IT-Security

An area on computer science that focuses on protecting the integrity, availability and authenticity of digital resources.

Safety vs Security

Safety mechanisms aim to protect against dangers that are not invoked on purpose. Security, on the other hand, mainly focuses on the protection against targeted attacks. These attacks try to manipulated, steal or denial access to data.

TLDR

• Safety = protection from unintended events (accidents, nature, human error)
• Security = protection from intentional threats (attacks, theft, manipulation)

Security aspects

See Goals of cryptography

1. Integrity: Any manipulation of a resource can be detected
2. Authenticity: The origin or authorship of a resource can be verified.
3. Availability: The resource is accessible to authorized users when needed.
4. Accountability: Actions and events can be traced back to a responsible entity.
5. Confidentiality: Access to a resource is restricted to authorized parties only.
6. Privacy: A resource cannot be used in a way that contradicts the owner's intent.

Risk evaluation

A security risk is the product of two factors, the first being a vulnerability and the second being threat.

\text{risk } = \text{vulnerability } \cdot \text{threats}

If one of these factors is 0 the risk is also 0, i.e., when you have a known vulnerability but your system is completly offline, the risk is 0.

Security mechanism can either patch vulnerablitlies or decrease the number of attack vectors (e.g., firewalls), both reduce the overall risk multiplicative.