Cryptography - Literally, "secret writing", cryptography has grown from very simple methods of protecting military orders from being intercepted over 5,000 years ago, to a common method of assuring secrecy, integrity, and authenticity in almost every modern information system. Astonishingly, no cryptosystem dating from before the 1945 is still unbroken, and only 2 modern systems are likely to survive the next few decades. With the advent of modern computers, cryptography has become a major industry.
Operating Systems - These are the instructions that dictate how an information system allocates its resources and facilitates efficient processing. Most modern attacks on computer systems and networks are based on finding flaws in the operating system or how it is operated and maintained.
Computer Networks - Networking of computers has produced an enormous boom in our ability to communicate and make our operations more efficient, but along with the tremendous advantages come a whole new set of protection issues. Modern attackers typically enter systems from remote sites using large numbers of intermediate computers before reaching their eventual target. Networking has exaserbated the need for global identification and authentication and stressed modern operating systems far beyond their ability to provide adequate protection.
Fault Tolerant Computing - This field sprung up in the early days of computers, and is dedicated to analysing and improving the ability of systems to operate in an environment where component failures are possible. A closely related field of safety engineering arose from the same basic theory, with the goal of reducing the potential harm to humans from systems where peoples health and well being are of direct concern.
Computer Architecture - This field pertains to the physical design of computer hardware. Since all operations take place in a physical media, the physical media is critical to protection. In fact, almost any system without physical protection is very easy to defeat.
Physical Protection - This field is as ancient as life itself. Physical entities fight it out all the time for survival in the jungles as well as in the streets of our cities. Physical issues in information protection include such widely varied issues as electromagnetic and sonic surveilance, electrical power and signal protection, flood and fire protection, and backup techniques. It is widely held that without physical security, there is no information protection.
The Legal System - The law provides for varying degrees of protection under various circumstances. In many cases, organizations that were in the right were unable to recover losses from a guilty party because they failed to meet their legal obligations to notify and observe. Ignorance of the law is no excuse, while knowledge of the law is a powerful tool in protection.
Technical Management - Management practices regarding modern protection systems are often very complex and involved. As an example, a single bit error in any of the 15 subsystems that have to be managed to provide protection in a modern mainframe security system may cause the entire protection system to become useless. Technical issues often dominate other factors in protection management. We will discuss issues relating to hiring and firing practices, background checks, psychological factors in protection management, risk analysis, methods for assuring responsible decisions by other managers, and how tools can be used to ease the protection managers burden.