"What is Security? - Definitions and a Common Language",
I am often surprised by the lack of understanding amongst security professionals, and so called "Security Experts", of the term System Security, Cyber Security or simply Security in general. More specifically, it is more often than not that their understanding can be described as incomplete at best. For example, in their minds, System Security relates solely to the prevention of unauthorized disclosure of confidential information. In their Universe, the availability of the system hosting the sensitive information |
Definitions:
Secuirty noun se·cu·ri·ty | \ si-ˈkyu̇r-ə-tē
In accordance to Miriam Webster dictionary, Security is the state of being protected or safe from harm. Specifically, when we refer to Computer Security we mean the ability of a set of devices, software and hardware, and operational procedures to protect the following assets from harm:
Information and/or Data | |
System Software, Applications, and | |
Programs Services - both hardware and software |
Protecting assets from harm (within this context) means:
Confidentiality: assets are used/access only by authorized parties (also refer to as secrecy or privacy) | |
Integrity: assets can be modified only by authorized parties and only in specific ways ("insider threat") | |
Availability: assets are available to authorize parties at time to. |
Defn: a secure computer system, see Garfinkel and Spafford [3], is a system that can be depended upon to behave as it is expected to.Similarly, a security breach is:
"the exploitation by individuals who are using, or attempting to use a computer system without authorization (i.e., crackers) and those who have legitimate access to the system but are abusing their privileges (i.e., the insider threat)."
For all practical purposes, all security breaches in systems are the result of system vulnerabilities: hardware, software, or data vulnerabilities. Namely defects in the design, implementation, and deployment of the system which result in a vulnerability.
References:
[1] http://en.wikipedia.org/wiki/Leslie_Lamport
Fernando C. Colon Osorio "Failure is Feedback, and Feedback is the breakfast of Champions" - Anonymous |