19-02-2013, 03:16 PM
NETWORK SECURITY
NETWORK.pdf (Size: 371.02 KB / Downloads: 22)
COMPUTER SECURITY
The NIST Computer Security Handbook [NIST95] defines the
term computer security as :
the protection afforded to an automated information
system in order to attain the applicable objectives of
preserving the integrity, availability and confidentiality
of information system resources (includes hardware,
software, firmware, information/data, and
telecommunications)
This definition introduces three key objectives that are at the
heart of computer security as we see on the next slide.
KEY SECURITY
These three concepts form what is often referred to as the
CIA triad (Figure 1.1). The three concepts embody the
fundamental security objectives for both data and for
information and computing services. FIPS PUB 199 provides
a useful characterization of these three objectives in terms of
requirements and the definition of a loss of security in each
category
KEY SECURITY CONCEPT
• Confidentiality (covers both data confidentiality and
privacy): preserving authorized restrictions on information
access and disclosure, including means for protecting
personal privacy and proprietary information. A loss of
confidentiality is the unauthorized disclosure of
information.
• Integrity (covers both data and system integrity):
Guarding against improper information modification or
destruction, and includes ensuring information nonrepudiation
and authenticity. A loss of integrity is the
unauthorized modification or destruction of information.
• Availability: Ensuring timely and reliable access to and
use of information. A loss of availability is the disruption of
access to or use of information or an information system.
Although the use of the CIA triad to define security
objectives is well established, some in the security field
feel that additional concepts are needed to present a
complete picture. Two of the most commonly mentioned
are:
• Authenticity: The property of being genuine and being
able to be verified and trusted; confidence in the validity
of a transmission, a message, or message originator.
• Accountability: The security goal that generates the
requirement for actions of an entity to be traced uniquely
to that entity.