Malware Conference News
Thank You Letter to Dr. Anthony Arrott and Prof. Arun Lakhotia
Malware 2016
Outstanding Contribution Award
and
Thank you
Presented to
Dr. Anthony Arrott and Prof. Arun Lakhotia
In recognition to their contributions to
the Field of Information and Systems Security
and their devotion in making the Malware Conference truly world class.
Malware Conference 2016 Best Paper Award
Malware Conference 2016 Best Paper Award
Dr. WILLIAM CASEY and Mr. AARON SHELMIRE ANOMALI
SOFTWARE ENGINEERING INSTITUTE, CARNEGIE-MELLON UNIVERSIOTY
Pittsburg, Pennsylvania, USA
Login Form
Malware Blog
What is Security? - Definitions and a Common Language
- Font size: Larger Smaller
- Hits: 3884
- 3 Comments
- Subscribe to this entry
- Bookmark
I am often surprised by the lack of understanding amongst security professionals, and so called "Security Experts", of the term System Security, Cyber Security or simply Security in general. More specifically, it is more often than not that their understanding can be described as incomplete at best. For example, in their minds, System Security relates solely to the prevention of unauthorized disclosure of confidential information. In their Universe, the availability of the system hosting the sensitive information is often a reliability and not a Security issue, albeit, when confronted with the idea of a DDoS attack, they quickly change their minds. This collection of blogs, which I fondly refer to as "Security 101 - The fundamentals", has a single purpose. That of establishing a common framework for security discussions, and a common language so that we can attack some of the greatest challenges facing our industry today. This first blog is the result of many years of teaching Security courses at Worcester Polytechnic Institute and Brandeis University Computer Science Departments. It summarizes my first two lectures in the field of Computer Security, and draws heavily on seminal manuscripts published in 1976 by Leslie Lamport [1] and Butler Lampson [2] while addressing the important problems of "Protection" in Operating Systems.
Definitions
Secuirty noun se·cu·ri·ty \si-ˈkyu̇r-ə-tē\
In accordance to Miriam Webster dictionary, Security is the state of being protected or safe from harm. Specifically, when we refer to Computer Security we mean the ability of a set of devices, software and hardware, and operational procedures to protect the following assets from harm:
Information and/or Data
System Software, Applications, and
Programs Services - both hardware and software
Protecting assets from harm (within this context) means:
Confidentiality – assets are used/access only by authorized parties (also refer to as secrecy or privacy)
Integrity – assets can be modified only by authorized parties and only in specific ways (“insider threat”)
Availability – assets are available to authorize parties at time to.
Defn: a secure computer system, see Garfinkel and Spafford [3],” is a system that can be depended upon to behave as it is expected to.
Similarly, a security breach is:
“the exploitation by individuals who are using, or attempting to use a computer system without authorization (i.e., crackers) and those who have legitimate access to the system but are abusing their privileges (i.e., the insider threat”).
For all practical purposes, all security breaches in systems are the result of system vulnerabilities – hardware, software, or data vulnerabilities. Namely defects in the design, implementation, and deployment of the system which result in a vulnerability.
References:
[1] http://en.wikipedia.org/wiki/Leslie_Lamport
[2] http://en.wikipedia.org/wiki/Butler_Lampson
Fernando C. Colon Osorio _____________________________ "Failure is Feedback, and Feedback is the breakfast of Champions" - Anonymous
|
Security
Great Blog. Good start with the definitions. Keep on clarifying the issues/