Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Part I Introduction

This section introduces the concept of security in general and information security in particular. The intention was also to provide a historical perspective about information security.

Chapter 1, “Introduction to Security,” highlights three examples of information security breaches recently published on the internet. The first example explains how the encrypted messages can be read by injecting plaintext into HTTPS request and measuring compression changes. The second example explains how the NSA was provided direct access to the networks of some of the big corporations like Google, Yahoo, and Microsoft and how the tapping of information from undersea cables where the information moves unencrypted was carried out. The third example explains the breach of 40 million credit and debit cards, which happened during the busy Christmas season at Target. We then generally describe what security is and describe it as protecting what one has. We also look into the fact that security not only applies to physical assets, but also non-physical assets like confidential information, research information with high value realization potential, intellectual property rights, and security of customers. We also highlight the role of terrorists and disgruntled employees in the breach of security. We then explore why security is important.

In this context we look into how every individual and organization wants to preserve its societal status and how the compromise of information security can lead to misuse of the information at the wrong hands.

We then look into the importance of protection of business information of value and protection of customer data and that information security should not be implemented for the sake of implementing it, but with

all the serious consideration it requires. We also highlight how new technologies, new products, and new applications can also bring new security threats to the fore. We then discuss what happens if we do not care about security with examples from the current world. We then discuss the history of computers and information security. We then explore the information security scenario today. We also discuss how prevention is better than cure and explain the need to build in appropriate controls through risk assessment of what can go wrong. We conclude with information about some of the applicable standards and certifications like ISO27001:2013, PCI DSS by PCI Security Standards Council, and COBIT from ISACA.

Chapter 2, “History of Computer Security,” starts with the history of exploiting security started with the tapping of telephone lines and how the telephone operators intentionally misdirected the calls and

eavesdropped on the conversations. We also look into the role of “phreakers” like John Draper. Next we look into how bulletin boards became the target of hackers as the people started sharing passwords, credit card numbers thereon. Then we look into Ian Murphy's breaking into AT&T's computers and Kevin Mitnick's stealing of computer manuals of Pacific Bells's switching center. Then we look into how Computer Emergency Response Team (CERT) was formed by government agencies in charge of ARPANET to counter increasing threats to security. We then look into how the 1990s saw more hacking activities such as the “Michelangelo” virus, the arrest of notorious hacker Kevin Mitnick for stealing credit card data, and the 1998 Solar Sunrise attack targeting Pentagon computers by Ehud Tenebaum. We look into the growth of the Internet and how business-related information became available on the Internet and with the increasing threats the technologies like firewalls, antivirus programs came into existing while on the other hand the viruses, Trojans, and worms were proliferating. We then explore the history of communications and in the context discussed Caesar cipher. We also highlight how the need for secure communications in the context of military information exchange led to cryptography.

We then discuss the role of world wars in the development of coding to exchange the information secretly. In this context we discuss Enigma machine and how Alan Turing succeeded at Bletchley Park in decoding the messages coded through Enigma machine and how this led to the shortening of World War II. We then discuss some of the greatest phreakers and hackers like John Draper and Kevin Mitnick and discuss in today's context of the Internet the role of people like Julian Assange of WikiLeaks and whistleblowers like Edward Snowden in the context of the role of the NSA in the breach of information security.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science