Date published 


Gentle Reader. Your interest in this book is understandable. Computer security has become one of the most important areas in the entire discipline of computing. Basic Computer Security Practices. • Make backups of important files. • Apply patches to the operating system. • Use anti-virus software, update definitions very . The meaning of the term computer security has evolved in recent years. While the definition of computer security used in this book does, therefore, include.

Language:English, Spanish, Arabic
Published (Last):14.12.2015
Distribution:Free* [*Registration needed]
Uploaded by: ADRIENE

56114 downloads 127706 Views 26.80MB PDF Size Report

Computer Security Pdf

This paper introduces some known threats to the computer security, presents some protection mechanisms and techniques for ensuring security of a computer . Why Computer Security? Computer Security is important for protecting the confidentiality, integrity, and availability of computer systems and their resources. In this tutorial, we will treat the concept of computer security which can be a the basics of Computer Security and how to deal with its various components and.

Here you will get the material for computer IT and Computer security related courses and tutorials. As these tutorials are included in many of the academic schedules, you will need to get detailed information on them. As it will not possible for you to browse the web for every small topic, you can go for downloading the PDF files for having easy access to the information. Also tutorials, corrected exercises and practical work will make it easy for you to have a clear understanding of every topic. No matter you are a beginner or want advanced information on any of these Computer security topics, you can visit this Computer security topic for complete knowledge. Moreover, all the material is free to download from this website. Home Computer security.

Computer Security Tutorial in PDF

In the commercial world confidentiality is customarily guarded by security mechanisms that are less stringent than those of the national security community. For example, information is assigned to an "owner" or guardian , who controls access to it.

With Trojan horse attacks, for example, even legitimate and honest users of an owner mechanism can be tricked into disclosing secret data. The commercial world has borne these vulnerabilities in exchange for the greater operational flexibility and system performance currently associated with relatively weak security.

Cyber Security Books

Integrity Integrity is a requirement meant to ensure that information and programs are changed only in a specified and authorized manner. It may be important to keep data consistent as in double-entry bookkeeping or to allow data to be changed only in an approved manner as in withdrawals from a bank account. It may also be necessary to specify the degree of the accuracy of data. Some policies for ensuring integrity reflect a concern for preventing fraud and are stated in terms of management controls.

For example, any task involving the potential for fraud must be divided into parts that are performed by separate people, an approach called separation of duty.

A classic example is a downloading system, which has three parts: ordering, receiving, and payment. Someone must sign off on each step, the same person cannot sign off on two steps, and the records can be changed only by fixed procedures—for example, an account is debited and a check written only for the amount of an approved and received order.

In this case, although the policy is stated operationally—that is, in terms of specific management controls—the threat model is explicitly disclosed as well. Other integrity policies reflect concerns for preventing errors and omissions, and controlling the effects of program change. Integrity policies have not been studied as carefully as confidentiality policies.

Download free PDF courses and tutorials on Computer security - page 1

Computer measures that have been installed to guard integrity tend to be ad hoc and do not flow from the integrity models that have been proposed see Chapter 3.

Availability Availability is a requirement intended to ensure that systems work promptly and service is not denied to authorized users. From a security standpoint, it represents the ability to protect against and recover from a damaging event. The availability of properly functioning computer systems e. Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.

Traditional contingency planning to ensure availability usually includes responses only to acts of God e.

However, contingency planning must also involve providing for responses to malicious acts, not simply acts of God or accidents, and as such must include an explicit assessment of threat based on a model of a real adversary, not on a probabilistic model of nature. For example, a simple availability policy is usually stated like this: "On the average, a terminal shall be down for less than 10 minutes per month. This policy means that the up time at each terminal, averaged over all the terminals, must be at least A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user.

Instead, it identifies a particular threat, a malicious or incompetent act by a regular user of the system, and requires the system to survive this act. It says nothing about other ways in which a hostile party could deny service, for example, by cutting a telephone line; a separate assertion is required for each such threat, indicating the extent to which resistance to that threat is deemed important.

Examples of Security Requirements for Different Applications The exact security needs of systems will vary from application to application even within a single application. As a result, organizations must both understand their applications and think through the relevant choices to achieve the appropriate level of security. An automated teller system, for example, must keep personal identification numbers PINs confidential, both in the host system and during transmission for a transaction. It must protect the integrity of account records and of individual transactions.

Protection of privacy is important, but not critically so. Availability of the host system is important to the economic survival of the bank, although not to its fiduciary responsibility. A telephone switching system, on the other hand, does not have high requirements for integrity on individual transactions, as lasting damage will not be incurred by occasionally losing a call or billing record.

The integrity of control programs and configuration records, however, is critical. Without these, the switching function would be defeated and the most important attribute of all—availability—would be compromised.

A telephone switching system must also preserve the confidentiality of individual calls, preventing one caller from overhearing another. Here is a short selection: Brochure e-tech articles: Protecting critical infrastructure — EN Brochure overview 2. Tweets by IECStandards. Related e-tech articles. Privacy Contact IEC offices.

Featured resources

All rights reserved. IEC Do you want to learn more about computer security incidents and issues at CERN?

Follow our Monthly Report. Security cern. News News Topic: Computer Security. Related Articles.

Computer Security: I love you. Digital Broken Windows The A "file drop" for confiden Also On Computing.

Similar files:

Copyright © 2019
DMCA |Contact Us