Basic computer security concepts

COMPUTER SECURITY AND RISKS

Read the following words and word combinations and use them for understanding and translation of the text:

confidentiality- конфиденциальность

integrity- целостность

availability- доступность

to pertain to- иметь отношение к...

authentication- аутентификация, подлинность

authorization- авторизация

nonrepudiation- реотрицаемость, строгое выполнение обязательств

to corrupt– повреждать, искажать

tampering- взлом

password- пароль

to refute- опровергать

trustworthy- заслуживающий доверия

intruder- злоумышленник

weak link- слабое звено

innocuous- безвредный

break-in- проникновение в систему

to compromise- раскрывать

denial-of-service- отказ в обслуживании

Computer security(also known as cybersecurityor IT security) is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet as a whole.

There are many characterizations of computer security. Information technology security is defined in a document created by the European Community, which has gained some recent international acceptance. The document defines information technology (IT) security to include the following:

• Confidentiality. Prevention of unauthorized disclosure of information.

• Integrity. Prevention of unauthorized modification of information.

• Availability. Prevention of unauthorized withholding of information or resources.

Availability pertains to both information and resources, such as computer systems themselves. Confidentiality and integrity pertain only to information itself. Concepts relating to the people who use that information are authentication, authorization, and nonrepudiation.

When information is read or copied by someone not authorized to do so, the result is known as loss of confidentiality. For some types of information, confidentiality is a very important attribute. Examples include research data, medical and insurance records, new product specifications, and corporate investment strategies. In some locations, there may be a legal obligation to protect the privacy of individuals. This is particularly true for banks and loan companies; debt collectors; businesses that extend credit to their customers or issue credit cards; hospitals, doctors’ offices, and medical testing laboratories; individuals or agencies that offer services such as psychological counseling or drug treatment; and agencies that collect taxes.

Information can be corrupted when it is available on an insecure network. When information is modified in unexpected ways, the result is known as loss of integrity. This means that unauthorized changes are made to information, whether by human error or intentional tampering. Integrity is particularly important for critical safety and financial data used for activities such as electronic funds transfers, air traffic control, and financial accounting.

Information can be erased or become inaccessible, resulting in loss of availability. This means that people who are authorized to get information cannot get what they need. Availability is often the most important attribute in service-oriented businesses that depend on information (for example, airline schedules and online inventory systems).

Availability of the network itself is important to anyone whose business or education relies on a network connection. When users cannot access the network or specific services provided on the network, they experience a denial-of-service.

To make information available to those who need it and who can be trusted with it, organizations use authentication and authorization. Authentication is proving that a user is the person he or she claims to be. That proof may involve something the user knows (such as a password), something the user has (such as a “smartcard”), or something about the user that proves the person’s identity (such as a fingerprint). Authorization is the act of determining whether a particular user (or computer system) has the right to carry out a certain activity, such as reading a file or running a program.

Authentication and authorization go hand in hand. Users must be authenticated before carrying out the activity they are authorized to perform. Security is strong when the means of authentication cannot later be refuted — the user cannot later deny that he or she performed the activity. This is known as nonrepudiation.

The Internet users want to be assured that

· they can trust the information they use

· the information they are responsible for will be shared only in the manner that they expect

· the information will be available when they need it

· the systems they use will process information in a timely and trustworthy manner

It is remarkably easy to gain unauthorized access to information in an insecure networked environment, and it is hard to catch the intruders. Even if users have nothing stored on their computer that they consider important, that computer can be a “weak link,” allowing unauthorized access to the organization’s systems and information.

Seemingly innocuous information can expose a computer system to compromise. Information that intruders find useful includes which hardware and software are being used, system configuration, type of network connections, phone numbers, and access and authentication procedures. Security-related information can enable unauthorized individuals to access important files and programs, thus compromising the security of the system. Examples of important information are passwords, access control files and keys, personnel information, and encryption algorithms.

The consequences of a break-in cover a broad range of possibilities: a minor loss of time in recovering from the problem, a decrease in productivity, a significant loss of money or staff-hours, a devastating loss of credibility or market opportunity, a business no longer able to compete, legal liability, and the loss of life. Individuals may find that their credit card, medical, and other private information has been compromised.

Assignments

1. Translate the sentences from the texts into Russian in writing paying attention to the underlined words and phrases:

1. Information can be corrupted when it is available on an insecure network.

2. When information is modified in unexpected ways, the result is known as loss of integrity. This means that unauthorized changes are made to information, whether by human error or intentional tampering.

3. Availability is often the most important attribute in service-oriented businesses that depend on information.

4. When users cannot access the network or specific services provided on the network, they experience a denial of service.

5. Security is strong when the means of authentication cannot laterbe refuted - the user cannot later deny that he or she performed the activity.

6. It is remarkably easy to gain unauthorized access to information in an insecure networked environment, and it is hard to catch the intruders.

2. Answer the following questions:

1. In what spheres of human activity does availability play an essential role? Why?

2. When will security be the strongest?

3. Which concept is the most remarkable for the provision of overall security?

4. What can be the consequences of an unauthorized break-in?

5. How can intruders benefit from the access to innocuous information?

6. Is there a principal difference between authorization and authentication?

3. Translate into English:

Под информационной безопасностью понимается за­щищенность информации и поддерживающей ее инфра­структуры от любых случайных или злонамеренных воз­действий, результатом которых может явиться нанесение ущерба самой информации, ее владельцам или поддержи­вающей инфраструктуре.

Цель информационной безопасности - обезопасить ценности системы, защитить и гарантировать точность и целостность информации и минимизировать разрушения, которые могут иметь место, если информация будет моди­фицирована или разрушена.

На практике важнейшими являются три аспекта ин­формационной безопасности:

1. Доступность (возможность за разумное время полу­чить требуемую информационную услугу);

2. Целостность (ее защищенность от разрушения и не­санкционированного изменения);

3. Конфиденциальность (защита от несанкциониро­ванного прочтения).

Наши рекомендации