What is computer security?Computer security consists of ensuring that the resources of the information system, whether it is computer material or programs of an organization, are used in the way in which it was decided and that access to that information is contained there. It does not necessarily have to be a hacker that must be countered, also the misuse of these tools can affect the entire organization. The main way to ensure that computing resources are used properly is to have an administrator in control of everything. An accountant, who has the right to use the programs in this area, a programmer who has the right to use the application development software and so on, this is normally done in the way that almost all of us know, putting several usernames and passwords, and the The administrator decides the name and password for each section, only those within the organization can know the username and password. When a user other than the administrator tries to download files, they will automatically be denied these privileges, to avoid the possibility that malware can infect computers and harm a company's information and productivity.
What is exposed in a computer component?You have to know that in a computer component the hardware, software and data are exposed to an attack, the latter being the most important if the hardware is damaged you replace that part that was damaged, if any software is damaged the only thing is to reinstall it , but the data is often unrecoverable, so it is necessary to make a backup several times and have that data somewhere other than the machine where these data are used.
Computer security principlesComputer security is mainly dedicated to protecting the confidentiality, integrity and availability of information. Together with these three fundamental concepts, they are usually studied together with authentication and non-repudiation.
What is CONFIDENTIALITY?This is the quality that the document or file must possess so that it can only be understood in an understandable manner or be read by the person or system that is authorized. In other words, only the person it was sent to can read the message and not any other intruder. For example: Andrea sends a message to Mateo. Andrea encrypts this message with a key and Mateo knows how to decrypt the message, so both users are sure that only they will be able to read the message. Here we would already go into encryption, but we will talk about that in more depth in another video.
What is INTEGRITY?Integrity is the quality possessed by a document or file that has not been modified and which also makes it possible to verify that no manipulation has occurred in the original document." Taking the previous example then "Andrea sends both the message and an encrypted summary of the same. Finally, Mateo compares the message as a summary. If it has been altered, the comparison will be wrong; if not, it will indicate that there has been no manipulation of the message."
What is AVAILABILITY?It is about the capacity of a system, service or data, to be accessible and usable when an authorized user requires the use of any of these. It also refers to the fact that the information can be recovered, that is, to avoid its loss.
THE AUTHENTICATION.Authentication is the situation in which it can be verified that a document has been produced to whom the document says. Commonly applied to verifying a user's identity. Which, as we said, is normally done by login and a password.
THE NON-REPUDIATION:It is somewhat related to authentication, it allows to prove the participation of the parties in a communication. The essential difference is that authentication occurs between the parties that establish the communication and non-repudiation occurs against a third party, that is, there are two possibilities. A non-repudiation of origin: The issuer cannot deny the shipment because the recipient has proof of it, A non-repudiation at destination: The receiver cannot deny that he received the message because the sender has proof of receipt. This proves that the recipient actually received the message.
I want to say that everything I teach in this post is based on previous knowledge and I also base myself on the 70% of this book "Information Security by Jesus Costas"
In case you are interested in purchasing the book: LINK