Computer
security
Computer
security, cyber security, or IT security is the protection of computer systems
from theft or damage to their hardware, software or electronic data, as well as
from disruption or misdirection of the services they provide.
The field is of
growing importance due to increasing reliance on computer systems, the Internet
and wireless networks such as Bluetooth and Wi-Fi, and due to the growth of
"smart" devices, including smartphones, televisions and the various
tiny devices that constitute the Internet of Things. Due to its complexity,
both in terms of politics and technology, it is also one of the major
challenges of contemporary world.
Defining Computer Security
If you want a computer to be perfectly
secure, you could fill it with concrete and dump it in the ocean. This would
protect any information on the computer from inappropriate use. Unfortunately,
the computer would be completely unusable, so you probably don't want to do
that! Since you want to both use your computer and keep it safe, you should
practice good computer security. Computer security allows you to use the
computer while keeping it safe from threats.
Computer
security can be
defined as controls that are put in place to provide confidentiality,
integrity, and availability for all components of computer systems. These
components include data, software, hardware, and firmware. This is a complex
definition. Let's illustrate the definition by showing you a day in the life of
Samantha, a security manager just hired for a small company. The company
doesn't have any computer security yet, so she knows to start with the very
basics.
Components of Computer Systems
Samantha's
first order of business is learning about the components of the computer
systems she needs to protect. She asks the IT manager what kind of hardware,
firmware, and software the company uses.
- Hardware is the
physical part of the computer, like the system memory and disk drive.
- Firmware is the
permanent software that runs the processes of the computer and is mostly
invisible to the user, like the start-up functions that make elements of
the hardware work together.
- Software is the
programming that offers services to the user and administrator. The
operating system, word processor, computer games, and Internet browser are
all examples of software commonly found on a computer.
Learning about
these components tells Samantha what hardware, software, and firmware she has
to protect. She doesn't know what types of data she'll need to protect yet, but
Samantha will work with people across the company to learn what information is
stored and processed in the computer systems. Samantha knows that she'll have
to learn about which data is important to the company, and she'll have to
protect its confidentiality, integrity, and availability.
The CIA Triad
For confidentiality,
she'll have to ensure that information is available only to the intended
audience. That confidentiality includes privacy of information that may be
personal and sensitive. Protecting the data's integrity is
also a concern. The company needs certainty that information does not become
inaccurate because of unintended changes. Finally, she'll work with the IT
manager to protect the data's availability, or the ability for
allowed persons to access the computer and its information whenever necessary.
The protection of these qualities is her top goal as a security manager. These
qualities are called the CIA triad.
Computer Security Controls
In
simple language, computer security is making sure information and computer
components are usable but still protected from people and software that
shouldn't access or change it. The protection comes from controls,
or technical, physical, and procedural choices that limit access to the
computer components.
Samantha
knows that controls for computer security could include virus protection,
locked computer cabinets, and regular review of the people with access to the
computer. She'll have to choose controls for computer security carefully in
order to align the necessary user access with the minimum amount of unnecessary
ability.
Samantha
spends her first few weeks as security manager learning about the computer
systems, data, and security needs of her company. She learns about the function
each department performs and the ways that they use computers. When she
understands the company's use of technology, she is ready to start adding computer
security controls for the company.
