In this video, Marc Menninger reviews some key events in IT security history. Understand how the Internet was first developed with the launch of ARPANET and TCP/IP. Learn about key US legislation related to data security, like HIPAA, GLBA, and California's data breach law. Marc also discusses the launch of industry standards like PCI DSS and ISO/IEC 27001.
- [Instructor] Let's take a look at some of the key events in IT security history. This quick history lesson will give some context to the quickly evolving world of IT security and the growing need for security professionals. I've included this timeline as a handout in the Exercise Files, which includes many significant events that have impacted IT security over more than 40 years. The timeline starts in 1969 when ARPANET, the precursor to the Internet, sent its first message. TCP/IP, the same transmission protocol we use on the Internet today, was tested for the first time six years later, in 1975.
In 1983, ARPANET began using TCP/IP bringing it one step closer to the Internet we know today. The Computer Fraud and Abuse Act, which criminalized many forms of computer hacks and attacks, was passed by the United States Congress in 1986. In 1988, the first major network worm was released by Robert Tappan Morris, crippling thousands of computers and causing millions in estimated damages. The Morris worm led to the creation of the U.S. Computer Emergency Response Team Coordination Center, or CERT-CC, later that year.
Morris was the first person convicted under the Computer Fraud and Abuse Act. In 1990, the Internet as we know it was born when ARPANET was decommissioned. In the U.S. the 1990s brought us laws and standards still important to us today. The Health Insurance Portability and Accountability Act, or HIPAA, defined security safeguards for electronic protected health information, to ePHI. The Gramm–Leach–Bliley Act, or GLBA, included the Safeguards Rule requiring financial institutions to develop a written information security plan to protect client's nonpublic personal information.
In the early 2000s, more U.S. laws and standards were established including the Federal Information Security Management Act, or FISMA, which requires all U.S. federal agencies to develop, document, and implement an information security program. In 2002, California became the first state to require companies who have suffered a data breach to notify their customers. Then, in 2004, the Payment Card Industry Data Security Standards, or PCI DSS, outlined the basic security levels for merchants who store, process and transmit cardholder data.
In the late 2000s, the number of hacks and attacks continued to increase starting with the TJ Maxx hacked in 2005, which led to the theft of 45 million customer credit and debit account details. Also in 2005, the ISO/IEC 27001 was published as an international security standard which is still used today as the basis for organization's security policies. From 2010 to 2015, we saw a major spike in hacks and attacks. Government, healthcare, technology and finance are just a few of the many industries that have suffered data breaches.
Altogether many millions of sensitive organizations' and personal records were breached over these five years. As you can see, a lot has happened in the world of IT security since 1969. Two major trends are evident in these events. The first is that cyber threats are becoming more sophisticated, frequent and successful. No one is safe from a cyber attack. Another significant trend is the increasing need for IT security professionals due to regulatory requirements for stronger security, organizations seeking to protect themselves from cyber threats, and customer demands that businesses protect their sensitive information.
You should now see why businesses and organizations worldwide seek qualified security professionals to help protect their systems and data.
Marc closes with a few pieces of career advice specific to the world of information security, which will help you succeed in this dynamic and high-demand industry.
- IT security key concepts
- Understanding the job marketplace (government vs. healthcare, etc.)
- IT security success traits
- Career specializations
- IT security certifications
- Getting experience
- Marketing yourself