{"id":769,"date":"2012-03-20T12:07:19","date_gmt":"2012-03-20T08:37:19","guid":{"rendered":"http:\/\/fxplans.com\/web\/?page_id=769"},"modified":"2012-08-31T10:14:21","modified_gmt":"2012-08-31T06:44:21","slug":"security","status":"publish","type":"page","link":"http:\/\/fxplans.com\/web\/security\/","title":{"rendered":"Security"},"content":{"rendered":"
\"\"General Security Concepts<\/em><\/h5>\n

Computer Security refers to techniques for ensuring that\u00a0data\u00a0stored\u00a0in a\u00a0computercannot be\u00a0read\u00a0or compromised by any individuals without authorization. Most computer security measures involve\u00a0data encryption\u00a0and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A\u00a0password\u00a0is a secret word or phrase that gives a\u00a0useraccess\u00a0to a particular\u00a0program\u00a0or\u00a0system.<\/p>\n

Security is unlike any other topic in computing. To begin with,\u00a0the word is so encompassing that it is impossible to know what\u00a0you mean just by using it. When you talk about security, do\u00a0you mean physical security of servers and workstations and protecting them from those who\u00a0might try to steal them or from damage that might occur if the side of the building collapses?\u00a0Or do you mean the security of data and protecting it from viruses and worms or from hackers\u00a0and miscreants who have suddenly targeted you and have no other purpose in life than\u00a0to keep you up at night? Or maybe security to you is the comfort that comes in knowing that\u00a0you can restore files if a user accidentally deletes them.\u00a0The first problem with security is that it is next to impossible for everyone to agree on what\u00a0it means because it can include all of these items. The next problem with security is that we\u00a0don\u2019t really mean that we want things to be completely secured. If you wanted the customer\u00a0list file to truly be secure, you would never put it on the server and make it available.<\/p>\n

It is\u00a0on the server because you need to access it and so do 30 other people. In this sense, security\u00a0means that only 30 people can get to it and not anyone outside of the select 30.\u00a0The next problem is that while everyone wants security, no one wants to be inconvenienced\u00a0by it. To use an analogy, few are the travelers who do not feel safer by watching\u00a0airport personnel frisk and pat down all who head to the terminal\u2014they just don\u2019t want\u00a0it to happen to them. This is true in computing as well; we all want to make sure data is\u00a0accessed only by those who truly should be working with it, but we don\u2019t want to have to\u00a0enter 12-digit passwords and submit to retinal scans.\u00a0As a computer security professional, you have to understand all of these concerns.\u00a0You have to know that a great deal is expected of you but few users want to be hassled or\u00a0inconvenienced by the measures you must put in place. You have a primary responsibility\u00a0to protect and safeguard the information your organization uses. Many times that means\u00a0educating your users and making certain they understand the \u201cwhy\u201d behind what is being\u00a0implemented.<\/p>\n

Understanding Information Security<\/em><\/h5>\n

Information security narrows down the definition of security. The term information security\u00a0covers a wide array of activities in an organization. It includes not only the products, but also\u00a0the processes used to prevent unauthorized access to, modification of, and deletion of information.
\nThis area also involves protecting resources by preventing them from being disrupted\u00a0by situations or attacks that may be largely beyond the control of the person responsible for\u00a0information security.\u00a0From the perspective of a computer professional, you\u2019re dealing with issues that are\u00a0much bigger than protecting computer systems from viruses. You\u2019re also protecting an\u00a0organization\u2019s most valuable assets from people who are highly motivated to misuse those\u00a0assets. Fortunately, most of them are outsiders who are trying to break in, but some of\u00a0these people may already be inside your organization and discontented in their present\u00a0situation. Not only do you have to keep outsiders out, but you have to be prepared for the\u00a0accountant who has legitimate access to files and wants to strike out because he did not get
\nas good a performance review as he thought he should.\u00a0Needless to say, this job isn\u2019t getting any easier. weaknesses and vulnerabilities in most\u00a0commercial systems are well known and documented, and more become known each day.
\nYour adversaries can use search engines to find vulnerabilities on virtually any product or\u00a0operating system. To learn how to exploit the most likely weaknesses that exist in a system,they can buy books on computer hacking, join newsgroups on the Internet, and access websites\u00a0that offer explicit details. Some are doing it for profit or pleasure, but many are doing\u00a0it just for the sheer thrill of it. There have been many glamorized characters on television\u00a0and in movies who break into computer systems and do things they should not. When was\u00a0the last time you saw a glamorized security administrator on such a show? If you make\u00a0things look fun and exciting, there is some part of the audience that will attempt it.<\/p>\n

Information security includes a number of topics of primary focus, each addressing different\u00a0parts of computer security. An effective computer security plan and process must evaluate\u00a0the risks and create strategies and methods to address them. The following sections focus on\u00a0three such areas:<\/p>\n