Computer security software: Difference between revisions

The computer security software products industry was launched in the second half of the 1970s when computer firms and new IT startups chose alternative paths to offer commercial access control systems to organizational mainframe computer users. These developments were led by [[IBM]]'s [[Resource Access Control Facility]] and SKK's Access Control Facility 2.<ref>{{Cite webjournal |title=The Origin and Early History of the Computer Security Software Products Industry |urljournal=https:/IEEE Annals of the History of Computing|date=2015 |doi=10.1109/ieeexploreMAHC.ieee2015.org/abstract/document/711646421 |access-datelast1=2023-12-13Yost |websitefirst1=ieeexploreJeffrey R.ieee.org |volume=37 |issue=2 |pages=46–58 }}</ref>

A critical tool used in developing software that prevents malicious access is ''Threat Modeling''.<ref>{{Cite journal|last1=Bodeau|first1=Deborah J.|last2=McCollum|first2=Catherine D.|last3=Fox|first3=David B.|date=2018-04-07|title=Cyber Threat Modeling: Survey, Assessment, and Representative Framework|url=https://apps.dtic.mil/sti/citations/AD1108051|archive-url=https://web.archive.org/web/20210929040958/https://apps.dtic.mil/sti/citations/AD1108051|url-status=live|archive-date=September 29, 2021|language=en}}</ref> Threat modeling is the process of creating and applying mock situations where an attacker could be trying to maliciously access data in [[cyberspace]]. By doing this, various profiles of potential attackers are created, including their intentions, and a catalog of potential vulnerabilities are created for the respective organization to fix before a real threat arises.<ref>{{Cite web|title=Threat Modeling: 12 Available Methods|url=https://insights.sei.cmu.edu/blog/threat-modeling-12-available-methods/|access-date=2021-10-04|website=SEI Blog|date=2 December 2018 |language=en}}</ref> Threat modeling covers a wide aspect of cyberspace, including devices, applications, systems, networks, or enterprises. Cyber threat modeling can inform organizations with their efforts pertaining to cybersecurity in the following ways:<ref>{{Cite book|last=Jones|first=Andy|url=https://www.worldcat.org/oclc/159937634|title=Risk management for computer security : Protecting your network and information assets|date=2005|publisher=Elsevier Butterworth-Heinemann|others=Debi Ashenden|isbn=978-0-08-049155-4|___location=Amsterdam, Netherlands|oclc=159937634}}</ref>

These programs use algorithms either stolen from, or provided by, the police and military internet observation organizations to provide the equivalent of a police [[Radio scanner]]. Most of these systems are born out of [[mass surveillance]] concepts for internet traffic, cell phone communication, and physical systems like [[CCTV]]. In a global perspective they are related to the fields of [[SIGINT]] and [[ELINT]] and approach [[Geospatial intelligence|GEOINT]] in the global information monitoring perspective. Several instant messaging programs such as [[ICQ]] (founded by "former" members of [[Unit 8200]]), or [[WeChat]] and [[QQ]] (rumored [[3PLA]]/[[4PLA]] connections<ref>{{cite news |last1=O'Neill |first1=Patrick Howell |title=Under tough surveillance, China's cybercriminals find creative ways to chat |url=https://www.cyberscoop.com/chinese-cybercriminals-speak-in-code-to-hide-from-government-surveillance/ |access-date=22 October 2020 |agency=cyberscoop |publisher=SNG |date=3 May 2017}}</ref><ref>{{cite news |last1=Dasgupta |first1=Binayak |title=Mass surveillance risk real with Chinese apps: Experts |url=https://www.hindustantimes.com/india-news/mass-surveillance-threat-real-with-chinese-apps-says-cybersecurity-experts/story-HphmVO6k2D8kiRMqoD4NgI.html |access-date=22 October 2020 |publisher=Hindustan Times, New Delhi |date=1 July 2020}}</ref>) may represent extensions of these observation apparati.