Computer security has had a gigantic impact in the modern world, companies are very concerned about the quality of their information and it is not surprising, since data is what sells in business, but it has become very common to think that Those who practice computer security are hackers who type code day and night without stopping, so that a hacker does not reach confidential information or infect machines, since this is very far from the reality of computer security, so today we are going to clarify What does it consist of and what are the principles?

What is computer security?

Computer security consists of ensuring that the resources of the information system, whether it is computer material or programs of an organization, are used in the way in which it was decided and that access to that information is contained there. It does not necessarily have to be a hacker that must be countered, also the misuse of these tools can affect the entire organization.

The main way to ensure that computing resources are used properly is to have an administrator in control of everything. An accountant, who has the right to use the programs in this area, a programmer who has the right to use the application development software and so on, this is normally done in the way that almost all of us know, putting several usernames and passwords, and the The administrator decides the name and password for each section, only those within the organization can know the username and password. When a user other than the administrator tries to download files, they will automatically be denied these privileges, to avoid the possibility that malware can infect computers and harm a company's information and productivity.

What is exposed in a computer component?

You have to know that in a computer component the hardware, software and data are exposed to an attack, the latter being the most important if the hardware is damaged you replace that part that was damaged, if any software is damaged the only thing is to reinstall it , but the data is often unrecoverable, so it is necessary to make a backup several times and have that data somewhere other than the machine where these data are used.

Computer security principles

Computer security is mainly dedicated to protecting the confidentiality, integrity and availability of information. Together with these three fundamental concepts, they are usually studied together with authentication and non-repudiation.

What is CONFIDENTIALITY?

This is the quality that the document or file must possess so that it can only be understood in an understandable manner or be read by the person or system that is authorized. In other words, only the person it was sent to can read the message and not any other intruder. For example: Andrea sends a message to Mateo. Andrea encrypts this message with a key and Mateo knows how to decrypt the message, so both users are sure that only they will be able to read the message. Here we would already go into encryption, but we will talk about that in more depth in another video.

What is INTEGRITY?

La integridad es la cualidad que posee un documento o archivo que no ha sido modificado y que además permite comprobar que no se ha producido manipulación alguna en el documento original.“ Tomando el ejemplo anterior entonces “Andrea envía tanto el mensaje como un resumen cifrado del mismo. Finalmente, Mateo compara el mensaje como resumen. Si ha sido alterado la comparación será errónea si no, indicara que no ha habido manipulación del mensaje.”

What is AVAILABILITY?

It is about the capacity of a system, service or data, to be accessible and usable when an authorized user requires the use of any of these. It also refers to the fact that the information can be recovered, that is, to avoid its loss.

THE AUTHENTICATION.

Authentication is the situation in which it can be verified that a document has been produced to whom the document says. Commonly applied to verifying a user's identity. Which, as we said, is normally done by login and a password.

THE NON-REPUDIATION:

It is somewhat related to authentication, it allows to prove the participation of the parties in a communication. The essential difference is that authentication occurs between the parties that establish the communication and non-repudiation occurs against a third party, that is, there are two possibilities. A non-repudiation of origin: The issuer cannot deny the shipment because the recipient has proof of it, A non-repudiation at destination: The receiver cannot deny that he received the message because the sender has proof of receipt. This proves that the recipient actually received the message.