1/35
More on History (page 5-9)
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
James Anderson
Executive consultant at Emagined Security
James Anderson
Believes information security in an enterprise is a “well-informed sense of assurance that the information risks and controls are in balance.”
World War II
The origins of information security trace back to ——, when the need to secure computers arose.
Mainframes
Early efforts of information security focused on protecting ——- used for cryptographic operations, such as breaking enemy codes.
Enigma machine
The ——- was a critical tool for encrypting German military communications.
Physical security measures
Protecting these early computing systems required ———.
Badges and keys
Restricted access using ——- (physical security measure).
Facial recognition
Verification by security guards through ———.
o Physical security of equipment and facilities.
o Document classification to restrict access to sensitive materials.
Information security initially revolved around?
Theft, espionage, and sabotage of physical systems.
Threats were primarily?
1960s
In the ——-, a notable event revealed the importance of data protection.
The Message of the Day (MOTD) and the password file.
The 1960 accident where a software glitch merged what two files? This resulted in sensitive passwords being printed on every output file, showcasing vulnerabilities in software processes.
Cryptography
Breaking the Enigma codes underscored the importance of ——- in warfare.
Decrypted information
—- helped anticipate German military actions. This success emphasized the need for technological advances in security.
Cold War Era (1960s)
What era were the mainframes used for complex tasks, and communication between them became essential.
1960s
What year: Need for Better Communication: Mailing magnetic tapes between computer centers was inefficient.
The Department of Defense's Advanced Research Project Agency
ARPA stands for?
The Department of Defense's Advanced Research Project Agency (ARPA)
They explored a networked communication system.
Larry Roberts
—- known as the founder of the Internet, developed ARPANET, which was the precursor to the modern Internet.
1970s and 80s
What year: ARPANET grew more widely used, but security issues became apparent.
ARPA’s security issues.
● Remote sites lacked safeguards to protect data.
● Password vulnerabilities, lack of safety for dial-up connections, and no user
identification.
● Phone numbers made it easy for hackers to access ARPANET.
● Network security was referred to as “network insecurity.”
Protection Analysis (1978)
What year:
● ARPA studied vulnerabilities in operating system security.
● Focused on detecting system software vulnerabilities.
Rand Report R-609 (1967)
● First document to address the need for multiple controls in securing a
computer system.
● Identified the role of management and policy issues in security.
● Expanded security scope to protect data and limit unauthorized access.
MULTICS System
● Early focus of security research.
● Integrated security into its core functions, developed by GE, Bell Labs, and
MIT.
UNIX System (1969)
● Created by developers of MULTICS.
● Initially lacked strong security features like passwords, which were added in
the 1970s.
Decentralization and Networking (1980s)
● Microprocessors led to personal computers, which decentralized data
processing.
● Networking connected PCs and mainframes, allowing for resource sharing.
1968
What year: Maurice Wilkes discusses password security in Time-Sharing Computer Systems.
1973
What year: Schell, Downey, and Popek examine the need for additional security in military systems in "Preliminary Notes on the Design of Secure Military Computer Systems."
1975
What year: The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register.
1978
What year: Bisbey and Hollingworth publish their study "Protection Analysis: Final Report," discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of operating system security and examine the possibility of automated vulnerability detection techniques in existing system software.
1979
What year: Morris and Thompson author "Password Security: A Case History," published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system.
1979
What year: Dennis Ritchie publishes "On the Security of UNIX" and "Protection of Data File Contents," discussing secure user IDs and secure group IDs, and the problems inherent in the systems.
1984
What year: Grampp and Morris write "UNIX Operating System Security." In this report, the authors examine four "important handles to computer security": physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security.
1984
What year: Reeds and Weinberger publish "File Security and the UNIX System Crypt Command." Their premise was: "No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users... the naive user has no chance."
1990s
What year:
● Computer networks became more common, leading to the creation of the Internet.
● The Internet connected various networks, forming the first global network of
networks.
● Initially used by government, academia, and industry professionals, the Internet
became publicly available in the ——.
● Connectivity spread to almost all computers through phone lines or LANs.
● The Internet became pervasive, reaching nearly every part of the world with various
uses.
● The Internet started as a tool for sharing Defense Department information and had
no industry standards for interconnecting networks.
● Security was not prioritized, leading to vulnerabilities, especially in e-mail systems.
● Early Internet and e-mail systems assumed users were trustworthy, so security
features like server authentication and e-mail encryption were unnecessary.
● Traditional security focused on protecting physical locations of computers.
● As networking became more dominant, the physical security of computers was lessened, exposing stored information to security threats.
2000 to Present
● The Internet links millions of unsecured networks, making the security of each computer reliant on the security of others.
● Rising awareness of the need for improved information security.
● Recognized importance of information security for national defense.
● Growing threat of cyber-attacks has prompted greater focus on securing
critical infrastructure, such as utility control systems.
● Increasing worry about nation-states engaging in information warfare.
● Risks to business and personal information systems if left unprotected.