A Definition of Computer Security
 |
| Figure:1 |
Computer Security
The protection provided to an automated information system to achieve the appropriate objectives of maintaining the integrity, availability, and confidentiality of information system resources (including hardware, software, firmware, information/data, and telecommunications
This definition introduces three key objectives that are at the heart of computer security
Confidentiality: This term covers the two related concepts
Data confidentiality: Ensures that private or confidential information is not made available or disclosed to unauthorized persons
Privacy Policy: ensures that individuals can control or influence what information is collected and stored about them, and by whom and with whom that information may be share
Integrity: This term covers the two related concepts
Data integrity: ensures that information and programs are only changed in a specified and authorized manner
System Integrity: ensures that a system is performing its intended function unimpeded, free from intentional or unintentional tampering with the syste
Availability: Ensures systems are up and running promptly and that authorized users are not denied service
These three concepts form what is often referred to as the CIA triad. The three concepts embody basic security goals for data and information as well as for IT services. For example N
RFC 2828 defines information as "facts and ideas that can be represented (encoded) as various forms of data" and data as "information in a specific physical representation, usually a sequence of symbols, carrying a meaning; specifically a Representation of information that can be processed or produced by a computer
FIPS 199 (Federal Information Security Categorization Standards and Information Systems) lists confidentiality, integrity and availability as the three security objectives for information and information systems. FIPS PUB 199 provides a useful characterization of these three objectives in terms of requirements and the definition of a security breach in each catego
Confidentiality: Upholding authorized restrictions on access and disclosure of information, including means of protecting privacy and proprietary information. A breach of confidentiality is the unauthorized disclosure of informat
Integrity: Protecting against improper alteration or destruction of information, including ensuring the non-repudiation and authenticity of information. A loss of integrity is the unauthorized alteration or destruction of informati
Availability: Ensure timely and reliable access and use of information. A loss of availability is the interruption of access to or use of information or an information syst
Although the CIA's use of the triad to define security objectives is well established, some in the security community feel that additional concepts are needed to paint a complete picture. Two of the most frequently mentioned are the followin
Authenticity: The quality of being genuine and verifiable and trustworthy; Confidence in the validity of a transmission, a message, or the originator of the message. This means verifying that users are who they say they are and that any input that goes into the system is from a trusted sourc
Accountability: The security goal that drives the requirement that an entity's actions be traced back only to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and recovery from action and legal action. Since truly secure systems are not yet an achievable goal, we need to be able to trace a security breach back to the perpetrator. Systems must keep logs of their activities so that later forensics can track security breaches or help with transaction disput
No comments:
Post a Comment