Page 242 - DCAP104_EXPOSURE_TO_COMPUTER_DISCPLINES
P. 242

Unit 13: Understanding the Need of Security Measures



            national news, are attacks against availability. Other important concerns of computer security   Notes
            professionals are access control and non-repudiation. Maintaining access control means not only
            that users can access only those resources and services to which they are entitled, but also that
            they are not denied resources that they legitimately can expect to access. Non-repudiation implies
            that a person who sends a message cannot deny that he sent it and, conversely, that a person who
            has received a message cannot deny that he received it. In addition to these technical aspects, the
            conceptual reach of computer security is broad and multifaceted. Computer security touches draws
            from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime;
            the prevention, detection, and remediation of attacks; and identity and anonymity in cyberspace.
            While confidentiality, integrity, and authenticity are the most important concerns of a computer
            security manager, privacy is perhaps the most important aspect of computer security for everyday
            Internet users. Although users may feel that they have nothing to hide when they are registering
            with an Internet site or service, privacy on the Internet is about protecting one’s personal
            information, even if the information does not seem sensitive. Because of the ease with which
            information in electronic format can be shared among companies, and because small pieces of
            related information from different sources can be easily linked together to form a composite of,
            for example, a person’s information seeking habits, it is now very important that individuals are
            able to maintain control over what information is collected about them, how it is used, who may
            use it, and what purpose it is used for.
            13.1.2 Security is Spherical

            Computer systems can never have absolute security in real life. They exist to be used; not to be
            admired in a locked room sealed away from the outside world. Systems can, however, be made
            more secure than they would be otherwise. Let’s see how we can conceptualize this.

            Security is spherical, but has markers
            Threats to a system can originate from any source, not just the ones that you have considered or
            defended against. Think of the threat universe as a sphere around the target, each incoming threat
            made up of the results of many different vector components. Like a color wheel, it gradiates as
            the radius increases.

            Think of the system at the center of a sphere made up of hostile intentions. Let’s cut a circular
            plane out of the sphere in the middle of it (Figure 13.1).


                                 Figure 13.1: Spherical System of Security


























                                             LOVELY PROFESSIONAL UNIVERSITY                                   235
   237   238   239   240   241   242   243   244   245   246   247