Information Security - Evolution

An Introduction to Information Security

• Information Security in an enterprise is a “well-informed sense of assurance that the information risks and controls are in balance”
• Aligning information security needs with business objectives must be the top priority.

The History of Information Security

• The history of information security begins with Computer Security.
• The need for computer security - that is, the need to secure physical locations, hardware, and software from threats - arose during WWII when the first mainframes, developed to aid computations for communication code breaking, were put to use.
• Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data.
• Access to sensitive military locations, for example, was controlled by means of badges, keys, and facial recognition of authorized personnel by security guards.
• The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards.
• During these early years, information security was a straightforward process composed pre-dominantly of physical security and simple document classification schemes.
• The primary threats to security were physical theft of equipment, espionage against the products of the systems, and sabotage.
• One of the first documented security problems that fell outside these categories occurred in the early 1960s, when a system administrators was working on an MOTD (message of the day) file, and another administrator was editing the password file. A software glitch mixed the two files, and the entire password file was printed on every output file.