Computer security is a section of computer science which deals with the validity, the discretion in keeping secretes facts and figures or data and the availability of systems, the system software or programs, the physical components or devices, and finally the facts and figures or data found or contained in the very systems. There are three features of security which make up the definition of system security which include integrity, confidentiality and availability.
Any failure to observe these factors will result in the system being compromised and hence failing to meet the standards and requirements of the user or the owner. An intruder will try to intrude and will manage to do so if there is not confidentiality that exists within the computer system. Confidentiality is a feature which when compromised the processed facts and figures are disclosed to unauthorized persons. An example is in networking where the eaves dropper sniffs the data from the transmission line and changes it to suite his or her needs or desires.
Integrity is also another characteristic where lack of it leads to the changing of the data in the system. The information which resides within the host system and that which is being transmitted or transferred is changed to something else which a different meaning other than there has expected.
Availability is another crucial aspect which needs to be embraced and if that lack or is absent, whatever is experienced is what is referred to as the denial of service a type of attack where the system components are barred from the reach of the owner who is the ultimate user. This is a feature which is violated when the system fails to honor the requests made by its legitimate user or owner. The failure to observe this kind of property comes when the ultimate user is denied the right to view or see the contents of the system.
It is therefore very important to secure the systems for the purpose of safeguarding the information within the very system for the advantage of the firms and individuals. Those processes which cause the malfunctioning of the system security are referred to as threats and these are eliminated or protected through the setting of controls in place to curb their occurrences
Other components of security include vulnerability, threats, uncertainties or risks, control measures and exposures. Threats are any prospective dangers which are exposed to the systems or the facts and figures residing in these systems. An agent of threat is a system which takes advantage of the weakness of that system. Uncertainties or risks are those possibilities which will always joy ride the weaknesses that may render the attackers authorizations to view unauthorized data. A reduction in the risks leads to a corresponding reduction in the likelihood of a threat. Vulnerability is a program, physical component or scheduled weaknesses which help the intruders or attackers to get into the system or to the network and be granted unauthorized access to the resources which exist in the computing surrounding.
On the other hand, there is another aspect of information security, information assurance. These are the steps that are taken so that confidentiality, attainment of control, integrity, availability and authenticity of information and information systems is achieved. With the adoption of information systems in firms, there has been a need to ensure that information systems availability and integrity is assured. What we have been talking about the data aspect of security. In the aspect of information assurance, it is the assurance that the information systems that are used to deliver processes are available.
Information is one asset that is very important to organizations. This is because information is what makes the operations and processes moving. Information security is therefore very crucial in the processes of a given organization. The data losses that come from information security affect both individuals and the organization. As organizations adopt information systems, there is need to have the assurance that the information systems will always be available for use. They should not be the down or lead to a breakdown of service delivery. This is the reason why there is a need to be an assurance that the information systems will always be there and will also help secure and protect information processes.
Main features of data security
Information security can be categorized to three main areas. The areas are the gateway, server and the client. The three categories give an important methodology that is useful for data security. The gateway is the entry point to the network. The gateway is an important aspect when dealing with security because it determines what comes to the network.
Another important component that is important in assessing computer security is that of server. The server is an important component when dealing with computer security. It is important because it affects the client machines because they were connected. They should be protected so that the other components are safe.
Another category is that of the client. It is an important component because of the insecure processes that the users do not use. It is therefore important to protect the clients.
Information security can have many categories. These categories are based on the attack and the level of attack. Computer systems are made up of hardware and software. There are various aspects of data security. The major components have been shown in the sections above.
Security of the levels
The security levels that have been mentioned include the gateway, server, and client. The security of these important components is something paramount. To secure the gateway, there will be need to have a firewall. This is a mechanism where the connections outside the network and the network itself are assessed. All outside connections are sieved so that safe connections are established. A way to secure the server is by having GPO (Group policy Object) security in case it is running Windows server and inbuilt security features for other Linux and Macintosh servers. These are features that come with vendors and they have to be activated. The last way to secure the client is to have ant--viruses and making sure that security policies are put in place.
Joaquin Garcia-Alfaro, G. N.-A. (2011). Data Privacy Management and Autonomous Spontaneous Security: 5th International Workshop, DPM 2010 and 3rd International Workshop, SETOP 2010 Athens, Greece, September 23, 2010 Revised Selected Papers. Springer.
Lorrie Faith Cranor, S. G. (2005). Designing Secure Systems That People Can Use. O'Reilly Media, Inc.
Palmer, C. (2009). Critical Infrastructure Protection III: Third IFIP WG 11. 10 International Conference, Hanover, New Hampshire, USA, March 23-25, 2009, Revised Selected Papers. Springer.
Storage Networking Industry Association. (2010). A Data Protection Taxonomy. Storage Networking Industry Association.