Gentle Reader. Your interest in this book is understandable. Computer security has become one of the most important areas in the entire discipline of computing. Basic Computer Security Practices. • Make backups of important files. • Apply patches to the operating system. • Use anti-virus software, update definitions very . The meaning of the term computer security has evolved in recent years. While the definition of computer security used in this book does, therefore, include.
|Language:||English, Spanish, Arabic|
|Distribution:||Free* [*Registration needed]|
This paper introduces some known threats to the computer security, presents some protection mechanisms and techniques for ensuring security of a computer . Why Computer Security? Computer Security is important for protecting the confidentiality, integrity, and availability of computer systems and their resources. In this tutorial, we will treat the concept of computer security which can be a the basics of Computer Security and how to deal with its various components and.
In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community. For example, information is assigned to an "owner" or guardian , who controls access to it.
With Trojan horse attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data. The commercial world has borne these vulnerabilities in exchange for the greater operational flexibility and system performance currently associated with relatively weak security.
Integrity Integrity is a requirement meant to ensure that information and programs are changed only in a specified and authorized manner. It may be important to keep data consistent as in double-entry bookkeeping or to allow data to be changed only in an approved manner as in withdrawals from a bank account. It may also be necessary to specify the degree of the accuracy of data. Some policies for ensuring integrity reflect a concern for preventing fraud and are stated in terms of management controls.
For example, any task involving the potential for fraud must be divided into parts that are performed by separate people, an approach called separation of duty.
A classic example is a downloading system, which has three parts: ordering, receiving, and payment. Someone must sign off on each step, the same person cannot sign off on two steps, and the records can be changed only by fixed procedures—for example, an account is debited and a check written only for the amount of an approved and received order.
In this case, although the policy is stated operationally—that is, in terms of specific management controls—the threat model is explicitly disclosed as well. Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change. Integrity policies have not been studied as carefully as confidentiality policies.
Computer measures that have been installed to guard integrity tend to be ad hoc and do not flow from the integrity models that have been proposed see Chapter 3.
Availability Availability is a requirement intended to ensure that systems work promptly and service is not denied to authorized users. From a security standpoint, it represents the ability to protect against and recover from a damaging event. The availability of properly functioning computer systems e. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.
Traditional contingency planning to ensure availability usually includes responses only to acts of God e.
However, contingency planning must also involve providing for responses to malicious acts, not simply acts of God or accidents, and as such must include an explicit assessment of threat based on a model of a real adversary, not on a probabilistic model of nature. For example, a simple availability policy is usually stated like this: "On the average, a terminal shall be down for less than 10 minutes per month. This policy means that the up time at each terminal, averaged over all the terminals, must be at least A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user.
Instead, it identifies a particular threat, a malicious or incompetent act by a regular user of the system, and requires the system to survive this act. It says nothing about other ways in which a hostile party could deny service, for example, by cutting a telephone line; a separate assertion is required for each such threat, indicating the extent to which resistance to that threat is deemed important.
Examples of Security Requirements for Different Applications The exact security needs of systems will vary from application to application even within a single application. As a result, organizations must both understand their applications and think through the relevant choices to achieve the appropriate level of security. An automated teller system, for example, must keep personal identification numbers PINs confidential, both in the host system and during transmission for a transaction. It must protect the integrity of account records and of individual transactions.
Protection of privacy is important, but not critically so. Availability of the host system is important to the economic survival of the bank, although not to its fiduciary responsibility. A telephone switching system, on the other hand, does not have high requirements for integrity on individual transactions, as lasting damage will not be incurred by occasionally losing a call or billing record.
The integrity of control programs and configuration records, however, is critical. Without these, the switching function would be defeated and the most important attribute of all—availability—would be compromised.
A telephone switching system must also preserve the confidentiality of individual calls, preventing one caller from overhearing another. Here is a short selection: Brochure e-tech articles: Protecting critical infrastructure — EN Brochure overview 2. Tweets by IECStandards. Related e-tech articles. Privacy Contact IEC offices.
All rights reserved. IEC Do you want to learn more about computer security incidents and issues at CERN?
Follow our Monthly Report. Security cern. News News Topic: Computer Security. Related Articles.
Computer Security: I love you. Digital Broken Windows The A "file drop" for confiden Also On Computing.