april 2010 module 1. module 01: 1 introduction to computer security and information assurance...

April 2010

Module 1

Module 01: 2

Introduction to Computer Securityand Information Assurance

Initial Topics• An introduction to

information assurance

• The threat environment

• Risk management• Personnel and

physical security

Module 01: 3


Objectives• Recognize the impact of cyber security in

daily activities

• Recognize the evolution of information assurance over time

• Recognize the fundamental concepts of information assurance

Module 01: 4


What If…• A major city lost its network for:

– E-mail– Law enforcement records– Payroll– Personnel records– Etc.

for a week or more?

• The sewage system for a major city was compromised?– Spills of raw sewage into a river, parks, and

near businesses and homes– Environmental impact to wildlife– Stench for residents– Large cleanup bill

• Railroad service was stopped – Freight and passenger– For a day or more– In 23 states

• An electric power plant was compromised?

• A nuclear power plant was compromised?• Access to the municipal network and its services were lost

• The sewer system was compromised

• Rail traffic was halted

• The power was shut down

• There were problems with a nuclear power plant

Module 01: 5


Who / What Is At Risk?• Organizations:

– Transportation – Telecommunications– Medical – Utilities– Government – And more

• Devices:– Computers – Phones – Game systems– Cable TV – MP3 players – And more

Anyone connected to anyone else.

Module 01: 6


A Brief History Of Information Assurance

• Not a new idea– Greeks circa 480 B.C.E.– Romans (Caesar 100-44 B.C.E.)

• Protect information / keep secret– Locks– Fences– Guards– Safes– Couriers

Photo by Adam Polselli

Module 01: 7


Computers• Early

– Physical security concerns– Separate computer and

communication security– Information transfer by

physical means

• Multiuser systems– Accounts– Access controls– Remote access (modems)

SAGE computer

IBM 360Photos by tomspixels’ http://flickr.com/photos/tomspixels/

Module 01: 8


Fundamental Concepts Of Information Assurance

• Confidentiality

• Integrity

• Availability

Module 01: 9


Growth Of Networks• ARPANET• Development of

– TCP/IP– Other communication protocols

• Evaluating and developing secure systems– Rainbow Series– Common Criteria

Image courtesy DARPA

Module 01: 10


Before The Internet• Bulletin Board Systems (BBSs)

– America Online, CompuServe, etc.– Usenet

• Need to share information– Tim Berners-Lee developed language to

permit sharing of data, including non-text data (HyperText Markup Language (HTML), based on Generalized Markup Language (GML))

– Browser development followed for graphical display of information

Module 01: 11


The Internet• World Wide Web – name given to the

program by Tim Berners-Lee– Growth in number of servers– Platform independent (Windows, X Windows,

Mac)– Scripting to allow interaction from pages– Databases providing services through Web

interface

• As services grow, so do vulnerabilities• More systems connected for convenience

Module 01: 12


0

100

200

300

400

500

600

700

800

900

1000

1100

1200

1300

1400

1500

1600

Dec-9

5

Jun-

96

Dec-9

6

Jun-

97

Dec-9

7

Jun-

98

Dec-9

8

Jun-

99

Dec-9

9

Jun-

00

Dec-0

0

Jun-

01

Dec-0

1

Jun-

02

Dec-0

2

Jun-

03

Dec-0

3

Jun-

04

Dec-0

4

Jun-

05

Dec-0

5

Jun-

06

Dec-0

6

Jun-

07

Dec-0

7

Jun-

08

Dec-0

8

Mill

ion

s o

f u

se

rs

Data from Internet World Stats, March 2, 2009http://www.internetworldstats.com/emarketing.htm

Internet GrowthWhere Are We Today?• Over 1.5 billion users on the Internet (12/2008)• 5,000 – 8,000 PB (PetaByte = 1015 bytes) of

Internet traffic per month worldwide (12/2008)• Traffic growth rate 50-60% per year (12/2008)• Who?

– Transportation – Telecommunications– Medical – Utilities– Government – Who else?

Module 01: 13


• Information access not controlled by physical means alone– Trespassing– Eavesdropping– Alteration– Theft

The CIA triad in a cyber world.

New Information Assurance Concerns

Module 01: 14


Where This Stuff Came From…• Real world issues caused by computers and

networks– Computers are everywhere, supporting daily life– Computers are connected together

• Information assurance from Greeks to today• Concepts of

– Confidentiality– Integrity– Availability

april 2010 module 1. module 01: 1 introduction to computer security and information assurance...

Documents

computer security

physical security slide

information tim bernerslee

comphotostomspixels

impact of cyber security

nuclear power plant

adam polselli slide

electric power plant