Computer Security in the Age of the Internet
Reardon, Timothy E., DISAM Journal
Computer security prior to the Internet was relatively easy. Few organizations had the capability to access computer systems outside of their organization. There was little chance that those computer systems that did have access outside the organization could be infected with a computer virus. The arrival of the internet provides easy access to and rapid dissemination of information from a variety of sources, http://www.asc.wpafb.af.mil/cbt/content/iabasics/slide30.html. The key now is to provide users with maximum internet availability; when using computer systems for performing official organizational business, while safeguarding against security risks. This article will provide insights concerning establishing a computer security program.
The term information assurance is used by government agencies in addition to the term "computer security". The components of information assurance are that only authorized users have access to systems http://ase50.wpafb.af.mil/cbt/content/iabasics. that these computer systems operate correctly and that the data provided by these computer systems is accurate. Information assurance is not a program, but the integration of people, policy, technology, procedures and doctrine.
As we evaluate computer security in our organizations, it is important to look at identifying computer system vulnerabilities and correcting these vulnerabilities. This is known as risk management. We will look at risk management, the physical and software aspects of computer security, and computer security tools users and organizations can use in identifying and eliminating securities vulnerabilities.
A fundamental aspect of risk management is the identification of vulnerabilities and their associated threats. The following chart identifies the different types of vulnerabilities and the threat levels associated with these vulnerabilities. An example of this is viruses. All viruses attack potential system vulnerabilities; however, the associated risk with a particular virus can be low, medium, or high depending on the damage that can be done. You should also realize that computer systems are not just subject to vulnerabilities which are intentionally inflicted by hackers or disgruntled employees but may result from natural disasters, such as floods or fires. In addition, there are also unintentional vulnerabilities, such as a employee mistakenly deleting an important file needed by the organization.
The most important elements of computer security are physical security, security provided by the operating system the computer system uses, computer security software applications and encryption, and combinations of both physical and security software applications.
Physical security relates to the physical barriers that may be in place to prevent unauthorized access to computers. Doors, dead bolts, and key control systems are example of physical security devices for facilities.
The operating system that the computer system uses to process commands or instructions also has built-in security features, such as password protection for user accounts and screen savers.
Hackers, however, have discovered vulnerabilities in the operating system software, especially computer systems that are used as web servers, and they have exploited these vulnerabilities to gain unauthorized access to computer systems. Microsoft and other operating system software developers continuously provide software releases to correct these vulnerabilities. The reader should be aware of which operating system software is being used on your computer system and should ensure that the latest service releases are installed.
Software applications such as Norton or McAffee anti-virus products are examples of computer security software applications. Additionally, software used in enabling public key and other encryption technologies are also examples of computer security software applications. …