Page 241 - DCAP104_EXPOSURE_TO_COMPUTER_DISCPLINES
P. 241
Exposure to Computer Disciplines
Notes
Objectives
After studying this unit, you will be able to:
• Discussed the basic security concepts.
• Explained threats to users.
• Understand threats to hardware.
• Understand threats to data.
• Explained cyber terrorism.
Introduction
The term computer security is used frequently, but the content of a computer is vulnerable to few
risks unless the computer is connected to other computers on a network. As the use of computer
networks, especially the Internet, has become pervasive, the concept of computer security has
expanded to denote issues pertaining to the networked use of computers and their resources.
Threat is defined as a computer program, a person, or an event that violates the security system.
A threat causes loss of data and attacks the data privacy. Cyber terrorism describe the use of
Internet based attacks in terrorist activities, including acts of deliberate, large-scale disruption of
computer networks, especially of personal computers attached to the Internet, by the means of
tools such as computer viruses.
13.1 Basic Security Concepts
Computer security means to protect information. It deals with the prevention and detection of
unauthorized actions by users of a computer. Lately it has been extended to include privacy,
confidentiality and integrity.
This unit provides an overview of security concepts, focusing on the following areas:
• Application-Level Security
• Transport-Level Security
These are two basic categories of security that can be independently configured but are often
interrelated. The former mostly determines who can access data and what tasks they are allowed
to perform; the latter mostly determines the security of data as it is transmitted.
Note that application-level configuration can include transport-level specifications, such as having
an application-level constraint requiring Secure Sockets Layer and transport-level security can also
involve authentication (limiting data access to appropriate users), such as when client certification
is requested as part of the transport-level functionality.
13.1.1 Technical Areas
The major technical areas of computer security are usually represented by the initials CIA:
confidentiality, integrity, and authentication or availability. Confidentiality means that information
cannot be access by unauthorized parties. Confidentiality is also known as secrecy or privacy;
breaches of confidentiality range from the embarrassing to the disastrous. Integrity means that
information is protected against unauthorized changes that are not detectable to authorized
users; many incidents of hacking compromise the integrity of databases and other resources.
Authentication means that users are who they claim to be. Availability means that resources are
accessible by authorized parties; “denial of service” attacks, which are sometimes the topic of
234 LOVELY PROFESSIONAL UNIVERSITY
