Security

Last updated
Women's Army Corps (1941-1945) associated national security with avoiding conversations about war work. "WAAC - SILENCE MEANS SECURITY" - NARA - 515987.jpg
Women's Army Corps (1941–1945) associated national security with avoiding conversations about war work.

Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or phenomenon vulnerable to unwanted change.

Contents

Refugees fleeing war and insecurity in Iraq and Syria arrive at Lesbos Island, supported by Spanish volunteers, 2015 20151030 Syrians and Iraq refugees arrive at Skala Sykamias Lesvos Greece 2.jpg
Refugees fleeing war and insecurity in Iraq and Syria arrive at Lesbos Island, supported by Spanish volunteers, 2015

Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g., freedom from want); as the presence of an essential good (e.g., food security); as resilience against potential damage or harm (e.g. secure foundations); as secrecy (e.g., a secure telephone line); as containment (e.g., a secure room or cell); and as a state of mind (e.g., emotional security).

Security is both a feeling and a state of reality. One can feel secure, while they aren't, but also feel insecure while they are secure. This distinction is usually not very clear to express in the English language. [1]

The term is also used to refer to acts and systems whose purpose may be to provide security (security company, security police, security forces, security service, security agency, security guard, cyber security systems, security cameras, remote guarding). Security can be physical and virtual.

Etymology

The word 'secure' entered the English language in the 16th century. [2] It is derived from Latin securus, meaning freedom from anxiety: se (without) + cura (care, anxiety). [2]

Overview

Referent

A security referent is the focus of a security policy or discourse; for example, a referent may be a potential beneficiary (or victim) of a security policy or system.

Security referents may be persons or social groups, objects, institutions, ecosystems, or any other phenomenon vulnerable to unwanted change by the forces of its environment. [3] The referent in question may combine many referents in the same way that, for example, a nation-state is composed of many individual citizens. [4]

Context

The security context is the relationships between a security referent and its environment. [3] From this perspective, security and insecurity depend first on whether the environment is beneficial or hostile to the referent and also on how capable the referent is of responding to their environment in order to survive and thrive. [4]

Capabilities

The means by which a referent provides for security (or is provided for) vary widely. They include, for example:

Effects

Any action intended to provide security may have multiple effects. For example, an action may have a wide benefit, enhancing security for several or all security referents in the context; alternatively, the action may be effective only temporarily, benefit one referent at the expense of another, or be entirely ineffective or counterproductive.

Contested approaches

Approaches to security are contested and the subject of debate. For example, in debate about national security strategies, some argue that security depends principally on developing protective and coercive capabilities in order to protect the security referent in a hostile environment (and potentially to project that power into its environment, and dominate it to the point of strategic supremacy). [5] [6] [7] Others argue that security depends principally on building the conditions in which equitable relationships can develop, partly by reducing antagonism between actors, ensuring that fundamental needs can be met, and also ensuring that differences of interest can be negotiated effectively. [8] [4] [9]

Security contexts (examples)

The table shows some of the main domains where security concerns are prominent.

The range of security contexts is illustrated by the following examples (in alphabetical order):

Computer security

Computer security, also known as cybersecurity or IT security, refers to the security of computing devices such as computers and smartphones, as well as computer networks such as private and public networks, and the Internet. The field has growing importance due to the increasing reliance on computer systems in most societies. [10] It concerns the protection of hardware, software, data, people, and also the procedures by which systems are accessed. The means of computer security include the physical security of systems and the security of information held on them.

Corporate security

Corporate security refers to the resilience of corporations against espionage, theft, damage, and other threats. The security of corporations has become more complex as reliance on IT systems has increased, and their physical presence has become more highly distributed across several countries, including environments that are, or may rapidly become, hostile to them.

Security checkpoint at the entrance to the Delta Air Lines corporate headquarters in Atlanta Delta World HQ - entrance with security station.JPG
Security checkpoint at the entrance to the Delta Air Lines corporate headquarters in Atlanta
X-ray machines and metal detectors are used to control what is allowed to pass through an airport security perimeter. Flughafenkontrolle.jpg
X-ray machines and metal detectors are used to control what is allowed to pass through an airport security perimeter.
Security checkpoint at the entrance to a shopping mall in Jakarta, Indonesia Mall culture jakarta94.jpg
Security checkpoint at the entrance to a shopping mall in Jakarta, Indonesia

Environmental security

Environmental security, also known as ecological security, refers to the integrity of ecosystems and the biosphere, particularly in relation to their capacity to sustain a diversity of life-forms (including human life). The security of ecosystems has attracted greater attention as the impact of ecological damage by humans has grown. [11]

Graffiti about environmental security, Belarus, 2016 Graffiti about environmental security.jpg
Graffiti about environmental security, Belarus, 2016

Food security

Food security refers to the ready supply of, and access to, safe and nutritious food. [12] Food security is gaining in importance as the world's population has grown and productive land has diminished through overuse and climate change. [13] [14]

Climate change is affecting global agriculture and food security. GLOBAL WARMING AFFECTING GLOBAL AGRICULTURE AND FOOD SECURITY.pdf
Climate change is affecting global agriculture and food security.

Home security

Home security normally refers to the security systems used on a property used as a dwelling (commonly including doors, locks, alarm systems, lighting, fencing); and personal security practices (such as ensuring doors are locked, alarms are activated, windows are closed etc.)

Security spikes on the wall of a gated community in the East End of London Security spikes 1.jpg
Security spikes on the wall of a gated community in the East End of London

Human security

Youth play among the bombed ruins of Gaza City, 2009 War in Gaza 018 - Flickr - Al Jazeera English.jpg
Youth play among the bombed ruins of Gaza City, 2009

Human security is an emerging paradigm that, in response to traditional emphasis on the right of nation-states to protect themselves, [15] has focused on the primacy of the security of people (individuals and communities). [16] The concept is supported by the United Nations General Assembly, which has stressed "the right of people to live in freedom and dignity" and recognized "that all individuals, in particular vulnerable people, are entitled to freedom from fear and freedom from want". [17]

Information security

Information security refers to the security of information in any form. Spoken, written, digital, networked, technological, and procedural forms of information are all examples that may be covered in an information security management scheme. Computer security, IT security, ICT security, and network security are thus all subdomains of information security. [18]

National security

National security refers to the security of a nation-state, including its people, economy, and institutions. In practice, state governments rely on a wide range of means, including diplomacy, economic power, and military capabilities.

U.S. Customs and Border Protection vehicle at the Canada-United States border Border Patrol at Canadian border in Beebe Plain, Vermont.jpg
U.S. Customs and Border Protection vehicle at the Canada–United States border

Security concepts (examples)

Certain concepts recur throughout different fields of security:

Perceptions of security

Since it is not possible to know with precision the extent to which something is 'secure' (and a measure of vulnerability is unavoidable), perceptions of security vary, often greatly. [4] [19] For example, a fear of death by earthquake is common in the United States (US), but slipping on the bathroom floor kills more people; [19] and in France, the United Kingdom, and the US, there are far fewer deaths caused by terrorism than there are women killed by their partners in the home. [20] [21] [22] [23]

Another problem of perception is the common assumption that the mere presence of a security system (such as armed forces or antivirus software) implies security. For example, two computer security programs installed on the same device can prevent each other from working properly, while the user assumes that he or she benefits from twice the protection that only one program would afford.

Security theater is a critical term for measures that change perceptions of security without necessarily affecting security itself. For example, visual signs of security protections, such as a home that advertises its alarm system, may deter an intruder, whether or not the system functions properly. Similarly, the increased presence of military personnel on the streets of a city after a terrorist attack may help to reassure the public, whether or not it diminishes the risk of further attacks.

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorized or inappropriate access to data or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording, or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g., electronic or physical, tangible, or intangible. Information security's primary focus is the balanced protection of data confidentiality, integrity, and availability while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

<span class="mw-page-title-main">National security</span> Security and defence of a nation state

National security, or national defence, is the security and defence of a sovereign state, including its citizens, economy, and institutions, which is regarded as a duty of government. Originally conceived as protection against military attack, national security is widely understood to include also non-military dimensions, such as the security from terrorism, minimization of crime, economic security, energy security, environmental security, food security, and cyber-security. Similarly, national security risks include, in addition to the actions of other nation states, action by violent non-state actors, by narcotic cartels, organized crime, by multinational corporations, and also the effects of natural disasters.

<span class="mw-page-title-main">Critical infrastructure</span> Infrastructure important to national security

Critical infrastructure, or critical national infrastructure (CNI) in the UK, describes infrastructure considered essential by governments for the functioning of a society and economy and deserving of special protection for national security. Critical infrastructure has traditionally been viewed as under the scope of government due to its strategic importance, yet there's an observable trend towards its privatization, raising discussions about how the private sector can contribute to these essential services.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security.

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerabilities are also known as the attack surface. Constructs in programming languages that are difficult to use properly can also manifest large numbers of vulnerabilities.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

In computer security, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. IA encompasses both digital protections and physical techniques. These methods apply to data in transit, both physical and electronic forms, as well as data at rest. IA is best thought of as a superset of information security, and as the business outcome of information risk management.

Physical information security is the intersection, the common ground between physical security and information security. It primarily concerns the protection of tangible information-related assets such as computer systems and storage media against physical, real-world threats such as unauthorized physical access, theft, fire and flood. It typically involves physical controls such as protective barriers and locks, uninterruptible power supplies, and shredders. Information security controls in the physical domain complement those in the logical domain, and procedural or administrative controls.

A zero-day is a vulnerability or security hole in a computer system unknown to its owners, developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or zero-day attack.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, vulnerability, or attack, eliminating or preventing it by minimizing the harm it can cause. It can also include discovering and reporting vunerabilities so that corrective action can be taken.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

Climate resilience is a concept to describe how well people or ecosystems are prepared to bounce back from certain climate hazard events. The formal definition of the term is the "capacity of social, economic and ecosystems to cope with a hazardous event or trend or disturbance". For example, climate resilience can be the ability to recover from climate-related shocks such as floods and droughts. Methods of coping include suitable responses to maintain relevant functions of societies and ecosystems. To increase climate resilience means one has to reduce the climate vulnerability of people and countries. Efforts to increase climate resilience include a range of social, economic, technological, and political strategies. They have to be implemented at all scales of society, from local community action all the way to global treaties.

The following outline is provided as an overview of and topical guide to computer security:

References

  1. Schneier, Bruce. "The Difference Between Feeling and Reality in Security". Wired. ISSN   1059-1028 . Retrieved 2024-05-06.
  2. 1 2 Online Etymology Dictionary. "Origin and meaning of secure". etymonline.com. Retrieved 2017-12-17.
  3. 1 2 Barry Buzan, Ole Wæver, and Jaap de Wilde, Security: A New Framework for Analysis (Boulder: Lynne Rienner Publishers, 1998), p. 32
  4. 1 2 3 4 Gee, D (2016). "Rethinking Security: A discussion paper" (PDF). rethinkingsecurity.org.uk. Ammerdown Group. Archived (PDF) from the original on 2022-10-09. Retrieved 2017-12-17.
  5. US, Department of Defense (2000). "Joint Vision 2020 Emphasizes Full-spectrum Dominance". archive.defense.gov. Retrieved 2017-12-17.
  6. House of Commons Defence Committee (2015). "Re-thinking defence to meet new threats". publications.parliament.uk. Retrieved 2017-12-17.
  7. General Sir Nicholas Houghton (2015). "Building a British military fit for future challenges rather than past conflicts". gov.uk. Retrieved 2017-12-17.
  8. FCNL (2015). "Peace Through Shared Security" . Retrieved 2017-12-17.
  9. Rogers, P (2010). Losing control : global security in the twenty-first century (3rd ed.). London: Pluto Press. ISBN   9780745329376. OCLC   658007519.
  10. "Reliance spells end of road for ICT amateurs", May 07, 2013, The Australian
  11. United Nations General Assembly (2010). "Resolution adopted by the General Assembly on 20 December 2010". un.org. Retrieved 2017-12-17.
  12. United Nations. "Hunger and food security". United Nations Sustainable Development. Retrieved 2017-12-17.
  13. Food and Agriculture Organization (2013). "Greater focus on soil health needed to feed a hungry planet". fao.org. Retrieved 2017-12-17.
  14. Arsenault, C (2014). "Only 60 Years of Farming Left If Soil Degradation Continues". Scientific American. Retrieved 2017-12-17.
  15. United Nations (1945). "Charter of the United Nations, Chapter VII". un.org. Retrieved 2017-12-17.
  16. United Nations. "UN Trust Fund for Human Security". un.org. Retrieved 2017-12-17.
  17. United Nations General Assembly (2005). "Resolution adopted by the General Assembly 60/1: World Summit Outcome" (PDF). Archived (PDF) from the original on 2022-10-09. Retrieved 2017-12-17.
  18. Newsome, Bruce (2013). A Practical Introduction to Security and Risk Management. SAGE Publications. ISBN   1483313409.
  19. 1 2 Bruce Schneier, Beyond Fear: Thinking about Security in an Uncertain World, Copernicus Books, pages 26–27
  20. David Anderson QC (2012). "The Terrorism Acts in 2011" (PDF). Archived (PDF) from the original on 2022-10-09. Retrieved 2017-12-17.
  21. "What is femicide?". Women's Aid. Retrieved 2017-12-17.
  22. "Don't Believe In The War On Women? Would A Body Count Change Your Mind?". Upworthy. Retrieved 2017-12-17.
  23. "Violences conjugales: 118 femmes tuées en 2014". Libération.fr (in French). Retrieved 2017-12-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.