|
Ancient times (1960-1990)
- "Hacker" as engineer, the person who understands the arcane
- Systems are trusting and open, because relative few
people have access
- Networking is very limited, so that physical proximity is
needed to gain access to systems or data. Thus, focus is on
physical security, personnel security, formal security procedures
(such as government classification levels) and the like
The Middle Ages (the 1990s)
- More and more people connected to networks
- An awakening in law enforcement that information has value
that is difficult to associate with physical artifactual value. This
awakening was accompanied by clumsiness and uncertainty
- Many incidents of varying severity, but few that actually
impacted the "real" world.
- The start of the cat and mouse game between attacker
and victim, where each is seeking to gain the knowledge of the
other in order to pursue his or her goals
"Modern" Times
- Well-publicized security incidents that actually impacted
individuals (such as the Yahoo, CNN, etc. DDoS)
- Critical mass on the Internet, a transition from hobby to
infrastructure
- Formalism of information security procedures and information
valuation; integration of security concerns with all types of
organizations doing all types of information work
- Continued difficulty in assessing fair penalties for
miscreant or criminal acts; post-9/11 legislation is particulary
harsh on illicit data access (but this harshness really started with
the 1998 copyright act).
|