lOMoARcPSD|59658805
Principles of Information Security 7E Module 1
Financial Accounting (University of Oxford)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university
Downloaded by olinder seth ()
, lOMoARcPSD|59658805
MODULE 1
Introduction to Information
Security
Upon completion of this material, you should be able to: Do not figure on
1 Define information security opponents not
2 Discuss the history of computer security and explain how it evolved into attacking; worry
information security about your own lack
3 Define key terms and critical concepts of information security of preparation.
—The Book of Five Rings
4 Describe the information security roles of professionals within an organization
Opening Scenario
For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping
office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well enough.
Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed
that jobs in information technology were a good way to pay the bills.
The phone rang, as it did about four times an hour. The first call of the day, from a worried user hoping Amy could help
him out of a jam, seemed typical. The call display on her monitor showed some of the facts: the user’s name, his phone number
and department, where his office was on the company campus, and a list of his past calls to the help desk.
“Hi, Bob,” she said. “Did you get that document formatting problem squared away?”
“Sure did, Amy. But now I have another issue I need your help with.”
“Sure, Bob. Tell me about it.”
“Well, my PC is acting weird,” Bob said. “When I open my e-mail app, my mailbox doesn’t respond to the mouse or the
keyboard.”
“Did you try a reboot yet?”
“Sure did. But the program wouldn’t close, and I had to turn my PC off. After it restarted, I opened my e-mail again, and
it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Web browser is
sluggish.”
“OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll have a tech contact you for
remote diagnosis as soon as possible.”
Downloaded by olinder seth ()
, lOMoARcPSD|59658805
2 Principles of Information Security
Amy looked up at the help desk ticket status monitor on the wall at the end of the room. She saw that only two techni-
cians were currently dispatched to user support, and because it was the day shift, four technicians were available. “Shouldn’t
be long at all, Bob.”
She hung up and typed her notes into the company’s trouble ticket tracking system. She assigned the newly generated
case to the user dispatch queue, which would page the user support technician with the details in a few minutes.
A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking
briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the room
where the company servers were kept in a carefully controlled environment. They all looked worried.
Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. The screen beeped again—and again. It
started beeping constantly. She clicked the envelope icon, and after a short delay, the mail window opened. She had 47 new
e-mails in her inbox. She opened one from Davey Martinez in the Accounting Department. The subject line said, “Wait till you
see this.” The message body read, “Funniest joke you’ll see today.” Davey often sent her interesting and funny e-mails, and
she clicked the file attachment icon to open the latest joke.
After that click, her PC showed the Windows “please wait” cursor for a second and then the mouse pointer reappeared.
Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked
the icon on her computer desktop to activate the call management software and activated her headset. “Hello, Help Desk, how
can I help you?” She couldn’t greet the caller by name because her computer had not responded.
“Hello, this is Erin Williams in Receiving.”
Amy glanced down at her screen. Still no tracking system. She glanced up to the tally board and was surprised to see the
inbound-call counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time.
“Hi, Erin,” Amy said. “What’s up?”
“Nothing,” Erin answered. “That’s the problem.” The rest of the call was a replay of Bob’s, except that Amy had to jot notes
down on a legal pad. She couldn’t notify the user support team either. She looked at the ticket status monitor again. It had
gone dark. No numbers at all.
Then she saw Charlie walking quickly down the hall from the server room. His expression had changed from worried to
frantic.
Amy picked up the phone again. She wanted to check with her supervisor about what to do now. There was no dial tone.
Introduction To Information Security
Every organization, whether public or private and regardless of size, has information it wants to protect. It could be
customer information, product or service information, and/or employee information. Regardless of the source, it is
the organization’s job to protect the information to the best of its ability. Organizations have a responsibility to all its
stakeholders to protect that information. Unfortunately, there aren’t enough security professionals to go around. As
a result, everyone in the organization must have a working knowledge of how to protect the information assigned to
them and how to assist in preventing the unauthorized disclosure, damage, or destruction of that information. After
all, if you’re not part of the solution, you’re part of the problem.
This module’s opening scenario illustrates that information risks and controls may not be in balance at SLS.
Though Amy works in a technical support role to help users with their problems, she did not recall her train-
ing about malicious e-mail attachments, such as worms or viruses, and fell victim to this form of attack herself.
Understanding how malicious software (malware) might be the cause of a company’s problems is an important
skill for information technology (IT) support staff as well as users. SLS’s management also showed signs of confu-
sion and seemed to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced
with a similar situation, what would you do? How would you react? Would it occur to you that something far
more insidious than a technical malfunction was happening at your company? As you explore the modules of this
book and learn more about information security, you will become more capable of answering these questions.
But, before you can begin studying details about the discipline of information security, you must first know its
history and evolution.
Downloaded by olinder seth ()
Principles of Information Security 7E Module 1
Financial Accounting (University of Oxford)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university
Downloaded by olinder seth ()
, lOMoARcPSD|59658805
MODULE 1
Introduction to Information
Security
Upon completion of this material, you should be able to: Do not figure on
1 Define information security opponents not
2 Discuss the history of computer security and explain how it evolved into attacking; worry
information security about your own lack
3 Define key terms and critical concepts of information security of preparation.
—The Book of Five Rings
4 Describe the information security roles of professionals within an organization
Opening Scenario
For Amy, the day began like any other at the Sequential Label and Supply Company (SLS) help desk. Taking calls and helping
office workers with computer problems was not glamorous, but she enjoyed the work; it was challenging and paid well enough.
Some of her friends in the industry worked at bigger companies, some at cutting-edge tech companies, but they all agreed
that jobs in information technology were a good way to pay the bills.
The phone rang, as it did about four times an hour. The first call of the day, from a worried user hoping Amy could help
him out of a jam, seemed typical. The call display on her monitor showed some of the facts: the user’s name, his phone number
and department, where his office was on the company campus, and a list of his past calls to the help desk.
“Hi, Bob,” she said. “Did you get that document formatting problem squared away?”
“Sure did, Amy. But now I have another issue I need your help with.”
“Sure, Bob. Tell me about it.”
“Well, my PC is acting weird,” Bob said. “When I open my e-mail app, my mailbox doesn’t respond to the mouse or the
keyboard.”
“Did you try a reboot yet?”
“Sure did. But the program wouldn’t close, and I had to turn my PC off. After it restarted, I opened my e-mail again, and
it’s just like it was before—no response at all. The other stuff is working OK, but really, really slowly. Even my Web browser is
sluggish.”
“OK, Bob. We’ve tried the usual stuff we can do over the phone. Let me open a case, and I’ll have a tech contact you for
remote diagnosis as soon as possible.”
Downloaded by olinder seth ()
, lOMoARcPSD|59658805
2 Principles of Information Security
Amy looked up at the help desk ticket status monitor on the wall at the end of the room. She saw that only two techni-
cians were currently dispatched to user support, and because it was the day shift, four technicians were available. “Shouldn’t
be long at all, Bob.”
She hung up and typed her notes into the company’s trouble ticket tracking system. She assigned the newly generated
case to the user dispatch queue, which would page the user support technician with the details in a few minutes.
A moment later, Amy looked up to see Charlie Moody, the senior manager of the server administration team, walking
briskly down the hall. He was being trailed by three of his senior technicians as he made a beeline from his office to the room
where the company servers were kept in a carefully controlled environment. They all looked worried.
Just then, Amy’s screen beeped to alert her of a new e-mail. She glanced down. The screen beeped again—and again. It
started beeping constantly. She clicked the envelope icon, and after a short delay, the mail window opened. She had 47 new
e-mails in her inbox. She opened one from Davey Martinez in the Accounting Department. The subject line said, “Wait till you
see this.” The message body read, “Funniest joke you’ll see today.” Davey often sent her interesting and funny e-mails, and
she clicked the file attachment icon to open the latest joke.
After that click, her PC showed the Windows “please wait” cursor for a second and then the mouse pointer reappeared.
Nothing happened. She clicked the next e-mail message in the queue. Nothing happened. Her phone rang again. She clicked
the icon on her computer desktop to activate the call management software and activated her headset. “Hello, Help Desk, how
can I help you?” She couldn’t greet the caller by name because her computer had not responded.
“Hello, this is Erin Williams in Receiving.”
Amy glanced down at her screen. Still no tracking system. She glanced up to the tally board and was surprised to see the
inbound-call counter tallying up waiting calls like digits on a stopwatch. Amy had never seen so many calls come in at one time.
“Hi, Erin,” Amy said. “What’s up?”
“Nothing,” Erin answered. “That’s the problem.” The rest of the call was a replay of Bob’s, except that Amy had to jot notes
down on a legal pad. She couldn’t notify the user support team either. She looked at the ticket status monitor again. It had
gone dark. No numbers at all.
Then she saw Charlie walking quickly down the hall from the server room. His expression had changed from worried to
frantic.
Amy picked up the phone again. She wanted to check with her supervisor about what to do now. There was no dial tone.
Introduction To Information Security
Every organization, whether public or private and regardless of size, has information it wants to protect. It could be
customer information, product or service information, and/or employee information. Regardless of the source, it is
the organization’s job to protect the information to the best of its ability. Organizations have a responsibility to all its
stakeholders to protect that information. Unfortunately, there aren’t enough security professionals to go around. As
a result, everyone in the organization must have a working knowledge of how to protect the information assigned to
them and how to assist in preventing the unauthorized disclosure, damage, or destruction of that information. After
all, if you’re not part of the solution, you’re part of the problem.
This module’s opening scenario illustrates that information risks and controls may not be in balance at SLS.
Though Amy works in a technical support role to help users with their problems, she did not recall her train-
ing about malicious e-mail attachments, such as worms or viruses, and fell victim to this form of attack herself.
Understanding how malicious software (malware) might be the cause of a company’s problems is an important
skill for information technology (IT) support staff as well as users. SLS’s management also showed signs of confu-
sion and seemed to have no idea how to contain this kind of incident. If you were in Amy’s place and were faced
with a similar situation, what would you do? How would you react? Would it occur to you that something far
more insidious than a technical malfunction was happening at your company? As you explore the modules of this
book and learn more about information security, you will become more capable of answering these questions.
But, before you can begin studying details about the discipline of information security, you must first know its
history and evolution.
Downloaded by olinder seth ()
