第一章:
Object:
IS define:well-informed sense of assurance that the information risks and controls are in balance
History of IS: computer security began after first mainframes were developed
Rand Report R-609 computer security(physical security) into information security:safety of data, limiting unauthorized access to data, involvement of personnel from multiple leves of an organization
Key words and concepts: multiple layers of secutity: physical, personnel, operations, communications, network, Information
Information security: protection of information and its critical elements: systems and hardwares that use, store and transmit information
Component of Info. System: software, hardware, people, data, procesures, networks
CIA triangle(industry standard for computer security): confidentiality, integrity, availability
Some key words: object, access, asset, attack, exploit, loss, exposure, protection profile, subject, control, risk, threat, threat agent, vulnerability
Concepts:security should be a balance between protection and availability
Infromation’s characteristics: availability, accuracy, authenticity, confidentiality,
(the value of information comes from) integrity, utility, possession
Approaches to is implementation: bottom-up: advantage:technical expertise of
(less use) individual administrator dis: lack participant support and organizational staying power top-down: initiated by upper management (widely use) also called systems development life cycle Security systems life cycle: investigation: EISP outlines the implementation (methodology different from traditions) analysis:1 risk management 2 legal issue 3 analysis policies and programs 4 analysis