In order to be considered in future security issues in the Internet, we need to recall the basic concepts, which operates on the theory of computer security. Generally speaking, there are only three: the threats, vulnerabilities and attacks. Although sophisticated readers, and so their meaning is well understood, informally try to explain it.
Thus, the threat to the security of computer systems is a potential incident, whether intentional or not, which may adversely affect the system itself, as well as information stored in it. In other words, the threat is something bad that when something can happen.
The vulnerability of computer systems - it's sort of unfortunate characteristic that makes possible the emergence of the threat. In other words, precisely because of the vulnerabilities in the system there are adverse events.
Finally, the attack on computer system - is the action taken by an attacker, which is to search for and use of a particular vulnerability. Thus, the attack - is the realization of the threat. Note that this interpretation of the attack (with the participation of someone with malicious intent) excludes the presence in the definition of the threat element of chance, but, as experience shows, it is often impossible to distinguish between intentional and random actions, and a good security system should respond adequately to any of them.
Furthermore, researchers usually distinguish three major types of security threats - the threats of disclosure, integrity, and denial of service.
The threat of disclosure is that information becomes known to him to whom should not have to know it. In terms of computer security threat of disclosure occurs whenever the access to some confidential information stored in a computer system, or transmitted from one system to another. Sometimes, instead of the word disclosure uses the terms theft or diversion.
Threat to the integrity includes any intentional change (modification or deletion) of data stored in computer system, or transmitted from one system to another. It is usually assumed that the threat of disclosure are subject to a greater degree of governmental structures, and threat to the integrity - a business or commercial.
The threat of denial of service occurs whenever a result of certain actions of blocking access to some computing resources system. Actually block may be permanent, so that the requested resource was never received, or it may cause only delay requested resource, long enough for it to become useless. In such cases we say that the resource is exhausted.
|