Computer Security

The term computer security is used frequently, but the content of a computer is vulnerable to few risks unless the computer is connected to other computers on a network. As the use of computer networks, especially the Internet, has become pervasive, the concept of computer security has expanded to denote issues pertaining to the networked use of computers and their resources.

While confidentiality, integrity, and authenticity are the most important concerns of a computer security manager, privacy is perhaps the most important aspect of computer security for everyday Internet users. Although users may feel that they have nothing to hide when they are registering with an Internet site or service, privacy on the Internet is about protecting one's personal information, even if the information does not seem sensitive. Because of the ease with which information in electronic format can be shared among companies, and because small pieces of related information from different sources can be easily linked together to form a composite of, for example, a person's information seeking habits, it is now very important that individuals are able to maintain control over what information is collected about them, how it is used, who may use it, and what purpose it is used for.

Computer security imposes requirements on computers that are different from most system requirements because they often take the form of constraints on what computers are not supposed to do. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing to verify, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer security is often more technical and mathematical than some computer science fields.

CERIAS's mission is to be recognized as the leader in information security and assurance research, education, and community service. To these ends, CERIAS offers a free security seminar on diverse security topics on Wednesday afternoons during the fall and spring semesters; attendees may show up in person or through a live internet stream. The CERIAS web site also includes extensive computer security resources for K-12 teachers, including background information, lesson plans, and links to other web resources.

Because online banks, retailers, and other businesses may wish to protect their reputations by not reporting problems associated with online attacks, statistics about such can be difficult to find. The Security Statistics site is a portal to data on computer security incidents. Statistics are pooled from a wide range of sources, and includes information about security spending, known vulnerabilities, numbers of reported security breaches, economic impact of incidents, arrests and convictions, and more. The site does not guarantee the accuracy of reported statistics, but the sources of each statistic are included.

Secure operating systems designed to meet medium robustness levels of security functionality and assurance have seen wider use within both government and commercial markets. Medium robust systems typically provide nearly all of the security features of the most advanced secure operating systems but do so at a lower assurance level (such as EAL4 or EAL5). These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.

Digitally sign all information to prevent tampering and develop a simple way to inform users whether something is from a trusted source. This might, say, replace current stupid security warnings that people don't understand because they expose the guts of the technology. The security certificate has expired or is not yet valid.