Related Docuements
An Introduction to Computer Security: The NIST Handbook
NIST would like to thank the many people who assisted with the development of...
Computer Security Handbook
A Lots of details on Computer Security. . . .
The term computer security is used frequently, but the contentof a computer is vulnerable to few risks unless the computer isconnected to other computers on a network. As the use of computer networks, especially the Internet, has become pervasive, the concept of computer security has expanded todenote issues pertaining to the networked use of computers andtheir resources.The major technical areas of computer security are usuallyrepresented by the initials CIA: confidentiality, integrity, andauthentication or availability. Confidentiality means thatinformation cannot be access by unauthorized parties.Confidentiality is also known as secrecy or privacy; breaches of confidentiality range from the embarrassing to the disastrous.Integrity means that information is protected againstunauthorized changes that are not detectable to authorizedusers; many incidents of hacking compromise the integrity of databases and other resources. Authentication means that usersare who they claim to be. Availability means that resources areaccessible by authorized parties; "denial of service" attacks,which are sometimes the topic of national news, are attacksagainst availability. Other important concerns of computer security professionals are access control and nonrepudiation.Maintaining access control means not only that users can accessonly those resources and services to which they are entitled, butalso that they are not denied resources that they legitimately canexpect to access. Nonrepudiation implies that a person whosends a message cannot deny that he sent it and, conversely, thata person who has received a message cannot deny that hereceived it. In addition to these technical aspects, the conceptualreach of computer security is broad and multifaceted. Computer security touches draws from disciplines as ethics and risk analysis, and is concerned with topics such as computer crime;the prevention, detection, and remediation of attacks; andidentity and anonymity in cyberspace.While confidentiality, integrity, and authenticity are the mostimportant concerns of a computer security manager, privacy is perhaps the most important aspect of computer security for everyday Internet users. Although users may feel that they havenothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seemsensitive. Because of the ease with which information inelectronic format can be shared among companies, and becausesmall pieces of related information from different sources can
be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very importantthat individuals are able to maintain control over whatinformation is collected about them, how it is used, who mayuse it, and what purpose it is used for.
Scope of this Guide
This guide is intended to present a selected list of sites thatcover the basic issues of computer security and which provideuseful information for the non-expert (librarian, undergraduatestudent, office manager, etc.) who wants to learn more aboutthis increasingly important subject. The categories are intendedto offer points of departure for some of the many aspects of computer security. For the sake of brevity, this guide stops shortof entering the vast realm of commercial software products,consulting firms, and the like. The individual who is in themarket for security products or services should have no troublefinding descriptions, reviews, and comparisons on the web andthrough other media.
Methods
The web sites in this list were collected through variousmethods, including searches of Internet directories such asGoogleandYahoo, the Librarian's Index to the Internet, the
, and the World Cat database(userid and
password are required); burrowing through information security portals such as
{InfoSysSec}
andPacket Storm Security; andexploring links from within quality sites as they wereencountered. Emphasis has been placed on sites that provide practical information rather than merely advertise products;accordingly, most of the sites selected are hosted in .edu, .gov,and .org domains. However, commercial sites were notdiscounted if they provided substantive information in additionto product information.
General Sources
Center for Education and Research in InformationAssurance and Security
http://www.cerias.purdue.edu/ CERIAS's mission is to be recognized as the leader in informationsecurity and assurance research, education, and community service.To these ends, CERIAS offers a free security seminar on diverse
security topics on Wednesday afternoons during the fall and springsemesters; attendees may show up in person or through a live internetstream. The CERIAS web site also includes extensive computer security resources for K-12 teachers, including backgroundinformation, lesson plans, and links to other web resources.
TECS: The Encyclopedia of Computer Security
http://www.itsecurity.com/ TECS provide a forum for visitors to seek the opinions of one or several security experts on a broad scope of security questions. Usersrange from individuals asking about their home computers tostudents working on projects to IT professionals; TECS's panel of volunteer security experts tend to work for computer or securityconsulting companies. Questions are sent via listserv to the experts,whose answers are then published, along with the question, on theweb site. The site owners request that the experts try to provide balanced answers that do not gratuitously advertise specific products;vendors are free to list full product descriptions in the TECS SecurityProduct Database.
CYBERCRIME
http://www.cybercrime.gov/ This site is maintained by the Computer Crime and IntellectualProperty Section (CCIPS) of the Criminal Division of the U.S.Department of Justice; the information available at this site is presented from a legal, rather than technical, perspective. It providesa plethora of information about the various ways computers can beused to commit crimes, how and to whom to report computer crimes,and what to do if you are the victim of computer crime. It includeslinks to cases, laws, legal issues, and policy issues surroundinghacking, intellectual property infringements, and other onlineoffenses.
Common Vulnerabilities and Exposures
http://www.cve.mitre.org/ MITRE, a not-for-profit national resource that provides systemsengineering, research and development, and information technologysupport to the government, has created CVE in an attempt tostandardize the names of vulnerabilities and other informationsecurity exposures. MITRE's goal is to increase data communicationacross network tools by encouraging software companies anddevelopers to use the common names found at the CVE web site;according to CERIAS, "CVE is the key to vulnerability databasecompatibility." To date, over 60 major organizations have agreed tomake their products and services CVE compliant.
Stay Safe Online
http://www.staysafeonline.info/ The National Cyber Security Alliance, comprised of corporate andgovernment organization members, sponsors Stay Safe Online to
of 00
Computer Security TY
460 Reads
Info and Rating
| Category: | Uncategorized. |
| Rating: | (2 Ratings) |
| Upload Date: | 08/06/2009 |
| Copyright: | Attribution Non-commercial |
| Tags: |
Leave a Comment