Premium Essay

What Is Computer Security?

In:

Submitted By jahstar
Words 286
Pages 2
Computer security (Also known as cybersecurity or IT Security) is information security as applied to computers and networks.
The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction. Computer security also includes protection from unplanned events and natural disasters.

One way to think of computer security is to reflect security as one of the main features
Some of the techniques in this approach include:
The principle of least privilege, where each part of the system has only the privileges that are needed for its function. That way even if an attacker gains access to that part, they have only limited access to the whole system.
Automated theorem proving to prove the correctness of crucial software subsystems.
Code reviews and unit testing are approaches to make modules more secure where formal correctness proofs are not possible.
Defense in depth, where the design is such that more than one subsystem needs to be violated to compromise the integrity of the system and the information it holds.
Default secure settings, and design to "fail secure" rather than "fail insecure" (see fail-safe for the equivalent in safety engineering). Ideally, a secure system should require a deliberate, conscious, knowledgeable and free decision on the part of legitimate authorities in order to make it insecure.
Audit trails tracking system activity, so that when a security breach occurs, the mechanism and extent of the breach can be determined. Storing audit trails remotely, where they can only be appended to, can keep intruders from covering their tracks.
Full disclosure to ensure that when bugs are found the "window of vulnerability" is kept as short as

Similar Documents

Premium Essay

Forensics

...TABLE OF CONTENTS Introduction 1 Purpose 1 Methodology 1 Organization_______________________________________________________________ 2 Body 2 Computer Forensics 2 Internet Security 2 Conclusion_________________________________________________________________ 4 Sources 5 Introduction In this report I will be writing on two jobs: computer forensics and information Security. I am writing on these two due to the fact that these are two job considerations for my degree. I will be discussing benefits of each job, average pay, and description of each job. I will take time to go into detail into each of the jobs that I would like to have. I will be going into the origin of each job, degrees required for each job, and the different fields that these jobs cover. Purpose The purpose of this report is to educate others and myself on what these two jobs are about. To better inform others of the importance of each of these jobs in the digital world. It will hopefully allow others to have a better understanding of the two jobs that I have chosen. There are many things about each of these jobs that people would deem as boring or not interesting, but the digital world is a very interesting place. It is like another world laid on top of this one, there but just out of reach unless you have the technology to access it. There are many things one can gleam from the internet and the digital world, and I will expound upon...

Words: 1629 - Pages: 7

Free Essay

Data and Privacy

...Privacy and Security Table of Contents Introduction 3 Why Protection 4 Computer Virus 4 How Viruses Infect Computer 5 How People Hack Computer Systems 6 How to Keep Computers Safe from Online Predators 7 Conclusion 10 REFERENCES 11 Introduction The role of computer systems is very vital in our daily lives. Since computers help us to deal with approximately all the major functions of our lives as well as are so inevitable that spending even a day or two away from the computer can leave us feeling powerless. In this prospect, many people control their routine lives by means of their personal computers. However, at the present computer security has become a very critical issue. Additionally, security refers to the technique to discover as well as stop illicit utilization of our secret information or computer. In this scenario, some preventive measures enable us to stop criminal users (as well known as "intruders") from accessing and using some part of our computer system. In addition, recognition of such intrusions helps us in deciding whether or not somebody tried to gain access into our computer system, if they were successful in their attempt, as well as what they could have acquired from the system (ComputerSecurityService, 2011), (Armor2net Software Ltd., 2004) and (Norton, 2001). In addition, the term “computer security” is very commonly used, though; the information and data saved on a computer are in danger...

Words: 2264 - Pages: 10

Premium Essay

Assign

...Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 2 General Security Concepts “The only real security that a man can have in this world is a reserve of knowledge, experience and ability.” —HENRY FORD In this chapter, you will learn how to ■ Define basic terms associated with computer and information security ■ Identify the basic approaches to computer and information security ■ Distinguish among various methods to implement access controls ■ Describe methods used to verify the identity and authenticity of an individual ■ Describe methods used to conduct social engineering ■ Recognize some of the basic models used to implement security in operating systems 20 P:\010Comp\BaseTech\619-8\ch02.vp Wednesday, November 09, 2011 2:01:20 PM I n Chapter 1, you learned about some of the various threats that we, as security professionals, face on a daily basis. In this chapter, you start exploring the field of computer security. Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 ■ Basic Security Terminology The term hacking has been used frequently in the media. A hacker was once considered an individual who understood the technical aspects of computer operating systems and networks. Hackers were individuals...

Words: 16889 - Pages: 68

Premium Essay

Lab 5 Assessment Worksheet

...1. What are other available Password Policy options that could be enforced to improve security? Enforce password history, Maximum password age, Minimum password age, Minimum password length, Password must meet complexity requirements, & Store passwords using reversible encryption. 2. Is using the option to ‘Store passwords using reversible encryption’ a good security practice? Why or why not? As it stores passwords without encrypting them, it is not good practice because they will be stored in plain text. 3. When should you enable the option to ‘Store passwords using reversible encryption’? Only when using a program that requires it. 4. Why should you use the different password policy options available (with exception to storing the password using reversible encryption)? Enforce password history - Prevents users from creating a new password that is the same as their current password or a recently used password, Maximum password age - Sets the maximum number of days that a password is valid and after this number of days, the user will have to change the password Minimum password age - Sets the minimum number of days that must pass before a password can be changed Minimum password length - Specifies the fewest number of characters a password can have Password must meet complexity requirements - Requires that passwords: be at least six characters long/contain a combination of at least three of the following characters: uppercase letters, lowercase...

Words: 676 - Pages: 3

Premium Essay

Principles of Security 5th Edition Chapter 1 Review Questions

...Questions 1. What is the difference between a threat agent and a threat? A threat agent is a specific component that represents a danger to an organization’s assets. And a threat is an object, person or entity that represents a constant danger. 2. What is the difference between vulnerability and exposure? Vulnerability is a weakness is a system that leaves the system open to attacks. Exposure is the known vulnerabilities that make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security? If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both to hardware and software. The infrastructure must be protected to allow only authorized user to have access to the network. 4. What type of security was dominant in the early years of computing? Physical security. 5. What are the three components of the C.I.A. triangle? What are they used for? Confidentiality, Integrity and availability are the three components of the C.I.A triangle. They are used as a standard for computer security. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The C.I.A triangle provides a basic standard of what is needed to keep information secured. 7. Describe the critical characteristics of information. How are they used in the study of computer security? Availability ensures...

Words: 829 - Pages: 4

Premium Essay

Principles of Information Security Chapter 1

...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or...

Words: 4896 - Pages: 20

Premium Essay

It Law and Ethics

...this chapter readers will learn to identify major national and international laws that relate to the practice of information security as well as come to understand the role of culture as it applies to ethics in information security. Chapter Objectives When you complete this chapter, you will be able to: Differentiate between law and ethics Identify major national and international laws that relate to the practice of information security Understand the role of culture as it applies to ethics in information security Access current information on laws, regulations, and relevant professional organizations Set-up Notes This chapter could be completed in a single class session, if there is sufficient time to cover the material. Unless the students have not had the opportunity to read the material in advance (in some settings, the textbooks are not made available until the first class meeting), it may be prudent to have a general discussion of the topic, with detailed lecture to follow at the next class meeting. The subject matter can be covered in 1.25 to 2.5 hours. Lecture Notes and Teaching Tips with Quick Quizzes Introduction As a future information security professional, it is vital that you understand the scope of an organization’s legal and ethical responsibilities. To minimize the organization’s liabilities the information security practitioner must understand the current legal environment and keep apprised of new laws, regulations, and ethical issues as...

Words: 4470 - Pages: 18

Premium Essay

Hello Hello

...Principles of Information security textbook problems Chapter ... www.cram.com/.../principles-of-information-security-textbook-problems... Study Flashcards On Principles of Information security textbook problems Chapter 1 & 2 at ... What is the difference between a threat and a threat agent? A threat ... 01_Solutions - Principles of Information Security, 4 th Edition ... www.coursehero.com › ... › ISIT › ISIT 201 Unformatted text preview: Principles of Information Security, 4 th Edition Chapter 1 Review Questions 1. What is the difference between a threat agent and a ... Chapter 1-Introduction to Information Security Principles of ... www.termpaperwarehouse.com › Computers and Technology Jun 16, 2014 - Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an ... Category:Threat Agent - OWASP https://www.owasp.org/index.php/Category:Threat_Agent May 15, 2012 - The term Threat Agent is used to indicate an individual or group that can ... Organized Crime and Criminals: Criminals target information that is of value ... Threat Risk Modeling is an activity to understand the security in an application. ... NET Project · Principles · Technologies · Threat Agents · Vulnerabilities ... Threat (computer) - Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Threat_(computer) A more comprehensive definition, tied to an Information assurance point of view, can be found ... National...

Words: 598 - Pages: 3

Premium Essay

A Key Concept in Information Systems

...Systems In this paper we will provide an overview and history of computer and network security. We will identify one current use of computer and network security and provide an example of this concept in practical use. A discussion of attitudes towards computer and network security will be made and justifications towards the attitude. We will explain the fundamental strengths and weaknesses toward computer and network security and will provide expert views regarding computer and network security. An overview of the origin and history of computer and network security. Lately enthusiasm for security was energized by the wrongdoing submitted by Kevin Mitnick. Kevin Mitnick carried out the biggest computer related wrongdoing in U.S. history. The misfortunes were eighty million in United States dollars, and licensed innovation and source code from a mixture of organizations. From that point forward, data security came into the spotlight. Open systems are being depended upon to convey budgetary and individual data. Because of the development of data that is made accessible through the web, data security is moreover needed to develop. Because of Kevin Mitnick's offense, organizations are underscoring security for the protected innovation. The web has been a driving power for information security change. Web conventions in the past were not developed to secure themselves. Inside of the TCP/IP correspondence stack, security protocols are not actualized which leaves the network open to assaults...

Words: 2196 - Pages: 9

Premium Essay

Essay On Home Computer Security

...Even though news stories are full of computer security concerns, home computer users do not have a clear image about computer security. Home computers are target for hackers because of their vulnerabilities. Hackers change home computers into what is know a Zombie army which facilities them to attack other computers on the network by using smart software. Moreover, Home computers are subject to other threats like identity theft. Therefore, this report focuses on the importance of Home Computer Security by shedding light on threats to them with tangible solution to these threats. introduction Home computer is the preferable target of hackers according to Symantec (computer Security Company) that 86 precent \cite{Hacker} of all attacks aim home computers. Home computers are targeted due to the user’s lack of basic information about how to secure their computers. Another...

Words: 1093 - Pages: 5

Premium Essay

An Introduction to the Computer Security Problem

...Essay 1 What Is There to Worry About? An Introduction to the Computer Security Problem Donald L. Brinkley and Roger R. Schell This essay provides an overview of the vulnerabilities and threats to information security in computer systems. It begins with a historical presentation of past experiences with vulnerabilities in communication security along with present and future computer security experiences. The historical perspective demonstrates that misplaced confidence in the security of a system is worse than having no confidence at all in its security. Next, the essay describes four broad areas of computer misuse: (1) theft of computational resources, (2) disruption of computational services, (3) unauthorized disclosure of information in a computer, and (4) unauthorized modification of information in a computer. Classes of techniques whereby computer misuse results in the unauthorized disclosure and modification of information are then described and examples are provided. These classes are (1) human error, (2) user abuse of authority, (3) direct probing, (4) probing with malicious software, (5) direct penetration, and (6) subversion of security mechanism. The roles of Trojan horses, viruses, worms, bombs, and other kinds of malicious software are described and examples provided. In the past few decades, we have seen the implementation of myriads of computer systems of all sizes and their interconnection over computer networks. These systems handle and are required to protect...

Words: 13185 - Pages: 53

Premium Essay

Computer Security

...Computer Security Victoria M. Deardorff Brevard Community College April 10, 2012 This paper is written as a basic overview of computer security for the non-technical user. This paper is meant to educate the reader on practical steps that can be implemented to secure their home-based computers. Additionally, the reader will be informed of industry and government needs for and methods of computer security. With this information, the reader should gain a better understanding of why agencies and companies have their rules and regulations pertaining to computer security. What do you think when you read or hear the words “computer security”? The word security implies freedom from risk, danger, doubt, anxiety, or fear and invokes a feeling of safety and confidence. As security relates to our computers, you may immediately ask yourself if you have done everything possible to guard your personal computer as well as the information stored on that computer. Also, you may think about the companies with which you do business and ask the same question; have they done everything possible to protect my personal information? The world of computer security or information security, as it is sometimes called, continues to evolve as consumers expand the use of computer systems. “The story of network attacks, bugs, viruses, and criminal actions stretches as far as the computer industry itself. One of the first bugs to develop in a computer system was precisely that: a moth was found...

Words: 1938 - Pages: 8

Premium Essay

It 205 Information Use Paper

...control for user and the system administrator is responsible for the performance and operation. Are Administrator sign me to a computer this is one form of security here. Another way to prevent people from coming to the server or network, For example if we have important information it will go through a router then you will have a firewall this will prevent people from interring are network. Also every employee in the company as a CAT card, A CAT card as a pin number associate with every employee. This pin number allow you access the computer and also getting in the building but the mean point with the CAT card allow you to access computer and emails. By this will let the company know whom using the computer and access the web and emails. It prevents dishonesty with the company. Now getting that out the way I will explain what I do for work. I work for the government in IT, as a Part Timer. Every morning getting in my building I use My CAT card to enter the building, then I start my day. My occupation is information system, I will begin off with information system, and my obligations are figure out what the association needs in a system and PC framework before it is situated up. Additionally introduce all system equipment and programming that need overhaul and repairs before the each one comes in. additionally I keep up the system and PC framework security and guarantee that all framework is working accurately. I gather information keeping in mind the end goal to assess the system...

Words: 647 - Pages: 3

Premium Essay

Ethical Hacking

...What is Ethical Hacking Ethical hacking provides a way to determine the security of an information technology environment – at least from a technical point of view. As the name ethical hacking already tells, the idea has something to do with hacking. But what does “hacking” mean “The word hacking has two definitions. The first definition refers to the hobby/profession of working with computers. The second definition refers to breaking into computer systems. While the first definition is older and is still used by many computer enthusiasts(who refer to cyber-criminals as "crackers"), the second definition is much more commonly used.” – Definition by Internet Security Systems In the context of “ethical hacking”, hacking refers to the second definition –breaking into computer systems. It can be assumed that hacking is illegal, as breaking into a house would be. At this point, “ethical” comes into play. Ethical has a very positive touch and describes something noble which leads us to the following definition of ethical hacking: Ethical hacking describes the process of attacking and penetrating computer systems and networks to discover and point out potential security weaknesses for a client which is responsible for the attacked information technology environment. An ethical hacker is therefore a “good” hacker, somebody who uses the methods and tools of the blackhat4 community to test the security of networks and servers. The goal of an ethical hack is neither to do damage...

Words: 1321 - Pages: 6

Premium Essay

Harden Windows Xp with Group Policy

...Hardening client computers is essential when you are using a multi platform based network. Hardening is simply creating security lockdown protocols that will deter any intrusion from the outside and inside of a network. There are several ways to deploy those hardening settings the Security Configuration Wizard Graphic User Interface (SCW GUI), the Scwcmd command line deployment tool, and the Group Policy object (GPO). We will be discussing the GPO deployment method. This hardening procedure is required to maintain a secure operating system and network environment as a network firewall cannot prevent all intrusion that need to be stopped. When using the GPO to deploy security setting to another client computer there are some things that need to be done in order for the set up to be successful. There will be the need for a security risk assessment to be conducted to determine what will need to be protected against and what type of protection levels will need to be implemented. How the hardening (security) policies will be created and deployed to client computers. What type of operating systems is on the network in order to test the policy before it is deployed? With these question answered the hardening process can begin. First the servers and client computers must have the latest updates from their respective software company then the policies must be defined and tested for security to ensure they meet the requirements set forth in the security risk assessment...

Words: 673 - Pages: 3