of e#ery com!uter to "ic it is connected

  • 8/19/2019 ch01_EDIT

    14/56Principles of Information Security, 3rd Edition 14

  • 8/19/2019 ch01_EDIT

    15/56Principles of Information Security, 3rd Edition 15

  • 8/19/2019 ch01_EDIT

    16/56Principles of Information Security, 3rd Edition 16

  • 8/19/2019 ch01_EDIT

    17/56

    ประว ต  ของการร กษาความปลอดภ ย

    ysical ecurity/   ข  อมลท   ส าค ญก  อย ในรปแ

    ว ต!"#$ นก น

    / Hno"ledge is !o"er/   ภ ยอ นตราย%ะอย ในรปแทาง

    กายภา&ท   งส    น

    Communicationecurity

    /   &ข  อก&ร องในย"ค%#ล  ยส'  ' าร  (

    ค  ดค  นกลว)   ' อน*ร  +อการ#ข  าร* สข  อมล/ >nigma

    /   การส  + อสารด  านการท*าร

    /   ข  อความท  ,ม ใ$ แค ต วอ กษร/ (ne time !ad

    Principles of Information Security, 3rd Edition 17

  • 8/19/2019 ch01_EDIT

    18/56

    ประว ต  ของการร กษาความปลอดภ ย

    >missions ecurity/   อ านส ญญาน,--   าท   ส ง. านสาย

    /ทร0 &ท  (

    / 8em!est

    Com!uter ecurity/   น าคอม&  ว#ตอร  (#ข  ามางานแทน

    #คร  + องส ง/ทรสาร

    /   แม แส า*ร การร กษาความปลอดภ ย/ 8C>C

    D Minimal !rotection

    C1 Discretionary ecurity rotection

    C2 Controlled ccess rotection

    ;1 'a)eled ecurity rotection

    ;2 tructured rotection

    ;3 ecurity Domains

    1 Ierified Design

    Principles of Information Security, 3rd Edition 18

  • 8/19/2019 ch01_EDIT

    19/56

    ประว ต  ของการร กษาความปลอดภ ย

    7et"or$ ecurity/

  • 8/19/2019 ch01_EDIT

    20/56Principles of Information Security, 3rd Edition 2

    Critical Caracteristics of -nformation

    8e #alue of information comes from te caracteristics it!ossesses:

    #aila)ility

    Confidentiality

    -ntegrity

  • 8/19/2019 ch01_EDIT

    21/56Principles of Information Security, 3rd Edition 21

    *ล กการ#ก   ยวก การร กษาความปลอดภ ยข  อมล

    ri#acy -dentification

    utentication

    utori&ation ccounta)ility

  • 8/19/2019 ch01_EDIT

    22/56

    Principles of Information Security, 3rd Edition 22

    Com!onents of an -nformation ystem

    -nformation system 5-6 is entire set of soft"are,

    ard"are, data, !eo!le, !rocedures, and net"or$s

    necessary to use information as a resource in te

    organi&ation

  • 8/19/2019 ch01_EDIT

    23/56

    Principles of Information Security, 3rd Edition 23

    ecuring Com!onents

    Com!uter can )e su)*ect of an attac$ andJor te o)*ect

    of an attac$

  • 8/19/2019 ch01_EDIT

    24/56

    Principles of Information Security, 3rd Edition 24

    !!roaces to -nformation ecurity

    -m!lementation: ;ottom/+! !!roac

    Grassroots effort: systems administrators attem!t to

    im!ro#e security of teir systems

    Hey ad#antage: tecnical ex!ertise of indi#idual

    administrators

    eldom "or$s, as it lac$s a num)er of critical features:

    artici!ant su!!ort

    (rgani&ational staying !o"er

  • 8/19/2019 ch01_EDIT

    25/56

    Principles of Information Security, 3rd Edition 25

    !!roaces to -nformation ecurity

    -m!lementation: 8o!/Do"n !!roac

    -nitiated )y u!!er management

    -ssue !olicy, !rocedures, and !rocesses

    Dictate goals and ex!ected outcomes of !ro*ect

    Determine accounta)ility for eac reuired action

    8e most successful also in#ol#e formal de#elo!mentstrategy referred to as systems de#elo!ment life cycle

  • 8/19/2019 ch01_EDIT

    26/56

    Principles of Information Security, 3rd Edition 26

  • 8/19/2019 ch01_EDIT

    27/56

    Principles of Information Security, 3rd Edition 27

    8e ystems De#elo!ment 'ife Cycle

    ystems De#elo!ment 'ife Cycle 5D'C6 is metodology for

    design and im!lementation of information system "itin anorgani&ation

    Metodology is formal a!!roac to !ro)lem sol#ing )ased

    on structured seuence of !rocedures +sing a metodology:

    >nsures a rigorous !rocess

    #oids missing ste!s

    Goal is creating a com!reensi#e security !ostureJ!rogram

    8raditional D'C consists of six general !ases

  • 8/19/2019 ch01_EDIT

    28/56

    Principles of Information Security, 3rd Edition 28

  • 8/19/2019 ch01_EDIT

    29/56

    Principles of Information Security, 3rd Edition 29

    -n#estigation

  • 8/19/2019 ch01_EDIT

    30/56

    Principles of Information Security, 3rd Edition 3

    nalysis

    Consists of assessments of te organi&ation, status of

    current systems, and ca!a)ility to su!!ort !ro!osed

    systems

    nalysts determine "at ne" system is ex!ected to do

    and o" it "ill interact "it existing systems

    >nds "it documentation of findings and u!date of

    feasi)ility analysis

  • 8/19/2019 ch01_EDIT

    31/56

    Principles of Information Security, 3rd Edition 31

    'ogical Design

    Main factor is )usiness need a!!lications ca!a)le of!ro#iding needed ser#ices are selected

    Data su!!ort and structures ca!a)le of !ro#iding te

    needed in!uts are identified

    8ecnologies to im!lement !ysical solution aredetermined

    Feasi)ility analysis !erformed at te end

  • 8/19/2019 ch01_EDIT

    32/56

    Principles of Information Security, 3rd Edition 32

    ysical Design

    8ecnologies to su!!ort te alternati#es identified and

    e#aluated in te logical design are selected

    Com!onents e#aluated on ma$e/or/)uy decision

    Feasi)ility analysis !erformed entire solution !resented

    to end/user re!resentati#es for a!!ro#al

  • 8/19/2019 ch01_EDIT

    33/56

    Principles of Information Security, 3rd Edition 33

    -m!lementation

    7eeded soft"are created com!onents ordered, recei#ed,

    assem)led, and tested

    +sers trained and documentation created

    Feasi)ility analysis !re!ared users !resented "it

    system for !erformance re#ie" and acce!tance test

  • 8/19/2019 ch01_EDIT

    34/56

    Principles of Information Security, 3rd Edition 34

    Maintenance and Cange

    Consists of tas$s necessary to su!!ort and modify

    system for remainder of its useful life

    'ife cycle continues until te !rocess )egins again fromte in#estigation !ase

  • 8/19/2019 ch01_EDIT

    35/56

    Principles of Information Security, 3rd Edition 35

    Hey 8erms -8>420K$eytermsK-D

    ccess

    sset

    ttac$

    Control, afeguard, orCountermeasure

    >x!loit

    >x!osure

    9ac$

    ()*ect

    Ris$

    ecurity ;lue!rint ecurity Model

    ecurity osture or

    ecurity rofile u)*ect

    8reats

    8reat gent Iulnera)ility

  • 8/19/2019 ch01_EDIT

    36/56

    Principles of Information Security, 3rd Edition 36

    ummary

    -nformation security is a ."ell/informed sense ofassurance tat te information ris$s and controls are in)alance

    Com!uter security )egan immediately after firstmainframes "ere de#elo!ed

    uccessful organi&ations a#e multi!le layers of securityin !lace: !ysical, !ersonal, o!erations, communications,net"or$, and information

  • 8/19/2019 ch01_EDIT

    37/56

    Principles of Information Security, 3rd Edition 37

    ummary 5continued6

    ecurity sould )e considered a )alance )et"een

    !rotection and a#aila)ility

    -nformation security must )e managed similarly to anyma*or system im!lemented in an organi&ation using a

    metodology li$e ecD'C

    -m!lementation of information security often descri)ed asa com)ination of art and science

  • 8/19/2019 ch01_EDIT

    38/56

    ภ ยค"กคาม58reat6

    Principles of Information Security, 3rd Edition 38

  • 8/19/2019 ch01_EDIT

    39/56

    ภ ยค"กคาม58reat6

    Principles of Information Security, 3rd Edition 39

  • 8/19/2019 ch01_EDIT

    40/56

    การสอดแนม5noo!ing6

    Principles of Information Security, 3rd Edition 4

  • 8/19/2019 ch01_EDIT

    41/56

    ท า,ม!2งสอดแนม,ด  

    Principles of Information Security, 3rd Edition 41

  • 8/19/2019 ch01_EDIT

    42/56

    การ#ปล ยนแปลงข  อมล5Modification6

    Principles of Information Security, 3rd Edition 42

  • 8/19/2019 ch01_EDIT

    43/56

    การปลอมต ว5!oofing6

    Principles of Information Security, 3rd Edition 43

    การปฏเสธการใหบรการ (Denial

  • 8/19/2019 ch01_EDIT

    44/56

     

    การปฏเสธการให   บร    การ (Denialof Service)

    Principles of Information Security, 3rd Edition 44

    การปฏเสธแหลงทมา

  • 8/19/2019 ch01_EDIT

    45/56

     

    การปฏเสธแหล  งท  มา (Repudiation of Origin)

    Principles of Information Security, 3rd Edition 45

    การปฏเสธการไดรบ(Repudiation

  • 8/19/2019 ch01_EDIT

    46/56

    การปฏเสธการได   ร  บ (Repudiationof Receipt)

    Principles of Information Security, 3rd Edition 46

  • 8/19/2019 ch01_EDIT

    47/56

     การหน วงเวลา (Delay)

    Principles of Information Security, 3rd Edition 47

  • 8/19/2019 ch01_EDIT

    48/56

     ไวร  ส เวร   ม และโทรจ  นฮอร   ส 

    Principles of Information Security, 3rd Edition 48

  • 8/19/2019 ch01_EDIT

    49/56

    เร   !  องม   ! อส  " าหร  บร  ก#าวาม ปลอด$  % 

    Principles of Information Security, 3rd Edition 49

  • 8/19/2019 ch01_EDIT

    50/56

    Principles of Information Security, 3rd Edition 5

  • 8/19/2019 ch01_EDIT

    51/56

    Principles of Information Security, 3rd Edition 51

  • 8/19/2019 ch01_EDIT

    52/56

    Principles of Information Security, 3rd Edition 52

  • 8/19/2019 ch01_EDIT

    53/56

    Principles of Information Security, 3rd Edition 53

  • 8/19/2019 ch01_EDIT

    54/56

    Principles of Information Security, 3rd Edition 54

  • 8/19/2019 ch01_EDIT

    55/56

    Principles of Information Security, 3rd Edition 55

    1

  • 8/19/2019 ch01_EDIT

    56/56

    ค า!ามททวนทท   11 >nigma #ป  น#คร+ องม+อส า*ร ท าอะ,ร ค  ดค  น/ดยประ#ท0อะ,ร ใ$  ใน$ วง,*น และมข  อ

    ก&ร องในการใ$  งานอย าง,ร2 (range ;oo$ ค  +ออะ,ร และม  ป  ญ*า#ก   ยวก การน า,ปใ$  อย าง,ร

    3 C- ย อมมา%ากอะ,ร อ)  ายความส าค ญและความ*มายของแต ละส วน

    4  %งว#คราะ*  (ว าการ/%มต  แต ละรปแว าท   ม  .ลกระท/ดยตรงก  C- ด  านใด  าง

    L   %งว#คราะ*  (และประ#ม  นว าแน  ว/น  มการ/%มต  ในอนาคต%ะ#ป  นอย าง,ร

    @   การ#ข  าร* สข  อมล#ป  นการปกป   องค"3สม ต  ของความปลอด! ยข  อมลด  านใดและสามาร!ป   องก นการ/%มต  แใด,ด    าง

    A  อ)ายข  อแตกต างระ*ว าง,วร ส /ทร% น และ#วร  (ม

    B   อ)  ายข  อแตกต างระ*ว างการ#ข  าร* สข  อมลและการ' อน&รางข  อมล

    ?  การใ$  ร* ส ass"ord % ดอย ในการ&  ส%น

      (ทราต วตนแใด

    10  อ)  ายข  อแตกต างระ*ว างการ#ข  าร* ส ymmetric $ey encry!tion และ u)lic $eyencry!tion

    -8>420Kc1K-D