COMPUTER SECURITY CONCEPTS
A
Definition of Computer Security
The NIST Computer Security Handbook [NIST95] defines the
term computer security as follows:
COMPUTER
SECURITY
The protection afforded to an automated information system in
order to attain the applicable objectives of preserving the integrity,
availability, and confidentiality of information system resources (includes
hardware, software, firmware, information/ data, and telecommunications).
This definition introduces three key objectives that are at the
heart of computer security:
• Confidentiality: This term
covers two related concepts:
Data1 confidentiality: Assures that private or confidential
information is not made available or disclosed to unauthorized
individuals.
Privacy: Assures
that individuals control or influence what information related to them
may be collected and stored and by whom and to whom that information may be
disclosed.
• Integrity: This term covers two related concepts:
Data integrity: Assures that information and programs are changed only in a
specified and authorized manner.
System integrity: Assures that a system performs its intended function in an unimpaired
manner, free from deliberate or inadvertent unauthorized manipulation of the
system.
•
Availability:
Assures that systems
work promptly and service is not denied to authorized users.
These three concepts form what is
often referred to as the CIA triad (Figure 1.1). The three concepts
embody the fundamental security objectives for both data and for information
and computing services. For example, the NIST standard FIPS 199 (Standards
for Security Categorization of Federal Information
and Information Systems) lists confidentiality, integrity, and availability as the
three security objectives for information and for information systems.
FIPS 199 provides a useful characterization of these three objectives in terms
of requirements and the definition of a loss of security in each category:
•
Confidentiality:
Preserving authorized
restrictions on information access and disclosure, including means for
protecting personal privacy and propri-etary information. A loss of
confidentiality is the unauthorized disclosure of information.
•
Integrity:
Guarding against
improper information modification or destruc-tion, including ensuring
information nonrepudiation and authenticity. A loss of integrity is the
unauthorized modification or destruction of information.
•
Availability:
Ensuring timely and
reliable access to and use of information. A loss of availability is the
disruption of access to or use of information or an information system.
Although the use of the CIA triad to define security objectives
is well established, some in the security field feel that additional concepts
are needed to present a complete picture. Two of the most commonly mentioned
are as follows:
•
Authenticity:
The property of being
genuine and being able to be verified and trusted; confidence in the
validity of a transmission, a message, or message originator. This means
verifying that users are who they say they are and that each input arriving at
the system came from a trusted source.
•
Accountability:
The security goal that
generates the requirement for actions of an entity to be traced uniquely
to that entity. This supports nonrepudia-tion, deterrence, fault isolation,
intrusion detection and prevention, and after-action recovery and legal action.
Because truly secure systems are not yet an achievable goal, we must be able to
trace a security breach to a responsible party. Systems must keep records of
their activities to permit later forensic analysis to trace security breaches
or to aid in transaction disputes.
Examples
We now provide some examples of applications that illustrate the
requirements just enumerated.2
For these examples, we use three levels of impact on organizations or
individuals should there be a breach of security (i.e., a loss of
confidentiality, integrity, or availability). These levels are defined in FIPS
PUB 199:
Low: The
loss could be expected to have a limited adverse effect on organiza-tional
operations, organizational assets, or individuals. A limited adverse effect
means that, for example, the loss of confidentiality, integrity, or
availability might (i)
cause a degradation in mission capability to an extent and duration that the
organization is able to perform its primary functions, but the effec-tiveness
of the functions is noticeably reduced; (ii) result in minor damage to
organizational assets; (iii) result in minor financial loss; or (iv) result in
minor harm to individuals.
•
Moderate:
The loss could be
expected to have a serious adverse effect on organizational operations,
organizational assets, or individuals. A serious adverse effect means that, for
example, the loss might (i) cause a significant degradation in mission
capability to an extent and duration that the organi-zation is able to perform
its primary functions, but the effectiveness of the functions is significantly
reduced; (ii) result in significant damage to organizational assets; (iii)
result in significant financial loss; or (iv) result in significant harm to
individuals that does not involve loss of life or serious, life-threatening
injuries.
•
High:
The loss could be
expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals. A severe or
catastrophic adverse effect means that, for example, the loss might (i) cause a
severe degradation in or loss of mission capability to an extent and duration
that the organization is not able to perform one or more of its primary
functions; (ii) result in major damage to organizational assets; (iii) result
in major financial loss; or (iv) result in severe or cata-strophic harm to
individuals involving loss of life or serious, life-threatening injuries.
CONFIDENTIALITY Student grade information is an asset
whose confidentiality is considered to be highly important
by students. In the United States, the release of such information is regulated
by the Family Educational Rights and Privacy Act (FERPA). Grade information
should only be available to students, their parents, and employees that require
the information to do their job. Student enrollment information may have a
moderate confidentiality rating. While still covered by FERPA, this information
is seen by more people on a daily basis, is less likely to be targeted than
grade information, and results in less damage if disclosed. Directory
information, such as lists of students or faculty or departmental lists, may be
assigned a low confidentiality rating or indeed no rating. This information is
typically freely available to the public and published on a school’s Web site.
INTEGRITY Several aspects of integrity are
illustrated by the example of a hospital patient’s
allergy information stored in a database. The doctor should be able to trust
that the information is correct and current. Now suppose that an employee
(e.g., a nurse) who is authorized to view and update this information
deliberately falsifies the data to cause harm to the hospital. The database
needs to be restored to a trusted basis quickly, and it should be possible to
trace the error back to the person responsible. Patient allergy information is
an example of an asset with a high requirement for integrity. Inaccurate
information could result in serious harm or death to a patient and expose the
hospital to massive liability.
An example of an asset that may be assigned a moderate level of
integrity requirement is a Web site that offers a forum to registered users to
discuss some specific topic. Either a registered user or a hacker could falsify
some entries or deface the Web site. If the forum exists only for the enjoyment
of the users, brings in little or no advertising revenue, and is not used for
something important such as research, then potential damage is not severe. The
Web master may experience some data, financial, and time loss.
An example of a low integrity requirement is an anonymous online
poll. Many Web sites, such as news organizations, offer these polls to their
users with very few safeguards. However, the inaccuracy and unscientific nature
of such polls is well understood.
AVAILABILITY The more critical a component or
service, the higher is the level of availability
required. Consider a system that provides authentication services for critical
systems, applications, and devices. An interruption of service results in the
inability for customers to access computing resources and staff to access the
resources they need to perform critical tasks. The loss of the service
translates into a large financial loss in lost employee productivity and
potential customer loss.
An example of an asset that would typically be rated as having a
moderate availability requirement is a public Web site for a university; the
Web site provides information for current and prospective students and donors.
Such a site is not a critical component of the university’s information system,
but its unavailability will cause some embarrassment.
An online telephone directory lookup application would be
classified as a low availability requirement. Although the temporary loss of
the application may be an annoyance, there are other ways to access the
information, such as a hardcopy directory or the operator.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.