Security

From Wikipedia, the free encyclopedia

This article needs additional citations for verification. Please help improve this article by adding reliable references. Unsourced material may be challenged and removed. (June 2007)

Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside. Individuals or actions that encroach upon the condition of protection are responsible for the breach of security.

The word "security" in general usage is synonymous with "safety," but as a technical term "security" means that something not only is secure but that it has been secured. In telecommunications, the term security has the following meanings:^[1]

• A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
• With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.
• Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.

Security has to be compared and contrasted with other related concepts: Safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of active malicious agents attempting to cause destruction.

Contents 1 Perceived security compared to real security 2 Categorising security 2.1 Types of security 3 Security concepts 4 Security management in organizations 5 IT Security standards 6 Security experts 7 See also 8 References

[edit] Perceived security compared to real security

It is very often true that people's perception of security is not directly related to actual security. For example, a fear of flying is much more common than a fear of driving; however, driving is generally a much more dangerous form of transport. The tool may be mistaken for the effect, for example when multiple computer security programs interfere with each other, the user assumes the computer is secure when actual security has vanished.

Another side of this is a phenomenon called security theatre where ineffective security measures such as screening of airline passengers based on static databases are introduced with little real increase in security or even, according to the critics of one such measure - Computer Assisted Passenger Prescreening System - with an actual decrease in real security.

Additionally, however, sometimes if it is perceived that there is security then there will be an increase in actual security, even if the perception of security is mistaken. Sometimes a sign may warn that video surveillance is covering an area, and even if there is no actual visual surveillance then some malicious agents will be deterred by the belief that there may be. Also, often when there is actual security present in an area, such as video surveillance, an alarm system in a home, or an anti-theft system in a car such as a LoJack, signs advertising this security will increase its effectiveness, protecting the value of the secured vehicle or area itself. Since some intruders will decide not to attempt to break into such areas or vehicles, there can actually be less damage to windows in addition to protection of valuable objects inside. Without such advertisement, a car-thief might, for example, approach a car, break the window, and then flee in response to an alarm being triggered. Either way, perhaps the car itself and the objects inside aren't stolen, but with perceived security even the windows of the car have a lower chance of being damaged, increasing the financial security of its owner(s). It is important, however, for signs advertising security not to give clues as to how to subvert that security, for example in the case where a home burglar might be more likely to break into a certain home if he or she is able to learn beforehand which company makes its security system.

[edit] Categorising security

There is an immense literature on the analysis and categorisation of security. Part of the reason for this is that, in most security systems, the "weakest link in the chain" is the most important. The situation is asymmetric since the defender must cover all points of attack while the attacker need only identify a single weak point upon which to concentrate.

[edit] Types of security

IT realm Computing security Data security Application security Information security Network security

Physical realm Physical security Shopping centre security Airport security Food security Home security Cargo security

Political International security National security Human security Homeland security Public security Monetary Financial security

Aviation Security is a combination of measures and material and human resources intended to counter the unlawful interference with the aviation security.

[edit] Security concepts

Certain concepts recur throughout different fields of security.

• Risk - a risk is a possible event which could cause a loss
• Threat - a threat is a method of triggering a risk event that is dangerous
• Vulnerability - a weakness in a target that can potentially be exploited by a threat
• Exploit - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%)
• Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
• Defense in depth - never rely on one single security measure alone
• Assurance - assurance is the level of guarantee that a security system will behave as expected

[edit] Security management in organizations

In the corporate world, various aspects of security were historically addressed separately - notably by distinct and often noncommunicating departments for IT security, physical security, and fraud prevention. Today there is a greater recognition of the interconnected nature of security requirements, an approach variously known as holistic security, "all hazards" management, and other terms. Inciting factors in the convergence of security disciplines include the development of digital video surveillance technologies (see Professional video over IP) and the digitization and networking of physical control systems (see SCADA)^[2][3]. Greater interdisciplinary cooperation is further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk Management, a joint venture including leading associations in security (ASIS), information security (ISSA, the Information Systems Security Association), and IT audit (ISACA, the Information Systems Audit and Control Association)^[4].

[edit] IT Security standards

• ISO/IEC 15443 A framework for IT security assurance (covering many methods, i.e. TCSEC, Common Criteria, ISO/IEC 17799)
  • ISO/IEC 15443-1: Overview and framework
  • ISO/IEC 15443-2: Assurance methods
  • ISO/IEC 15443-3: Analysis of assurance methods
• ISO/IEC 15408 refer also to Common Criteria
• ISO/IEC 17799:2005 Code of practice for information security management refer also to ISO/IEC 17799

• refer also to TCSEC Trusted Computer System Evaluation Criteria (Orange Book)

Please help improve this section by expanding it. Further information might be found on the talk page or at requests for expansion.

[edit] Security experts

• Darko Trifunovic
• Richard A. Clarke
• David H. Holtzman
• Bruce Schneier

[edit] See also

Concepts 3D Security Surveillance Wireless sensor network Insecurity Insurance Classified information Security breach List of System Quality Attributes Right-financing

Branches National security Human security Information security CISSP Computer security Hacking Cracking Phreaking Communications security Physical Security Police Public Security Bureau Security guard Security police Search

[edit] References