Security
Encyclopedia
Security is the degree of protection against danger, damage, loss, and crime
Crime
Crime is the breach of rules or laws for which some governing authority can ultimately prescribe a conviction...

. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies (ISECOM
ISECOM
ISECOM is an open, collaborative, security research community established in January 2001. The goal is to provide practical security awareness, research, certification and business integrity...

) in the OSSTMM 3 defines security as "a form of protection where a separation is created between the assets and the threat". This includes but is not limited to the elimination of either the asset or the threat. Security as a national condition was defined in a United Nations study (1986), so that countries can develop and progress safely.

Security has to be compared to related concepts: safety
Safety
Safety is the state of being "safe" , the condition of being protected against physical, social, spiritual, financial, political, emotional, occupational, psychological, educational or other types or consequences of failure, damage, error, accidents, harm or any other event which could be...

, continuity, reliability
Reliability
In general, reliability is the ability of a person or system to perform and maintain its functions in routine circumstances, as well as hostile or unexpected circumstances.Reliability may refer to:...

. The key difference between security and reliability is that security must take into account the actions of people attempting to cause destruction.

Different scenarios also give rise to the context in which security is maintained:
  • With respect to classified matter, the condition that prevents unauthorized persons from having access
    Access control
    Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...

     to official information
    Information
    Information in its most restricted technical sense is a message or collection of messages that consists of an ordered sequence of symbols, or it is the meaning that can be interpreted from such a message or collection of messages. Information can be recorded or transmitted. It can be recorded as...

     that is safeguarded in the interests of national security
    National security
    National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...

    .
  • Measures taken by a military unit, an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.

Perceived security compared to real security

Perception of security may be poorly mapped to measureable objective security. For example, the fear of earthquakes has been reported to be more common than the fear of slipping on the bathroom floor although the latter kills many more people than the former. Similarly, the perceived effectiveness of security measures is sometimes different from the actual security provided by those measures. The presence of security protections may even be taken for security itself. For example, two computer security
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

 programs could be interfering with each other and even cancelling each other's effect, while the owner believes s/he is getting double the protection.

Security theater
Security theater
Security theater is a term that describes security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security. The term was coined by computer security specialist and writer Bruce Schneier for his book Beyond Fear, but has gained...

 is a critical term for deployment of measures primarily aimed at raising subjective security in a population without a genuine or commensurate concern for the effects of that measure on—and possibly decreasing—objective security. For example, some consider the screening of airline passengers based on static databases to have been Security Theater and Computer Assisted Passenger Prescreening System
Computer Assisted Passenger Prescreening System
The Computer Assisted Passenger Prescreening System is a counter-terrorism system in place in the United States air travel industry...

 to have created a decrease in objective security.

Perception of security can also increase objective security when it affects or deters malicious behavior, as with visual signs of security protections, such as video surveillance, alarm systems in a home, or an anti-theft system in a car such as a LoJack
LoJack
The LoJack Stolen Vehicle Recovery System is an aftermarket vehicle tracking system that allows vehicles to be tracked by police, with the aim of recovering them in case of theft. The manufacturer claims a 90% recovery rate...

, signs.

Since some intruders will decide not to attempt to break into such areas or vehicles, there can actually be less damage to window
Window
A window is a transparent or translucent opening in a wall or door that allows the passage of light and, if not closed or sealed, air and sound. Windows are usually glazed or covered in some other transparent or translucent material like float glass. Windows are held in place by frames, which...

s in addition to protection of valuable objects inside. Without such advertisement, a car-thief might, for example, approach a car, break the window, and then flee in response to an alarm being triggered. Either way, perhaps the car itself and the objects inside aren't stolen, but with perceived security even the windows of the car have a lower chance of being damaged, increasing the financial security of its owner(s).

However, the non-profit, security research group, ISECOM, has determined that such signs may actually increase the violence, daring, and desperation of an intruder This claim shows that perceived security works mostly on the provider and is not security at all.

It is important, however, for signs advertising security not to give clues as to how to subvert that security, for example in the case where a home burglar might be more likely to break into a certain home if he or she is able to learn beforehand which company makes its security system.

Categorising security

There is an immense literature on the analysis and categorisation of security. Part of the reason for this is that, in most security systems, the "weakest link in the chain" is the most important. The situation is asymmetric since the 'defender' must cover all points of attack while the attacker need only identify a single weak point upon which to concentrate.

Types

IT realm
  • Application security
    Application security
    Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system through flaws in the design, development, deployment, upgrade, or maintenance of the application.Applications only...

  • Computing security
    Computer security
    Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

  • Data security
    Data security
    Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. Data security is part of the larger practice of Information security.- Disk Encryption...

  • Information security
    Information security
    Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....

  • Network security
    Network security
    In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...


Physical realm
  • Airport security
    Airport security
    Airport security refers to the techniques and methods used in protecting airports and aircraft from crime.Large numbers of people pass through airports. This presents potential targets for terrorism and other forms of crime due to the number of people located in a particular location...

  • Port security
    Port security
    Port security refers to the defense, law and treaty enforcement, and counterterrorism activities that fall within the port and maritime domain...

    /Supply chain security
    Supply chain security
    Supply chain security refers to efforts to enhance the security of the supply chain: the transport and logistics system for the world's cargo. It combines traditional practices of supply chain management with the security requirements of the system, which are driven by threats such as terrorism,...

  • Food security
    Food security
    Food security refers to the availability of food and one's access to it. A household is considered food-secure when its occupants do not live in hunger or fear of starvation. According to the World Resources Institute, global per capita food production has been increasing substantially for the past...

  • Home security
  • Physical security
    Physical security
    Physical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...

  • School security
  • Shopping centre security
    Security guard
    A security guard is a person who is paid to protect property, assets, or people. Security guards are usually privately and formally employed personnel...

  • Infrastructure security
    Infrastructure Security
    Infrastructure security is the security provided to protect infrastructure, especially critical infrastructure, such as airports, highways rail transport, hospitals, bridges, transport hubs, network communications, media, the electricity grid, dams, power plants, seaports, oil refineries, and...


Political
  • Homeland security
    Homeland security
    Homeland security is an umbrella term for security efforts to protect states against terrorist activity. Specifically, is a concerted national effort to prevent terrorist attacks within the U.S., reduce America’s vulnerability to terrorism, and minimize the damage and recover from attacks that do...

  • Human security
    Human security
    Human security is an emerging paradigm for understanding global vulnerabilities whose proponents challenge the traditional notion of national security by arguing that the proper referent for security should be the individual rather than the state...

  • International security
    International security
    International security consists of the measures taken by nations and international organizations, such as the United Nations, to ensure mutual survival and safety. These measures include military action and diplomatic agreements such as treaties and conventions. International and national security...

  • National security
    National security
    National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...

  • Public security
    Public security
    To meet the increasing challenges in the public security area, responsible public institutions and organisations can tap into their own intelligence to successfully address possible threats in advance...



Monetary
  • Financial security
    Security (finance)
    A security is generally a fungible, negotiable financial instrument representing financial value. Securities are broadly categorized into:* debt securities ,* equity securities, e.g., common stocks; and,...


  • Aviation security is a combination of material and human resources and measures intended to counter unlawful interference with aviation.
  • Operations Security
    Operations security
    Operations security is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate...

     (OPSEC) is a complement to other "traditional" security measures that evaluates the organization from an adversarial perspective.

Security concepts

Certain concepts recur throughout different fields of security:
  • Assurance
    Assurance services
    Assurance service is an independent professional service, typically provided by CPAs, with the goal of improving the information or the context of the information so that decision makers can make more informed, and presumably better decisions...

     - assurance is the level of guarantee that a security system will behave as expected
  • Countermeasure
    Countermeasure
    A countermeasure is a measure or action taken to counter or offset another one. As a general concept it implies precision, and is any technological or tactical solution or system designed to prevent an undesirable outcome in the process...

     - a countermeasure is a way to stop a threat from triggering a risk event
  • Defense in depth - never rely on one single security measure alone
  • Exploit
    Exploit (computer security)
    An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic...

     - a vulnerability that has been triggered by a threat - a risk of 1.0 (100%)
  • Risk
    Risk
    Risk is the potential that a chosen action or activity will lead to a loss . The notion implies that a choice having an influence on the outcome exists . Potential losses themselves may also be called "risks"...

     - a risk is a possible event which could cause a loss
  • Threat
    Threat
    Threat of force in public international law is a situation between states described by British lawyer Ian Brownlie as:The 1969 Vienna convention on the Law of Treaties notes in its preamble that both the threat and the use of force are prohibited...

     - a threat is a method of triggering a risk event that is dangerous
  • Vulnerability
    Vulnerability
    Vulnerability refer to the susceptibility of a person, group, society, sex or system to physical or emotional injury or attack. The term can also refer to a person who lets their guard down, leaving themselves open to censure or criticism...

     - a weakness in a target that can potentially be exploited by a threat security

Security management in organizations

In the corporate world, various aspects of security were historically addressed separately - notably by distinct and often noncommunicating departments for IT security, physical security, and fraud prevention. Today there is a greater recognition of the interconnected nature of security requirements, an approach variously known as holistic security, "all hazards" management, and other terms.

Inciting factors in the convergence of security disciplines include the development of digital video surveillance technologies (see Professional video over IP
Professional video over IP
Professional video over IP systems use some existing standard video codec to reduce the program material to a bitstream , and then to use an Internet Protocol network to carry that bitstream encapsulated in a stream of IP packets...

) and the digitization and networking of physical control systems (see SCADA
SCADA
SCADA generally refers to industrial control systems : computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:...

). Greater interdisciplinary cooperation is further evidenced by the February 2005 creation of the Alliance for Enterprise Security Risk Management, a joint venture including leading associations in security (ASIS
ASIS
ASIS may refer to:* Australian Secret Intelligence Service* Ada Semantic Interface Specification * American Society for Information Science and Technology, sometimes known as the American Society for Information Science...

), information security (ISSA
Issa
Issa or ISSA may refer to:Issa*Abdisalam Issa-Salwe, Somali scholar*Darrell Issa, a Californian Representative*List of The Belgariad and The Malloreon characters#Issa, a divine character in David Eddings's fantasy series The Belgariad and The Malloreon*Issa or Isa, the Arabic name for Jesus in...

, the Information Systems Security Association), and IT audit (ISACA, the Information Systems Audit and Control Association).

In 2007 the International Organisation for Standardization (ISO) released ISO 28000 - Security Management Systems for the supply chain. Although the title supply chain is included, this Standard specifies the requirements for a security management system, including those aspects critical to security assurance for any organisation or enterprise wishing to management the security of the organisation and its activities.
ISO 28000 is the foremost risk based security system and is suitable for managing both public and private regulatory security, customs and industry based security schemes and requirements.

Computer security

  • Ross J. Anderson
  • Dan Geer
    Dan Geer
    Dan Geer is a computer security analyst and risk management specialist. He is recognized for raising awareness of critical computer and network security issues before the risks were widely understood, and for ground-breaking work on the economics of security....

  • Andrew Odlyzko
    Andrew Odlyzko
    Andrew Michael Odlyzko is a mathematician and a former head of the University of Minnesota's Digital Technology Center.In the field of mathematics he has published extensively on analytic number theory, computational number theory, cryptography, algorithms and computational complexity,...

  • Bruce Schneier
    Bruce Schneier
    Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet...

  • Eugene Spafford

National security

  • Richard A. Clarke
    Richard A. Clarke
    Richard Alan Clarke was a U.S. government employee for 30 years, 1973–2003. He worked for the State Department during the presidency of Ronald Reagan. In 1992, President George H.W. Bush appointed him to chair the Counter-terrorism Security Group and to a seat on the United States National...

  • David H. Holtzman
    David H. Holtzman
    David H. Holtzman is a former security analyst and military code-breaker, a futurist, activist, security expert, technologist, technology executive, and writer...


See also

Concepts
  • 3D Security
    3D Security
    3D Security is a framework promoting development, diplomacy, and defense as security strategies.For most people, the word security quickly brings to mind the military or the defense department....

  • Classified information
    Classified information
    Classified information is sensitive information to which access is restricted by law or regulation to particular groups of persons. A formal security clearance is required to handle classified documents or access classified data. The clearance process requires a satisfactory background investigation...

  • Insecurity
    Insecurity
    Insecurity is a feeling of general unease or nervousness that may be triggered by perceiving of oneself to be vulnerable in some way, or a sense of vulnerability or instability which threatens one's self-image or ego....

  • ISO 27000
  • ISO 28000
  • ISO 31000
    ISO 31000
    ISO 31000 is intended to be a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management...

  • Security increase
    Security increase
    A security increase often occurs when a nation, state, or institution has recently suffered from a serious incident or is under the perception that there is an increased risk for an incident to occur that endangers or potentially endangers its well-being....

  • Security Risk
    Security risk
    Security Risk describes employing the concept of risk to the security risk management paradigm to make a particular determination of security orientated events.According to CNSS Instruction No...

  • Surveillance
    Surveillance
    Surveillance is the monitoring of the behavior, activities, or other changing information, usually of people. It is sometimes done in a surreptitious manner...

    • Wireless sensor network
      Wireless sensor network
      A wireless sensor network consists of spatially distributed autonomous sensors to monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants and to cooperatively pass their data through the network to a main location. The more modern...


Branches
  • Computer security
    Computer security
    Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...

    • Cracking
      Cracking
      Cracking may refer to:* Cracking, the formation of a fracture or partial fracture in a solid material* Fluid catalytic cracking, a catalytic process widely used in oil refineries for cracking large hydrocarbon molecules into smaller molecules...

    • Hacking
      Hacker (computer security)
      In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...

    • MySecureCyberspace
      MySecureCyberspace
      MySecureCyberspace is an initiative by Carnegie Mellon CyLab and Carnegie Mellon's Information Networking Institute to educate the public about computer security, network security and Internet safety. Inspired by the National Strategy to Secure Cyberspace, the initiative empowers users to secure...

    • Phreaking
      Phreaking
      Phreaking is a slang term coined to describe the activity of a culture of people who study, experiment with, or explore telecommunication systems, such as equipment and systems connected to public telephone networks. As telephone networks have become computerized, phreaking has become closely...

  • Communications security
    Communications security
    Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients. In the United States Department of Defense culture, it is often referred to by the abbreviation...

  • Human security
    Human security
    Human security is an emerging paradigm for understanding global vulnerabilities whose proponents challenge the traditional notion of national security by arguing that the proper referent for security should be the individual rather than the state...

  • Information security
    Information security
    Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....

    • CISSP
  • National security
    National security
    National security is the requirement to maintain the survival of the state through the use of economic, diplomacy, power projection and political power. The concept developed mostly in the United States of America after World War II...

  • Physical Security
    Physical security
    Physical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...

    • Police
      Police
      The police is a personification of the state designated to put in practice the enforced law, protect property and reduce civil disorder in civilian matters. Their powers include the legitimized use of force...

    • Public Security Bureau
      Public Security Bureau
      In the People's Republic of China, a public security bureau refers to the government offices while the smaller offices are called Police posts which are similar in concept to the Japanese Kōban system) present in each province and municipality that handles policing , public security, and...

      • Security guard
        Security guard
        A security guard is a person who is paid to protect property, assets, or people. Security guards are usually privately and formally employed personnel...

      • Security police
        Security police
        In some countries, including the United States, security police are those persons, employed by or for a governmental agency, who provide police and security services to those agencies' properties....

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK