Security

From Wikipedia, the free encyclopedia

This page covers security in the sense of protection from hostile action. For the financial instrument of the same name see security (finance). For the town in Colorado, see Security-Widefield, Colorado.

Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside. Individuals or actions that encroach upon the condition of protection are responsible for the breach of security.

Contents 1 Definition of security 2 Perceived security compared to real security 3 Categorising security 3.1 Types of security 3.2 Security concepts 4 Security standards 5 See also 6 References

[edit] Definition of security

A simple and clear definition of effective security could be:

• a secure system is a system which does exactly what we want it to do and nothing that we don't want it to do even when someone else tries to make it behave differently.

Another proposed definition:

• When our expectations are met, we can say that quality has been met. When our expectations are met once and again, despite errors, catastrophes and attacks which in principle could prevent our expectations to be met, we can say that security has been met. Security is not falsifiable (Popper). We can prove that there has been a security failure, but we can't prove that there hasn't. Security measures improve the likeliness of expectations to be met, and therefore improve security. With respect to classified matter there is an expectation of the classified matter to remain secret for as long as we wish. A control access system is the security measure that helps this expectation to be accomplished.

The word "security" in general usage is synonymous with "safety," but as a technical term "security" means that something not only is secure but that it has been secured. In telecommunications, the term security has the following meanings:

• A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
• With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.
• Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.

Sources: from Federal Standard 1037C and adapted from the Department of Defense Dictionary of Military and Associated Terms

Security has to be compared and contrasted with other related concepts: Safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of active malicious agents attempting to cause destruction.

[edit] Perceived security compared to real security

It is very often true that people's perception of security is not directly related to actual security. For example, a fear of flying is much more common than a fear of driving; however, driving is generally a much more dangerous form of transport.

Another side of this is a phenomenon called security theatre where ineffective security measures such as screening of airline passengers based on static databases are introduced with little real increase in security or even, according to the critics of one such measure - Computer Assisted Passenger Prescreening System - with an actual decrease in real security.

[edit] Categorising security

There is an immense literature on the analysis and categorisation of security. Part of the reason for this is that, in most security systems, the "weakest link in the chain" is the most important. The situation is asymmetric since the defender must cover all points of attack while the attacker can simply identify a single weak point upon which to concentrate their efforts.

[edit] Types of security

• physical security
• home security
• information security
• computing security
• application security
• financial security
• human security
• food security
• airport security

[edit] Security concepts

Certain concepts recur throughout different fields of security.

• risk - a risk is a possible event which could cause a loss

• threat - a threat is a method of triggering a risk event that is dangerous
• countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
• defense in depth - never rely on one single security measure alone
• assurance - assurance is the level of guarantee that a security system will behave as expected

[edit] Security standards

• TCSEC (Orange Book)
• Common Criteria
• ISO 17799:2000 Code of practice for information security management
• The newer ISO 17799:2005 Code of practice for information security management

[edit] See also

• 3D Security
• Surveillance
• insecurity
• Insurance
• Security Officer
• information security
  • CISSP
• classified information
• national security
  • police
  • security police
  • Public Security Bureau
• computer security
  • hacking
  • cracking
  • security breaches
• communications security
  • phreaking
• search
• ilities

[edit] References

• Monahan, Torin, ed. (2006), Surveillance and Security: Technological Politics and Power in Everyday Life. New York: Routledge: ISBN 0415953936