COMPUTER SECURITY CONCEPTS

By: Qubilah D’souza 411109 TE computer

REFERENCE:Operating Systems – By W

Stallings(page number 636-637).

SUMMARY:Computer security.Three key objectives.Three objectives in terms of

requirements and the definition of loss of security in each category.

COMPUTER SECURITY: The protection afforded to an

automated information system in order to attain the applicable objectives of preserving the integrity,availability and confidentiality of information system resources(includes hardware,software,firmware,information/data)

THIS DEFINITION INTRODUCES 3 KEY OBJECTIVES :1.CONFIDENTIALITY

DATA CONFIDENTIALITY: assures that private or confidential information is not made available or disclosed to unauthorised individuals,

PRIVACY: assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed

2.INTEGRITY

DATA INTEGRITY: Assures that information and programs are changed only in specific and authorized manner

SYSTEM INTEGRITY:Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of system

3.AVAILABILITYAssures that systems work promptly and services is not denied to authorized users

THESE THREE CONCEPTS FORM IS OFTEN REFFERED TO AS THE CIA TRIADCONFIDENTIALITY,INTEGRITY AND AVAILABILITY ARE LISTED AS THE THREE SECURITY OBJECTIVES FOR INFORMATION AND FOR INFORMATION SYSTEMS

THESE THREE CONCEPTS FORM IS OFTEN REFFERED TO AS THE CIA TRIAD

CONFIDENTIALITY,INTEGRITY AND AVAILABILITY ARE LISTED AS THE THREE SECURITY OBJECTIVES FOR INFORMATION AND FOR INFORMATION SYSTEMS

FIPS PUB 199 (STANDARDS FOR SECURITY CATEGORIZATION OF FEDRAL INFORMATION AND INFORMATION SYSTEM) provides useful categorization of these three objectives in terms of requirements and the definition of loss of security in each category.

1.CONFIDENTIALITYPreserving authorized restrictions on information access and disclosure ,including means for protecting personal privacy and proprietary information.Loss of confidentiality is the unauthorized disclosure of information

2.INTEGRITYGuarding against improper information modification or destruction.A loss of integrity is the unauthorized modification or destruction of. information

3.AVAILABILITYEnsuring timely and reliable access to and use of information.A loss of availability is the disruption of access to or use of information or an information system.

CIA triad is well established still there are two additional concepts are needed to present the complete picture

1.Authenticity

2.Accountability

1.AuthenticityThe property of being genuine and being able to be verified and trusted; confidence in the validity of transmission, a message, or message originator.This means verifying that the user are who they say the are and that each input arriving at the system came from a trusted source

2.AccountabilityThe security goal that generates the requirement for action of an entity to be traced uniquely to that entity.This supports non repudiation, fault isolation, intrusion detection and prevention, and after action recovery and legal action.This helps to trace a security breach to a responsible party