What Is Computer Security?

Computer security basically is the protection of computer systems and information

from harm, theft, and unauthorized use. It is the process of preventing and detecting
unauthorized use of your computer system.

Computer Security Types

One way to ascertain the similarities and differences among Computer Security is
by asking what is being secured. For example,

● Information security is securing information from unauthorized access,

modification & deletion
● Application Security is securing an application by building security features
to prevent from Cyber Threats such as SQL injection, DoS attacks, data
breaches and etc.
● Computer Security means securing a standalone machine by keeping it
updated and patched
● Network Security is by securing both the software and hardware
technologies
● Cybersecurity is defined as protecting computer systems, which
communicate over the computer networks

So, Computer security can be defined as controls that are put in place to provide

confidentiality, integrity, and availability for all components of computer systems

Components of computer system

The components of a computer system that needs to be protected are:

● Hardware, the physical part of the computer, like the system memory and
disk drive
● Firmware, permanent software that is etched into a hardware
device’s nonvolatile memory and is mostly invisible to the user
● Software, the programming that offers services, like operating system, word
processor, internet browser to the user

The CIA Triad

Computer security is mainly concerned with three main areas. Computer and
network security are built on three pillars, commonly referred to by the C-I-A
acronym:
● Confidentiality
● Integrity
● Availability

● Confidentiality is ensuring that information is available only to the intended

audience
● Integrity is protecting information from being modified by unauthorized parties
● Availability is protecting information from being modified by unauthorized parties

● Confidentiality  means that only authorized individuals/systems can view

sensitive or classified information. The data being sent over the network should
not be accessed by unauthorized individuals. The attacker may try to capture the
data using different tools available on the Internet and gain access to your
information. A primary way to avoid this is to use encryption techniques to
safeguard your data so that even if the attacker gains access to your data, he/she
will not be able to decrypt it.

If confidentiality compromises then it is type of Interception attack

● Integrity involves maintaining the consistency, accuracy and trustworthiness of
data over its entire lifecycle. Data must not be changed in transit, and steps must
be taken to ensure data cannot be altered by unauthorized people (for example,
in a breach of confidentiality).
 If integrity of message lost then it is type of Modification attack
● Availability means information should be consistently and readily accessible
for authorized parties. This involves properly maintaining hardware and
technical infrastructure and systems that hold and display the information.
If availability of message blocked/interrupted then it is type of Interruption attack

Following shortly on the heels of C-I-A are a host of other terms and acronyms.
Each of these has its own shade of meaning, but all of them are part of the C-I-A
model:

Identification
Who do you say you are?

Authentication
How do I know it’s really you?

Authorization
Now that you are here, what are you allowed to do?

Accountability
Who did what, and, perhaps, who pays the bill?