E�

Chapter 1 Notes

1.1 What Is Computer Security?

  • Assets to protect: hardware, software, data (and combinations), including device components, operating systems, utilities, applications, and content (documents, photos, media, emails, etc.). Data items are often the most valuable and hardest to replace.

  • Embedded/varied assets: devices with processors (including non-traditional ones like pacemakers, cars, appliances) are assets due to their computing capability.

  • Values of assets: owner perspective matters; value can be monetary, emotional, or contextual (replacement cost, timeliness, etc.).

  • Threat–vulnerability–control paradigm:

    • vulnerability: a weakness in procedures, design, or implementation that could be exploited.

    • threat: a set of circumstances that could cause harm.

    • control: action/device/procedure that removes or reduces a vulnerability.

  • C-I-A triad (foundation of security):

    • confidentiality: only authorized parties view an asset; C

    • integrity: assets are modified only by authorized parties; I

    • availability: assets usable by authorized parties when needed; A

  • Extensions to C-I-A (not always considered core in this book):

    • authentication: confirming sender identity; ext{authentication}

    • nonrepudiation/accountability: sender cannot deny sending; ext{nonrepudiation}

    • auditability: trace actions related to an asset; ext{auditability}

  • Access control and policy:

    • policy = who + what + how → yes/no access; ext{Policy: Who + What + How = Yes/No}

  • Interplay of C-I-A concepts with harm: theft or tampering harms all three properties; single weaknesses can affect confidentiality, integrity, and availability.

  • Threats can be categorized as acts (interception, modification, interruption) that harm C-I-A; threats can be human-initiated, natural, accidental, or organizational.

  • Availability considerations:

    • data/services must be present, capable, timely, and usable; monitored via access controls to maintain availability.

  • Summary: security aims to protect the computer system (hardware, software, data) from threats by applying appropriate controls to preserve the C-I-A properties.

1.2 Threats

  • Two ways to analyze harm: (1) what can happen to assets; (2) who/what can cause or allow the harm.

  • Threats to confidentiality, integrity, and availability constitute the core security threats; terminology extended for network contexts (authentication, nonrepudiation, auditability).

  • Cyber terminology:

    • cyberthreat: threat against networks of computers; cyberspace = online world; cybercrime = illegal attacks on networks/users/data/infrastructure.

  • Threat sources and types:

    • threats can be random (opportunistic) or directed (targeted).

    • human threats: insiders, programmers, maintenance staff; nonhuman threats: natural disasters, hardware failures, power loss.

    • threat categories include: random attacks vs directed campaigns; organized crime; terrorism.

  • Advanced Persistent Threats (APTs): organized, well-funded, long-term campaigns often tied to government or quasi-government actors; targeted via spear phishing and other stealth techniques; long dwell times.

  • Attackers vary from individuals to organized crime to terrorists; attackers often resemble ordinary people and can be difficult to profile; malware-enabled attacks increasingly collaborative and multinational.

  • Organized crime model in cybercrime: virtual shops, creative/marketing/analytics/data/finance teams, managerial layer, ringleaders; cybercrime rings behave like legitimate enterprises with specialization and long-duration campaigns.

  • Terrorism and cyber interplay: computers used as targets, methods of attack, enablers (coordination/propagation), or enhancers (propaganda, recruitment).

  • Risk metrics and measurement aids:

    • CVE: common vulnerabilities and exposures; CVSS: common vulnerability scoring system.

  • Cybersecurity vs computer security: broadening scope from single devices to networks and cyberspace; both terms used in practice.

  • MOM (Method–Opportunity–Motive): attacker needs all three to succeed; removing any one via defense reduces risk; ext{MOM} = ext{Method} \u2227 ext{Opportunity} \u2227 ext{Motive}

  • Threat landscape also includes Advanced threats from organized groups and geopolitical factors; attackers’ motives range from profit to politics to notoriety.

  • Kinds of attackers and attacker profiles: no single profile; attackers can be individuals, organized groups, or nation-state actors; motives shift toward financial gain in recent years.

  • Threats are not confined to one device; cyberspace scale requires broader protections and coordination across institutions.

1.3 Harm

  • Harm is the negative outcome of realized threats; risk is the potential for harm given threats and vulnerabilities.

  • Risk management: prioritize protections due to limited resources; focus on serious or controllable threats; residual risk remains after controls.

  • Risk concepts:

    • impact: severity of harm if a threat exploits a vulnerability.

    • likelihood: probability that the threat will occur.

    • residual risk: risk remaining after applying controls.

  • Risk-focused decision making is influenced by perception of extreme events (dread, unknown) and the feasibility of attacks (MOM factors).

  • Sidebar concepts summarize how organizations assess risk perception and long-term financial impacts of breaches; empirical studies show mixed long-term effects and difficulty in quantifying risk precisely.

  • Practical takeaway: prioritize threats that are most likely or most damaging and implement reasonable controls; risk is dynamic and context-dependent.

1.4 Vulnerabilities

  • Vulnerability = a weakness in procedures, design, or implementation that could be exploited.

  • Attack surface = full set of actual and potential vulnerabilities; includes physical, software, network, and human factors.

  • Attack vectors exploit specific vulnerabilities to harm confidentiality, integrity, or availability.

  • Blocking threats involves neutralizing vulnerabilities or hardening the attack surface.

1.5 Controls

  • Definition: a control or countermeasure is a means to counter threats by blocking threats, closing vulnerabilities, or both.

  • Types of controls (three classes):

    • Physical controls: walls, locks, guards, fences, alarms, etc.

    • Procedural/administrative controls: laws, policies, procedures, guidelines, contracts.

    • Technical controls: passwords, access controls, firewalls, IDS, encryption, network regulation.

  • Defense in depth: use overlapping controls from multiple classes to increase protection.

  • Decision factors: control type chosen based on what is being protected, threat type, cost, and attacker effort.

  • Figure 1-12 (controls) and Figure 1-13 (types of countermeasures by threat) illustrate multi-layered protection.

1.6 Conclusion

  • Computer security aims to protect confidentiality, integrity, and availability of computing systems.

  • Core components at risk: hardware, software, and data; threats exploit vulnerabilities in these components.

  • Key takeaways:

    • Perfect security is rarely achievable; focus on mitigating likely or damaging threats and reducing vulnerabilities.

    • Attacker could have method, opportunity, and motive; defenders counter by eliminating vulnerabilities and reducing attack opportunities.

    • Controls can be applied to data, programs, systems, physical devices, communications, environment, and personnel; layered defenses are common.

1.7 What’s Next?

  • Security toolkit (core tools):

    • identification and authentication

    • access control

    • encryption

  • Chapter roadmap (from user-focused to system-focused):

    • Chapter 2: security toolkit

    • Chapter 3: code and software vulnerabilities

    • Chapter 4–5: networks, operating systems

    • Chapter 6–8: networks, cloud, IoT

    • Chapter 9: privacy

    • Chapter 10–11: risk management, laws/ethics

    • Chapter 12: cryptography; Chapter 13: emerging topics (AI, blockchains, quantum)

1.8 Exercises (high-level themes)

  • Distinguish vulnerability, threat, and control; assess harm from theft or data loss.

  • Identify possible harms from electronic espionage, data integrity compromise, or loss of service.

  • Analyze how controls mitigate specific harms in different contexts (e.g., hospital vs. restaurant).

  • Consider risk management, residual risk, and the cost–benefit balance of protections.

  • Reflect on real-world security incidents and how you would apply the three MOM factors and controls.

  • Explore privacy, ethics, and legal considerations in computer security.

Notes and key formulas

  • C-I-A triad: {Confidentiality},{Integrity},{Availability}

  • Policy equation: ext{Policy: Who + What + How} = ext{Yes/No}

  • MOM: ext{MOM}={Method}\,-{Opportunity}\,-{Motive}

  • Security toolkit: ext{Toolkit} = ext{Identification/Authentication}, \, ext{Access Control}, \, ext{Encryption}

  • Attack surface: full set of vulnerabilities (actual and potential) across hardware, software, data, networks, and people