Introduction to Information Security (History)

0.0(0)
studied byStudied by 0 people
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/35

flashcard set

Earn XP

Description and Tags

More on History (page 5-9)

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

36 Terms

1
New cards

James Anderson

Executive consultant at Emagined Security

2
New cards

James Anderson

Believes information security in an enterprise is a “well-informed sense of assurance that the information risks and controls are in balance.”

3
New cards

World War II

The origins of information security trace back to ——, when the need to secure computers arose.

4
New cards

Mainframes

Early efforts of information security focused on protecting ——- used for cryptographic operations, such as breaking enemy codes.

5
New cards

Enigma machine

The ——- was a critical tool for encrypting German military communications.

6
New cards

Physical security measures

Protecting these early computing systems required ———.

7
New cards

Badges and keys

Restricted access using ——- (physical security measure).

8
New cards

Facial recognition

Verification by security guards through ———.

9
New cards

o Physical security of equipment and facilities.

o Document classification to restrict access to sensitive materials.

Information security initially revolved around?

10
New cards

Theft, espionage, and sabotage of physical systems.

Threats were primarily?

11
New cards

1960s

In the ——-, a notable event revealed the importance of data protection.

12
New cards

The Message of the Day (MOTD) and the password file.

The 1960 accident where a software glitch merged what two files? This resulted in sensitive passwords being printed on every output file, showcasing vulnerabilities in software processes.

13
New cards

Cryptography

Breaking the Enigma codes underscored the importance of ——- in warfare.

14
New cards

Decrypted information

—- helped anticipate German military actions. This success emphasized the need for technological advances in security.

15
New cards

Cold War Era (1960s)

What era were the mainframes used for complex tasks, and communication between them became essential.

16
New cards

1960s

What year: Need for Better Communication: Mailing magnetic tapes between computer centers was inefficient.

17
New cards

The Department of Defense's Advanced Research Project Agency

ARPA stands for?

18
New cards

The Department of Defense's Advanced Research Project Agency (ARPA)

They explored a networked communication system.

19
New cards

Larry Roberts

—- known as the founder of the Internet, developed ARPANET, which was the precursor to the modern Internet.

20
New cards

1970s and 80s

What year: ARPANET grew more widely used, but security issues became apparent.

21
New cards

ARPA’s security issues.

● Remote sites lacked safeguards to protect data.

● Password vulnerabilities, lack of safety for dial-up connections, and no user

identification.

● Phone numbers made it easy for hackers to access ARPANET.

● Network security was referred to as “network insecurity.”

22
New cards

Protection Analysis (1978)

What year:

● ARPA studied vulnerabilities in operating system security.

● Focused on detecting system software vulnerabilities.

23
New cards

Rand Report R-609 (1967)

● First document to address the need for multiple controls in securing a

computer system.

● Identified the role of management and policy issues in security.

● Expanded security scope to protect data and limit unauthorized access.

24
New cards

MULTICS System

● Early focus of security research.

● Integrated security into its core functions, developed by GE, Bell Labs, and

MIT.

25
New cards

UNIX System (1969)

● Created by developers of MULTICS.

● Initially lacked strong security features like passwords, which were added in

the 1970s.

26
New cards

Decentralization and Networking (1980s)

● Microprocessors led to personal computers, which decentralized data

processing.

● Networking connected PCs and mainframes, allowing for resource sharing.

27
New cards

1968

What year: Maurice Wilkes discusses password security in Time-Sharing Computer Systems.

28
New cards

1973

What year: Schell, Downey, and Popek examine the need for additional security in military systems in "Preliminary Notes on the Design of Secure Military Computer Systems."

29
New cards

1975

What year: The Federal Information Processing Standards (FIPS) examines Digital Encryption Standard (DES) in the Federal Register.

30
New cards

1978

What year: Bisbey and Hollingworth publish their study "Protection Analysis: Final Report," discussing the Protection Analysis project created by ARPA to better understand the vulnerabilities of operating system security and examine the possibility of automated vulnerability detection techniques in existing system software.

31
New cards

1979

What year: Morris and Thompson author "Password Security: A Case History," published in the Communications of the Association for Computing Machinery (ACM). The paper examines the history of a design for a password security scheme on a remotely accessed, time-sharing system.

32
New cards

1979

What year: Dennis Ritchie publishes "On the Security of UNIX" and "Protection of Data File Contents," discussing secure user IDs and secure group IDs, and the problems inherent in the systems.

33
New cards

1984

What year: Grampp and Morris write "UNIX Operating System Security." In this report, the authors examine four "important handles to computer security": physical control of premises and computer facilities, management commitment to security objectives, education of employees, and administrative procedures aimed at increased security.

34
New cards

1984

What year: Reeds and Weinberger publish "File Security and the UNIX System Crypt Command." Their premise was: "No technique can be secure against wiretapping or its equivalent on the computer. Therefore no technique can be secure against the systems administrator or other privileged users... the naive user has no chance."

35
New cards

1990s

What year:

● Computer networks became more common, leading to the creation of the Internet.

● The Internet connected various networks, forming the first global network of

networks.

● Initially used by government, academia, and industry professionals, the Internet

became publicly available in the ——.

● Connectivity spread to almost all computers through phone lines or LANs.

● The Internet became pervasive, reaching nearly every part of the world with various

uses.

● The Internet started as a tool for sharing Defense Department information and had

no industry standards for interconnecting networks.

● Security was not prioritized, leading to vulnerabilities, especially in e-mail systems.

● Early Internet and e-mail systems assumed users were trustworthy, so security

features like server authentication and e-mail encryption were unnecessary.

● Traditional security focused on protecting physical locations of computers.

● As networking became more dominant, the physical security of computers was lessened, exposing stored information to security threats.

36
New cards

2000 to Present

● The Internet links millions of unsecured networks, making the security of each computer reliant on the security of others.

● Rising awareness of the need for improved information security.

● Recognized importance of information security for national defense.

● Growing threat of cyber-attacks has prompted greater focus on securing

critical infrastructure, such as utility control systems.

● Increasing worry about nation-states engaging in information warfare.

● Risks to business and personal information systems if left unprotected.