an introduction to information security why there’s more to hide than you might think and why...
TRANSCRIPT
![Page 1: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/1.jpg)
An Introduction to An Introduction to Information SecurityInformation Security
Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of
in your wildest, most paranoid nightmare
This Document was Funded by the National Science Foundation Federal Cyber Service Scholarship For Service Program: Grant No. 0113627
Distributed October 2002
Embry-Riddle Aeronautical University • Prescott, Arizona • USA
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
![Page 2: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/2.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
Roadmap: IntroductionRoadmap: Introduction
IntroductionIntroduction Purpose Motivation Audience Goals and objectives Context Some key vocabulary, including some integrating concepts
![Page 3: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/3.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
PurposePurpose
Provide an overview of the context of digital information security, including the key “soft” factors beyond the specific hardware and software technologies typically considered to be at the core of digital information security
Provide an introduction to the key concepts, vocabulary, and issues of digital information security technology itself
![Page 4: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/4.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
MotivationMotivation
There is more information that is sensitive to someone some time somehow than seems obvious
The consequences of undesired disclosure are growing ever more significant
It is more difficult to protect sensitive information than most people, even technically sophisticated ones, appreciate
More and more facets of modern life are being impacted by the necessity to protect sensitive information or mitigate the consequences of our inability to do so
![Page 5: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/5.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The Intended AudienceThe Intended Audience
Students in an introductory Information or Computer Security course looking for an overview of the context for the subject
Computer Science or Software Engineering students in specialized courses (e.g., operating systems, database management systems, networking, cryptography, or software engineering) needing the information security context within which to understand the contributions and limitations of the specialized discipline(s) they’re studying
![Page 6: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/6.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The GoalsThe Goals
Understand the complexities involved in protecting information (in other words, be depressed ;-)
Understand the key concepts and vocabulary for discussing information security
Understand the key elements of information security
Understand both the potential contribution and the limitations of each key element
Understand the major inter-dependencies among the key elements
Go one layer deeper into part of the onion and provide a basic understanding of the key concepts and vocabulary within computer security itself
![Page 7: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/7.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The ObjectivesThe Objectives
For students in an introductory course on information security: Be able to describe the purpose of, and types of information necessary for, a security policy Be able to define at least 6 of the possible dimensions of a security architecture For each dimension, be able to state another dimension on which it is heavily depends and another on
which it does not Be able to define trusted software and describe why it is expensive Be able to state the key limitation on software based cryptography as a security mechanism
![Page 8: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/8.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The Objectives The Objectives (cont’d)(cont’d)
For students in an operating systems course, all of the introductory objectives, plus: Be able to define a trusted computing base Be able to define the relationship between an operating system and a trusted
computing base
For students in a data base management systems course, all of the introductory objectives, plus: Be able to define the terms: subject, object, access modes, and access right Be able to identify at least three levels of granularity in the definition of
possible objects in a data base management system Be able to state why subjects and users are not interchangeable concepts Be able to state the relationship between DBMS software and TCB software
![Page 9: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/9.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The Objectives The Objectives (cont’d)(cont’d)
For students in an introductory networking course, the introductory objectives plus: Be able to define the relationship between COMPUSEC, COMSEC,
cryptography and network security Be able to state the key limitation on software based cryptography as a network
protection mechanism
For students in an introductory cryptography course, the introductory objectives plus: Be able to state the key limitation on software based cryptography as an
INFOSEC mechanism
For students in a software engineering course, all of the introductory objectives plus: Be able to define trusted software and level of assurance Be able to describe the limitations of testing in providing high levels of
assurance
![Page 10: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/10.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
The Context of Information SecurityThe Context of Information Security
INFOSECINFOSEC
Information Assurance
Information SecurityInformation Security
Informally:Informally: Information assurance is making sure that information is accessible to the Information assurance is making sure that information is accessible to the
right people when you want it to be and hasn’t been improperly accessed by right people when you want it to be and hasn’t been improperly accessed by the wrong peoplethe wrong people
Information security is about protecting information from unauthorized Information security is about protecting information from unauthorized disclosure or modification but not specifically about assuring all aspects of its disclosure or modification but not specifically about assuring all aspects of its accessibilityaccessibility
INFOSEC is an abbreviation of Information Systems Security, the protection INFOSEC is an abbreviation of Information Systems Security, the protection of information of information systemssystems --- which correctly highlights the fact that electronic --- which correctly highlights the fact that electronic data systems are by no means the only places that information can be data systems are by no means the only places that information can be compromisedcompromised
![Page 11: An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your](https://reader036.vdocuments.site/reader036/viewer/2022072013/56649e735503460f94b7312e/html5/thumbnails/11.jpg)
An Introduction to Information Security. ©2002, Matt Jaffe, Jan G. Hogle, Susan Gerhart. http://nsfsecurity.pr.erau.edu
About this ProjectAbout this Project
This presentation is part of a larger package of materials on security issues. For This presentation is part of a larger package of materials on security issues. For more information, go to: more information, go to: http://nsfsecurity.pr.erau.edu
Other material available on this topic are:Other material available on this topic are: Overview of the key concepts and vocabulary
The Key Mechanisms of Information Security: their strengths, weaknesses and inter-The Key Mechanisms of Information Security: their strengths, weaknesses and inter-
dependenciesdependencies
Exercises (html): Decision Maze, Crossword Puzzle, Security SceneExercises (html): Decision Maze, Crossword Puzzle, Security Scene
Quizzes (html): Multiple choice, Fill-in-the-blankQuizzes (html): Multiple choice, Fill-in-the-blank
Please complete a feedback form at Please complete a feedback form at http://nsfsecurity.pr.erau.edu/feedback.html to tell us how you used this material and to offer suggestions for improvements.