Online Computer Security Schools: Computer security, or information security,is a branch of technology that focuses upon the security of information as it relates to computers. The objective of computer security varies and can include protection of information from theft or corruption, or the preservation of its availability, as defined in the security policy.
Online Security Schools and Colleges Computer security imposes requirements on specific computers that are different from most system requirements; because they often take the form of constraints on what computers are not supposed to do. This makes this form of security particularly challenging, because it is already difficult enough to make programs do everything correctly that they are designed to do. Furthermore, negative requirements are deceptively complicated to satisfy and require exhaustive testing, which is impractical for most computer programs. Computer security provides a technical strategy to convert negative requirements to positive enforceable rules. For this reason, computer securityis often more technical and mathematical than some computer science fields.
Usages: One use of the term, “computer security”, refers to utilizing technology to implement a secure operating system. Much of this technology is based on science developed in the 1980s and is used to produce what may be some of the most impenetrable operating systems ever created. Though still valid, the technology is in limited use today, primarily because it imposes some changes to systems management, and also because it is not widely understood. Such ultra-strong secure operating systems are based on operating system kernel technology, which can guarantee that certain security policies are absolutely enforced in an operating environment. An example of such a security policy is the Bell-LaPadula model. The strategy is based on a coupling of special microprocessor hardware features, often involving the memory management unit, to a special correctly implemented operating system kernel. This forms the foundation for a secure operating system which, if certain critical parts are designed and implemented correctly, can ensure the absolute impossibility of penetration by hostile elements. This capability is enabled because the configuration not only imposes a security policy, but in theory completely protects itself from corruption. Ordinary operating systems, on the other hand, lack the features that assure this maximal level of security. The design methodology to produce such secure systems is precise, deterministic and logical.
Systems designed with such methodology represent state of the art computer security, although products using such security are not widely known. In sharp contrast to most kinds of software, they meet specifications with verifiable certainty comparable to specifications for size, weight and power. Secure operating systems designed this way are used primarily to protect national security information, military secrets and the data of international financial institutions. These are powerful security tools; and only a few secure operating systems have been certified at the highest level (Orange Book A-1) to operate over the range of "Top Secret" to "unclassified" (including Honeywell SCOMP, USAF SACDIN, NSA Blacker and Boeing MLS LAN.) The assurance of security depends not only on the soundness of the design strategy, but also on the assurance of correctness of the implementation. Therefore, there are degrees of security strength defined for COMPUSEC. The Common Criteria quantifies security strength of products in terms of two components: security functionality and assurance level (such as EAL levels). These are specified in a Protection Profile for requirements and a Security Target for product descriptions. None of these ultra-high, assurance secure, general purpose operating systems have been produced for decades or certified under the Common Criteria.
In USA parlance, the term “High Assurance” usually suggests that the system has the right security functions that are implemented robustly enough to protect DoD and DoE classified information. Medium assurance suggests it can protect less valuable information, such as income tax information. Secure operating systems designed to meet medium robustness levels of security functionality and assurances have seen wider use within both government and commercial markets. Medium robust systems may provide the same security functions as high assurance secure operating systems, but may do so at a lower assurance level (such as Common Criteria levels EAL4 or EAL5). Lower levels mean we can be less certain that the security functions are implemented flawlessly; and they are, therefore, less dependable. These systems are found in use on web servers, guards, database servers, and management hosts and are used not only to protect the data stored on these systems but also to provide a high level of protection for network connections and routing services.
