What is Computer Security?

• Think of a computing system
  • Your desktop, laptop, phone, ...
  • Something that stores data and runs programs.
• What parts of this system have value? Answer
  • The hardware
  • Purchased software
    • The operating system
    • Applications
  • Custom software
  • Data
    • Financial information
    • Pictures
    • Documents
    • Configuration files
• These items are called assets.
  • The simplest definition is items of value.
  • Generally as identified above
    • Hardware
    • Software
    • Data
  • But also
    • People
    • Processes and computations
• The essence of computer security is to identify and protect assets.
• The value or worth of an asset is important.
  • Do all assets have value?
  • Do all assets have the same value?
  • Do all assets have the same value to every person?
  • Do all assets have a constant value (or does the value change over time?)
• Notice, some values
  • Are easy to establish a direct monetary value
    • The cost of a game,
    • software license
    • physical hardware
  • Others are impossible
    • Your homework solution
    • A unique photo of a departed loved one
    • A company's new product development notes.
• In cybersecurity it is sometimes required to enumerate assets and their relative value.
  • The first step in protecting assets is to know what they are and what they are worth.
  • And it is reasonable that you concentrate on protecting the most valuable assets.
• Vulnerability
  • A vulnerability is a weakness in the system that could be exploited to cause harm or loss of one or more assets.
• Vulnerabilities come in many forms
  • The computers in the lab are vulnerable to physical removal.
    • This could lead to the loss of the physical hardware
    • As well as any data stored on that machine.
  • An unpatched machine with a security vulnerability is vulnerable to an attack.
  • A user who does not follow security procedures makes the entire system vulnerable.
• Threat
  • A threat is a set of circumstances that has the potential to cause loss or harm.
  • This could be a human who would like to own more computer equipment
  • This could be a computer programmed to flood the network so that no traffic can get through.
  • This could be a snowstorm that knocks out all power to the building.
• Threats and Vulnerabilities
  • An attacker can attempt exploit a vulnerability and be a threat to a system.
  • A student can attempt to take a CPU from the lab.
  • A former student with a root-kit can attempt to exploit an unpatched machine to gain root access.
  • Or even find a bug in the kernel
• Controls
  • A control is an action, device, procedure or technique that removes or reduces a vulnerability.
  • Patching the os removes potential vulnerabilities.
  • Placing cameras, locks on the lab, and locks on the building reduces the vulnerability of someone removing equipment from the lab.