Friday, September 24

Security

Security world wide,




X-ray machines and metal detectors are used to control what is allowed to pass through an airport security perimeter.
Security is the degree of protection against danger, damage, loss, and criminal activity. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies (ISECOM) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat. This includes but is not limited to the elimination of either the asset or the threat. Security as a national condition was defined in a United Nations study (1986)[citation needed], so that countries can develop and progress freely.

Security has to be compared to related concepts: safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of people attempting to cause destruction.
Different scenarios also give rise to the context in which security is maintained:
With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.
Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may,
Perceived security compared to real security

Perception of security is sometimes poorly mapped to measureable objective security. The perceived effectiveness of security measures is sometimes different from the actual security provided by those measures. The presence of security protections may even be taken for security itself. For example, two computer security programs could be interfering with each other and even cancelling each other's effect, while the owner believes s/he is getting double the protection.
Security theater is a critical term for deployment of measures primarily aimed at raising subjective security in a population without a genuine or commensurate concern for the effects of that measure on—and possibly decreasing—objective security. For example, some consider the screening of airline passengers based on static databases to have been Security Theater and Computer Assisted Passenger Prescreening System to have created a decrease in objective security.
Perception of security can also increase objective security when it affects or deters malicious behavior, as with visual signs of security protections, such as video surveillance, alarm systems in a home, or an anti-theft system in a car such as a LoJack, signs.
Since some intruders will decide not to attempt to break into such areas or vehicles, there can actually be less damage to windows in addition to protection of valuable objects inside. Without such advertisement, a car-thief might, for example, approach a car, break the window, and then flee in response to an alarm being triggered. Either way, perhaps the car itself and the objects inside aren't stolen, but with perceived security even the windows of the car have a lower chance of being damaged, increasing the financial security of its owner(s).
However, the non-profit, security research group, ISECOM, has determined that such signs may actually increase the violence, daring, and desperation of an intruder  This claim shows that perceived security works mostly on the provider and is not security at all .
It is important, however, for signs advertising security not to give clues as to how to subvert that security, for example in the case where a home burglar might be more likely to break into a certain home if he or she is able to learn beforehand which company makes its security system.


Categorising security

There is an immense literature on the analysis and categorisation of security. Part of the reason for this is that, in most security systems, the "weakest link in the chain" is the most important. The situation is asymmetric since the defender must cover all points of attack while the attacker need only identify a single weak point upon which to concentrate.



Types
IT realm
Application security
Computing security
Data security
Information security
Network security
Physical realm
Airport security
Port security/Supply chain security
Food security
Home security
Hospital security
Physical security
School security
Shopping centre security
Infrastructure security
Political
Homeland security
Human security
International security
National security
Public security
Monetary
Financial security
Aviation security is a combination of measures and material and human resources intended to counter the unlawful interference with the aviation security.
Operations Security (OPSEC) is a complement to other "traditional" security measures that evaluates the organization from an adversarial perspective..


Security concepts

Certain concepts recur throughout different fields of security:
Assurance - assurance is the level of guarantee that a security system will behave as expected
Countermeasure - a countermeasure is a way to stop a threat from triggering a risk event
Defense in depth - never rely on one single security measure alone
Exploit - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%)
Risk - a risk is a possible event which could cause a loss
Threat - a threat is a method of triggering a risk event that is dangerous
Vulnerability - a weakness in a target that can potentially be exploited by a threat


Security management in organizations

In the corporate world, various aspects of security were historically addressed separately - notably by distinct and often noncommunicating departments for IT security, physical security, and fraud prevention. Today there is a greater recognition of the interconnected nature of security requirements, an approach variously known as holistic security, "all hazards" management, and other terms.
Inciting factors in the convergence of security disciplines include the development of digital video surveillance technologies (see Professional video over IP) and the digitization and networking of physical control systems (see SCADA). Greater interdisciplinary cooperation is further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk Management, a joint venture including leading associations in security (ASIS), information security (ISSA, the Information Systems Security Association), and IT audit (ISACA, the Information Systems Audit and Control Association).
In 2007 the International Organisation for Standardization (ISO) released ISO 28000 - Security Management Systems for the supply chain. Although the title supply chain is included, this Standard specifies the requirements for a security management system, including those aspects critical to security assurance for any organisation or enterprise wishing to management the security of the organisation and its activities. ISO 28000 is the foremost risk based security system and is suitable for managing both public and private regulatory security, customs and industry based security schemes and requirements.


People in the security business

Computer security
Computer security, Cryptography, and Economics of security
Ross J. Anderson
Dan Geer
Andrew Odlyzko
Bruce Schneier
Eugene Spafford

National security
Belfer Center for Science and International Affairs and National security
Richard A. Clarke
David H. Holtzman

Physical security
Home security.



(source:wikipedia)

No comments:

Post a Comment