Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others. Security can also be understood as being a dual concept since it encompasses both a state of being (ie. something is secure) and a means to that end (ie. things are done to secure something). Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change.
Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g. freedom from want); as the presence of an essential good (e.g. food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g. a secure telephone line); as containment (e.g. a secure room or cell); and as a state of mind (e.g. emotional security).
The term is also used to refer to acts and systems whose purpose may be to provide security (e.g.: security companies, security forces, security guard, cyber security systems, security cameras, remote guarding).
The word 'secure' entered the English language in the 16th century.It is derived from Latin securus, meaning freedom from anxiety: se (without) + cura (care, anxiety).
A security referent is the focus of a security policy or discourse; for example, a referent may be a potential beneficiary (or victim) of a security policy or system.
Security referents may be persons or social groups, objects, institutions, ecosystems, or any other phenomenon vulnerable to unwanted change by the forces of its environment.The referent in question may combine many referents, in the same way that, for example, a nation state is composed of many individual citizens.
The security context is the relationships between a security referent and its environment.From this perspective, security and insecurity depend first on whether the environment is beneficial or hostile to the referent, and also how capable is the referent of responding to its/their environment in order to survive and thrive.
The means by which a referent provides for security (or is provided for) vary widely. They include, for example:
Any action intended to provide security may have multiple effects. For example, an action may have wide benefit, enhancing security for several or all security referents in the context; alternatively, the action may be effective only temporarily, or benefit one referent at the expense of another, or be entirely ineffective or counterproductive.
Approaches to security are contested and the subject of debate. For example, in debate about national security strategies, some argue that security depends principally on developing protective and coercive capabilities in order to protect the security referent in a hostile environment (and potentially to project that power into its environment, and dominate it to the point of strategic supremacy).Others argue that security depends principally on building the conditions in which equitable relationships can develop, partly by reducing antagonism between actors, ensuring that fundamental needs can be met, and also that differences of interest can be negotiated effectively.
The table shows some of the main domains where security concerns are prominent.
The range of security contexts is illustrated by the following examples (in alphabetical order):
Computer security, also known as cybersecurity or IT security, refers to the security of computing devices such as computers and smartphones, as well as computer networks such as private and public networks, and the Internet. The field has growing importance due to the increasing reliance on computer systems in most societies.It concerns the protection of hardware, software, data, people, and also the procedures by which systems are accessed. The means of computer security include the physical security of systems and security of information held on them.
Corporate security refers to the resilience of corporations against espionage, theft, damage, and other threats. The security of corporations has become more complex as reliance on IT systems has increased, and their physical presence has become more highly distributed across several countries, including environments that are, or may rapidly become, hostile to them.
Ecological security, also known as environmental security, refers to the integrity of ecosystems and the biosphere, particularly in relation to their capacity to sustain a diversity of life-forms (including human life). The security of ecosystems has attracted greater attention as the impact of ecological damage by humans has grown.
Food security refers to the ready supply of, and access to, safe and nutritious food.Food security is gaining in importance as the world's population has grown and productive land has diminished through overuse and climate change.
Home security normally refers to the security systems used on a property used as a dwelling (commonly including doors, locks, alarm systems, lighting, fencing); and personal security practices (such as ensuring doors are locked, alarms activated, windows closed etc.)
Human security is the name of an emerging paradigm which, in response to traditional emphasis on the right of nation states to protect themselves,has focused on the primacy of the security of people (individuals and communities). The concept is supported by the United Nations General Assembly, which has stressed "the right of people to live in freedom and dignity" and recognized "that all individuals, in particular vulnerable people, are entitled to freedom from fear and freedom from want".
National security refers to the security of a nation state, including its people, economy, and institutions. In practice, state governments rely on a wide range of means, including diplomacy, economic power, and military capabilities.
Since it is not possible to know with precision the extent to which something is 'secure' (and a measure of vulnerability is unavoidable), perceptions of security vary, often greatly.For example, a fear of death by earthquake is common in the United States (US), but slipping on the bathroom floor kills more people; and in France, the United Kingdom and the US there are far fewer deaths caused by terrorism than there are women killed by their partners in the home.
Another problem of perception is the common assumption that the mere presence of a security system (such as armed forces, or antivirus software) implies security. For example, two computer security programs installed on the same device can prevent each other from working properly, while the user assumes that he or she benefits from twice the protection that only one program would afford.
Security theater is a critical term for measures that change perceptions of security without necessarily affecting security itself. For example, visual signs of security protections, such as a home that advertises its alarm system, may deter an intruder, whether or not the system functions properly. Similarly, the increased presence of military personnel on the streets of a city after a terrorist attack may help to reassure the public, whether or not it diminishes the risk of further attacks.
Certain concepts recur throughout different fields of security:
Computer security, cybersecurity or information technology security is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.
Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of malware types exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
National security or national defence is the security and defence of a nation state, including its citizens, economy, and institutions, which is regarded as a duty of government.
In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface.
Agricultural biodiversity is a sub-set of general biodiversity. Otherwise known as agrobiodiversity, agricultural biodiversity is a broad term that includes "the variety and variability of animals, plants and micro-organisms at the genetic, species and ecosystem levels that sustain the ecosystem structures, functions and processes in and around production systems, and that provide food and non-food agricultural products.” Created and managed by farmers, pastoralists, fishers and forest dwellers, agrobiodiversity provides stability, adaptability and resilience and constitutes a key element of the livelihood strategies of rural communities throughout the world. Agrobiodiversity is central to sustainable food systems and sustainable diets. The use of agricultural biodiversity can contribute to food security, nutrition security, and livelihood security, and it is critical for climate adaptation and climate mitigation.
A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment. The test is performed to identify both weaknesses, including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.
In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted.
Land degradation is a process in which the value of the biophysical environment is affected by a combination of human-induced processes acting upon the land. It is viewed as any change or disturbance to the land perceived to be deleterious or undesirable. Natural hazards are excluded as a cause; however human activities can indirectly affect phenomena such as floods and bush fires.
In ecology, resilience is the capacity of an ecosystem to respond to a perturbation or disturbance by resisting damage and recovering quickly. Such perturbations and disturbances can include stochastic events such as fires, flooding, windstorms, insect population explosions, and human activities such as deforestation, fracking of the ground for oil extraction, pesticide sprayed in soil, and the introduction of exotic plant or animal species. Disturbances of sufficient magnitude or duration can profoundly affect an ecosystem and may force an ecosystem to reach a threshold beyond which a different regime of processes and structures predominates. When such thresholds are associated with a critical or bifurcation point, these regime shifts may also be referred to as critical transitions. Human activities that adversely affect ecological resilience such as reduction of biodiversity, exploitation of natural resources, pollution, land use, and anthropogenic climate change are increasingly causing regime shifts in ecosystems, often to less desirable and degraded conditions. Interdisciplinary discourse on resilience now includes consideration of the interactions of humans and ecosystems via socio-ecological systems, and the need for shift from the maximum sustainable yield paradigm to environmental resource management which aims to build ecological resilience through "resilience analysis, adaptive resource management, and adaptive governance".
A zero-day vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network. An exploit directed at a zero-day is called a zero-day exploit, or zero-day attack.
The full relationship between fisheries and climate change is difficult to explore due to the context of each fishery and the many pathways that climate change affects. However, there is strong global evidence for these effects. Rising ocean temperatures and ocean acidification are radically altering marine aquatic ecosystems, while freshwater ecosystems are being impacted by changes in water temperature, water flow, and fish habitat loss. Climate change is modifying fish distribution and the productivity of marine and freshwater species.
In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.
In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.
In computers and computer networks an attack is any attempt to expose, alter, disable, destroy, steal or gain unauthorized access to or make unauthorized use of an asset. A cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices. An attacker is a person or process that attempts to access data, functions or other restricted areas of the system without authorization, potentially with malicious intent. Depending on context, cyberattacks can be part of cyberwarfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, society or organizations, and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyberweapon.
Climate resilience can be generally defined as the capacity for a socio-ecological system to: (1) absorb stresses and maintain function in the face of external stresses imposed upon it by climate change and (2) adapt, reorganize, and evolve into more desirable configurations that improve the sustainability of the system, leaving it better prepared for future climate change impacts.
The Economics of Land Degradation (ELD) Initiative is a global initiative which aims to increase awareness of the benefits of sustainable land management and economic consequences of land degradation. The ELD Initiative was co-founded in 2011 by the Secretariat of the United Nations Convention to Combat Desertification (UNCCD), the German Federal Ministry for Economic Cooperation and Development (BMZ), the European Commission (EC) and is hosted by the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH. The ELD Secretariat is based in Bonn, Germany.
The following outline is provided as an overview of and topical guide to computer security:
Nature-based solutions (NBS) refers to the sustainable management and use of nature for tackling socio-environmental challenges. The challenges include issues such as climate change, water security, water pollution, food security, human health, and disaster risk management.
Ecosystem-based adaptation (EBA) encompasses a broad set of approaches to adapt to climate change. They all involve the management of ecosystems and their services to reduce the vulnerability of human communities to the impacts of climate change. The Convention on Biological Diversity defines EbA as “the use of biodiversity and ecosystem services as part of an overall adaptation strategy to help people to adapt to the adverse effects of climate change”.
|Wikiquote has quotations related to: Security|