Page 8 - DCAP516_COMPUTER_SECURITY
P. 8
Computer Security
Notes of the mechanisms that enforce the security policy. It also requires knowledge of the related
assumptions and trust, which lead to the threats and the degree to which they may be realized.
Such knowledge allows one to design better mechanisms and policies to neutralize these threats.
This process leads to risk analysis. Human beings are the weakest link in the security mechanisms
of any system. Therefore, policies and procedures must take people into account. This Unit
discusses each of these topics.
Why is Security Important?
Computer security is the process of preventing or detecting unauthorized use of your computer.
Malicious software on your computer can damage files, steal personal information and ultimately
render your computer inoperable. Using the proper security can help prevent these types of
problems.
Privacy Issues
Computers are used for everything from banking to shopping to communication, all things that
you may not want strangers accessing. Generally when people use the Internet their activities
are not private anymore. Anytime you apply for an account, register for something or purchase
something online that information is saved. This information can be sold to marketing companies
without your knowledge or consent. This can be either legal, or illegal, depending on the
circumstances.
Things like online banking and shopping are usually done through secured websites which
protect the user from identity theft, but no security is foolproof and you should be aware of
where you put personal information when you are on the Internet. Social networking sites are
common places that private information is revealed if you are not careful.
1.1 Basic Components of Security
Computer security rests on confidentiality, integrity, and availability. The interpretations of
these three aspects vary, as do the contexts in which they arise. The interpretation of an aspect in
a given environment is dictated by the needs of the individuals, customs, and laws of the
particular organization.
Confidentiality, Integrity and Availability are the basic components of computer security. In
this Unit you will learn briefly about these components.
Confidentiality: A good example is cryptography, which traditionally is used to protect secret
messages. But cryptography is traditionally used to protect data, not resources. Resources are
protected by limiting information, for example by using firewalls or address translation
mechanisms.
Integrity: A good example here is that of an interrupted database transaction, leaving the database
in an inconsistent state. Trustworthiness of both data and origin affects integrity. The term
integrity is tied to trustworthiness makes it much harder to quantify than confidentiality.
Cryptography provides mechanisms for detecting violations of integrity, but not preventing
them (e.g., a digital signature can be used to determine if data has changed). You will study
about cryptography in detail in the subsequent Unit.
Availability: This is usually defined in terms of “quality of service,” in which authorized users
are expected to receive a specific level of service (stated in terms of a metric). Denial of service
attacks are attempts to block availability.
2 LOVELY PROFESSIONAL UNIVERSITY
