Security
services
Definition of security
Security
is a state free from danger. This term can be used with relation to the crime,
all forms of accidents, and others. Security is a broad topic, including
national's security against terrorist attacks, computer security against
hackers, home security against thieves and other intruders, financial security
against economic collapse and many other related situations.
Categorize security
There
is a lot of literature in the analysis and categorization of security. An
important part of security is "the weakest point in the chain". The
situation is also different because the protector should cover all points of
attack while the attacker need only identify a single weak point and
concentrate on it.
The concept of security
Some
of the concepts occurred in several areas of security :
a. Risk
- a risk is the likelihood of events that lead to loss
b. Threat
- a threat is a method to realize the risks
c. Countermeasures
- a countermeasures is a way to stop the threat
d. Defense
in depth - never rely on just one pengatasan security.
e. Insurance
- Insurance is the level of guarantee that a security system will be applicable
as expected.
Defenition
of services
In
economics, the definition of services is the economic activity that involves a
number of interactions with consumers or with belongings, but did not result in
a transfer of ownership.
Many
experts who defines " services " include :
a. Philip
Kotler : the service is any act or performance offered by one party to the
other party that, in principle, intangible and does not cause any transfer of
ownership. Production can be related and could also not tied to a physical
product.
b. Adrian
Payne : service is economic activity that has a number of elements (values or
benefits) associated with intangible, which involve a number of interactions
with consumers or with belongings, but did not result in a transfer of
ownership. Emitter changes may emerge and the conditions of production of a
service may have or may not have any relation with the physical product.
c. Christian
Gronross : service is a process consisting of a set of intangible activities
which are usually (but not always) occurs in the interaction between customer
and employee services and or physical resources or goods and or service
providers systems, which are provided as solutions to customer problems".
the interaction between service providers and customers often occurs in the
service , even if the parties involved may not be aware of it. Moreover, it is
possible there is a situation where a customer as an individual does not
interact directly with the company's services.
Characteristics
of services
Often
it is said that services have unique characteristics that distinguish them from
the goods or manufactured products. The four most common characteristics in
distinguishing of goods and services in general are ( Payne, 2001:9 ) :
a.
Intangible
Services
are abstract and intangible, meaning services can not be seen, felt, tasted or
touched as can be perceived from an item.
b.
Heterogeneity
Services
are non- variable - standard and very varied. That is, because of the services
in the form of a performance, then no results even though the same services
done by one person. This is due to the interaction of humans (employees and
customers) with all the differences in expectations and perceptions that
accompany these interactions.
c.
Can
not be separated
Services
are generally produced and consumed at the same time, with the participation of
consumers in the process. Means, the consumer must be in place services that
are requested, so that consumers see and even take part in the production
process.
d.
Not
durable
Services
may not be stored in inventory. This means that services can not be stored,
sold again to someone else, or returned to the manufacturer where he bought the
services of services.
Security
services is a very important to keep the data in the network is not easily
erased or lost. The system of security also helps to secure the network without
blocking its use and put anticipation when the network successfully penetrated.
Network security here is certain to provide enhanced security and to monitor
the network and provide information if something goes not supposed to. This
service can reduce the level of theft and crime.
Improved
network security can be made to:
1.
Confidential
(privacy )
With
many unknown users on the network menebabkan hiding sensitive data becomes
difficult.
Privacy
(from Latin: privatus "separated from the rest, deprived of something,
esp. office, participation in the government", from privo "to
deprive") is the ability of an individual or group to seclude themselves
or information about themselves and thereby express themselves selectively. The
boundaries and content of what is considered private differ among cultures and
individuals, but share common themes. When something is private to a person, it
usually means there is something to them inherently special or sensitive. The
domain of privacy partially overlaps security, including for instance the concepts
of appropriate use, as well as protection of information. Privacy may also take
the form of bodily integrity.
2.
The
integration of data ( data integrity )
Since
many nodes and potential users to access the computing system, the risk of data
corruption is higher.
Data
integrity refers to maintaining and assuring the accuracy and consistency of
data over its entire life-cycle, and is a critical aspect to the design,
implementation and usage of any system which stores, processes or retrieves
data. The term data integrity is broad in scope and may have widely different
meanings depending on the specific context - even under the same general
umbrella of computing. This article provides only a broad overview of some of
the different types and concerns of data integrity.
3.
Authenticity
(authenticity)
It
is difficult to ascertain the identity of the user on the remote system, as a
result of the host may not trust the authenticity of a user which is run by
another host.
Authenticity
concerns the truthfulness of origins, attributions, commitments, sincerity,
devotion, and intentions.
4.
Convert
Channel
Network
offers many possibilities for channel construction to convert the data stream,
because so much data is being transmitted in order to hide the message.
In
computer security, a covert channel is a type of computer security attack that
creates a capability to transfer information objects between processes that are
not supposed to be allowed to communicate by the computer security policy. The
term, originated in 1973 by Lampson is defined as "(channels) not intended
for information transfer at all, such as the service program's effect on system
load." to distinguish it from Legitimate channels that are subjected to
access controls by COMPUSEC.
Security
can be defined as follows :
a.
Integrity
Requires
that the information can only be changed by those who have the authority.
Integrity
is a concept of consistency of actions, values, methods, measures, principles,
expectations, and outcomes.
b.
Confidentiality
Requires
that the information (data) can only be accessed by those who have authority.
Confidentiality
is a set of rules or a promise that limits access or places restrictions on
certain types of information.
c.
Authentication
Requires
that a sender can be identified with the correct information and there is no
guarantee that the false identity is not obtained.
Authentication
(from Greek: αὐθεντικός; real or genuine, from αὐθέντης authentes; author) is
the act of confirming the truth of an attribute of a datum or entity. This
might involve confirming the identity of a person or software program, tracing
the origins of an artifact, or ensuring that a product is what its packaging
and labeling claims to be. Authentication often involves verifying the validity
of at least one form of identification.
d.
Availability
Requires
that the information available to parties who have authority when needed.
In
reliability theory and reliability engineering, the term availability has the
following meanings:
·
The degree to which a system, subsystem
or equipment is in a specified operable and committable state at the start of a
mission, when the mission is called for at an unknown, i.e. a random, time.
Simply put, availability is the proportion of time a system is in a functioning
condition. This is often described as a mission capable rate. Mathematically,
this is expressed as 1 minus unavailability.
·
The ratio of (a) the total time a
functional unit is capable of being used during a given interval to (b) the
length of the interval.
e.
Non
- repudiation
Requires
that both the sender and recipient information can not deny sending and receiving
messages.
Non-repudiation
refers to a state of affairs where the purported maker of a statement will not
be able to successfully challenge the validity of the statement or contract.
The term is often seen in a legal setting wherein the authenticity of a
signature is being challenged. In such an instance, the authenticity is being
"repudiated".
Attack
(interruption) to the security can be categorized into four main categories :
a.
Interruption
An
asset of an attacked system so that it becomes unavailable or can not be used
by the authorities. An example is the destruction / modification of the
hardware or network channel.
Interruption
may refer to:
·
Interruption science, interruption and
human behavior.
·
Interruption marketing, a pejorative
term for the advertising technique.
·
Interruptions (epic theatre), the
technique defined by Bertolt Brecht.
b.
Interception
An
unauthorized person to get access to an asset. Parties in question could be a
person, program, or other system. Examples are tapping against the data in a
network.
An
interception or pick is a move involving a pass, either by foot or hand, being
caught by an opposition player, who usually gains possession for his team. It
is commonly used in football, including Canadian and American football, as well
as rugby league, rugby union, Australian rules football and Gaelic football.
c.
Modification
An
unauthorized person can make changes to an asset. An example is the change in
the value of the data file, modify the program so it runs improperly, and
modification of the message that is being transmitted in the network.
Modification
may refer to:
·
Modifications of school work for
students with special educational needs.
·
Modifications (genetics).
·
Posttranslational modifications.
·
Modding, modifying hardware or software.
·
Mod (video gaming).
·
Modified car.
·
Body modification.
·
Grammatical modifier
d.
Fabrication
An unauthorized party inserts counterfeit objects into
the system. An example is sending false messages to others.
Tidak ada komentar:
Posting Komentar