Content deleted Content added
→Notable scholars: Added Ron Ross Tags: Mobile edit Mobile web edit Advanced mobile edit |
Citation bot (talk | contribs) Added bibcode. Removed URL that duplicated identifier. Removed parameters. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 495/1032 |
||
| (47 intermediate revisions by 30 users not shown) | |||
Line 6:
[[File:Computer locked.jpg|thumb|right|An example of a physical security measure: a metal lock on the back of a personal computer to prevent hardware tampering.]]
'''Computer security''' (also '''cybersecurity''', '''digital security''', or '''information technology (IT) security''') is a subdiscipline within the field of [[information security]]. It
The growing significance of computer insecurity reflects the increasing dependence on [[computer systems]], the [[Internet]],<ref>{{Cite news |last=Tate |first=Nick |date=7 May 2013 |title=Reliance spells end of road for ICT amateurs |newspaper=The Australian |url=https://www.theaustralian.com.au/news/reliance-spells-end-of-road-for-ict-amateurs/news-story/6f84ad403b8721100f5957a472a945eb |url-access=subscription}}</ref> and evolving [[wireless network standards]]. This reliance has expanded with the proliferation of [[smart device]]s, including [[smartphone]]s, [[television]]s, and other components of the [[Internet of things]] (IoT).
▲The significance of the field stems from the expanded reliance on [[computer systems]], the [[Internet]],<ref>{{Cite news |last=Tate |first=Nick|date=7 May 2013 |title=Reliance spells end of road for ICT amateurs |newspaper=The Australian |url=https://www.theaustralian.com.au/news/reliance-spells-end-of-road-for-ict-amateurs/news-story/6f84ad403b8721100f5957a472a945eb |url-access=subscription}}</ref> and [[wireless network standards]]. Its importance is further amplified by the growth of [[smart device]]s, including [[smartphone]]s, [[television]]s, and the various devices that constitute the [[Internet of things]] (IoT). Cybersecurity has emerged as one of the most significant new challenges facing the contemporary world, due to both the complexity of [[information systems]] and the societies they support. Security is particularly crucial for systems that govern large-scale systems with far-reaching physical effects, such as [[Electric power distribution|power distribution]], [[Election security|elections]], and [[finance]].<ref>{{cite journal |last1=Kianpour |first1=Mazaher |last2=Kowalski |first2=Stewart |last3=Øverby |first3=Harald |date=2021 |title=Systematically Understanding Cybersecurity Economics: A Survey |journal=Sustainability |volume=13 |issue=24 |page=13677 |doi=10.3390/su132413677 |doi-access=free|bibcode=2021Sust...1313677K |hdl=11250/2978306 |hdl-access=free | issn=2071-1050 }}</ref><ref>{{cite journal |last1=Stevens |first1=Tim |date=11 June 2018 |title=Global Cybersecurity: New Directions in Theory and Methods |url=https://kclpure.kcl.ac.uk/portal/files/97261726/PaG_6_2_Global_Cybersecurity_New_Directions_in_Theory_and_Methods.pdf |archive-url=https://web.archive.org/web/20190904151257/https://kclpure.kcl.ac.uk/portal/files/97261726/PaG_6_2_Global_Cybersecurity_New_Directions_in_Theory_and_Methods.pdf |archive-date=2019-09-04 |url-status=live |journal=Politics and Governance |volume=6 |issue=2 |pages=1–4 |doi=10.17645/pag.v6i2.1569 |doi-access=free}}</ref>
Although many aspects of computer security involve digital security, such as electronic [[passwords]] and [[encryption]], [[physical security]] measures such as [[Lock and key|metal locks]] are still used to prevent unauthorized tampering. IT security is not a perfect subset of [[information security]], therefore does not completely align into the [[security convergence]] schema.
Line 222 ⟶ 225:
* Mobile-enabled access devices are growing in popularity due to the ubiquitous nature of cell phones.<ref>{{Cite web |date=2024-02-23 |title=Access Control Statistics: Trends & Insights |url=https://entrycare.com/access-control-statistics/ |access-date=2024-04-26 |language=en-US}}</ref> Built-in capabilities such as [[Bluetooth]], the newer [[Bluetooth low energy]] (LE), [[near-field communication]] (NFC) on non-iOS devices and [[biometrics|biometric]] validation such as thumbprint readers, as well as [[QR code]] reader software designed for mobile devices, offer new, secure ways for mobile phones to connect to access control systems. These control systems provide computer security and can also be used for controlling access to secure buildings.<ref>{{cite web |date=4 November 2013 |title=Forget IDs, use your phone as credentials |url=http://video.foxbusiness.com/v/2804966490001/forget-ids-use-your-phone-as-credentials/?playlist_id=937116503001#sp=show-clips |url-status=live |archive-url=https://web.archive.org/web/20140320215829/http://video.foxbusiness.com/v/2804966490001/forget-ids-use-your-phone-as-credentials/?playlist_id=937116503001#sp=show-clips |archive-date=20 March 2014 |access-date=20 March 2014 |publisher=[[Fox Business Network]]}}</ref>
* [[IOMMU]]s allow for hardware-based [[Sandbox (computer security)|sandboxing]] of components in mobile and desktop computers by utilizing [[direct memory access]] protections.<ref>{{cite web |title=Direct memory access protections for Mac computers |url=https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1 |access-date=16 November 2022 |website=Apple}}</ref><ref>{{cite web |title=Using IOMMU for DMA Protection in UEFI Firmware |url=https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf |url-status=live |archive-url=https://web.archive.org/web/20211209062425/https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf |archive-date=2021-12-09 |access-date=16 November 2022 |publisher=Intel Corporation}}</ref>
* [[Physical unclonable function|Physical Unclonable Functions]] (PUFs) can be used as a digital fingerprint or a unique identifier to integrated circuits and hardware, providing users the ability to secure the hardware supply chains going into their systems.<ref>{{Cite journal |last1=Babaei |first1=Armin |last2=Schiele |first2=Gregor |last3=Zohner |first3=Michael |date=2022-07-26 |title=Reconfigurable Security Architecture (RESA) Based on PUF for FPGA-Based IoT Devices |journal=Sensors |language=en |volume=22 |issue=15 |page=5577 |bibcode=2022Senso..22.5577B |doi=10.3390/s22155577 |issn=1424-8220 |pmc=9331300 |pmid=35898079 |doi-access=free}}</ref><ref>{{Cite journal |last1=Hassija |first1=Vikas |last2=Chamola |first2=Vinay |last3=Gupta |first3=Vatsal |last4=Jain |first4=Sarthak |last5=Guizani |first5=Nadra |date=2021-04-15 |title=A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures
===Secure operating systems===
Line 435 ⟶ 438:
{{main|Ashley Madison data breach{{!}}Ashley Madison Data Breach}}
In July 2015, a hacker group
| last = Mansfield-Devine
| first = Steve
Line 560 ⟶ 563:
There is growing concern that cyberspace will become the next theater of warfare. As Mark Clayton from ''[[The Christian Science Monitor]]'' wrote in a 2015 article titled "The New Cyber Arms Race":
{{blockquote|In the future, wars will not just be fought by soldiers with guns or with planes that drop bombs. They will also be fought with the click of a mouse a half a world away that unleashes carefully weaponized computer programs that disrupt or destroy critical industries like utilities, transportation, communications, and energy. Such attacks could also disable military networks that control the movement of troops, the path of jet fighters, the command and control of warships.<ref>{{cite journal |last1=Clayton |first1=Mark |title=The new cyber arms race |url=
This has led to new terms such as ''cyberwarfare'' and ''[[cyberterrorism]]''. The [[United States Cyber Command]] was created in 2009<ref>{{Cite news |author=Nakashima, Ellen |date=13 September 2016 |title=Obama to be urged to split cyberwar command from NSA |newspaper=[[The Washington Post]] |url=https://www.washingtonpost.com/world/national-security/obama-to-be-urged-to-split-cyberwar-command-from-the-nsa/2016/09/12/0ad09a22-788f-11e6-ac8e-cf8e0dd91dc7_story.html |archive-url=https://archive.today/20161012083815/https://www.washingtonpost.com/world/national-security/obama-to-be-urged-to-split-cyberwar-command-from-the-nsa/2016/09/12/0ad09a22-788f-11e6-ac8e-cf8e0dd91dc7_story.html |archive-date=12 October 2016 |access-date=15 June 2017 }}</ref> and many other countries [[Cyberwarfare#Cyber activities by nation|have similar forces]].
Line 637 ⟶ 640:
Since the [[Internet]]'s arrival and with the digital transformation initiated in recent years, the notion of cybersecurity has become a familiar subject in both our professional and personal lives. Cybersecurity and cyber threats have been consistently present for the last 60 years of technological change. In the 1970s and 1980s, computer security was mainly limited to [[wikt:academia|academia]] until the conception of the Internet, where, with increased connectivity, computer viruses and network intrusions began to take off. After the spread of viruses in the 1990s, the 2000s marked the institutionalization of organized attacks such as [[distributed denial of service]].<ref>{{Cite web |title=A Brief History of the Cybersecurity Profession |url=https://www.isaca.org/resources/news-and-trends/industry-news/2022/a-brief-history-of-the-cybersecurity-profession |access-date=2023-10-13 |website=ISACA}}</ref> This led to the formalization of cybersecurity as a professional discipline.<ref>{{Cite web |title=One step ahead in computing security |url=https://www.rit.edu/news/one-step-ahead-computing-security |access-date=2023-10-13 |website=RIT |language=en}}</ref>
The [[Security and Privacy in Computer Systems|April 1967 session]] organized by [[Willis Ware]] at the [[Spring Joint Computer Conference]], and the later publication of the [[Ware Report]], were foundational moments in the history of the field of computer security.<ref name="MAHC.2016.48">{{Cite journal |last1=Misa |first1=Thomas J. |year=2016 |title=Computer Security Discourse at RAND, SDC, and NSA (1958-1970) |url=https://dl.acm.org/doi/10.1109/MAHC.2016.48 |journal=IEEE Annals of the History of Computing |volume=38 |issue=4 |pages=12–25 |doi=10.1109/MAHC.2016.48 |bibcode=2016IAHC...38d..12M |s2cid=17609542|url-access=subscription }}</ref> Ware's work straddled the intersection of material, cultural, political, and social concerns.<ref name="MAHC.2016.48" />
A 1977 [[NIST]] publication<ref>{{cite web |first1=A. J.|last1=Neumann|first2=N.|last2=Statland|first3=R. D.|last3=Webb |date=1977 |title=Post-processing audit tools and techniques |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |url-status=live |archive-url=https://web.archive.org/web/20161010044638/http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |archive-date=2016-10-10 |access-date=2020-06-19 |website=nist.gov |publisher=US Department of Commerce, National Bureau of Standards |pages=11–3–11–4 |language=en-US}}</ref> introduced the ''CIA triad'' of confidentiality, integrity, and availability as a clear and simple way to describe key security goals.<ref>{{cite web |last1=Irwin |first1=Luke |date=5 April 2018 |title=How NIST can protect the CIA triad, including the often overlooked 'I' – integrity |url=https://blog.itgovernanceusa.com/blog/how-nist-can-protect-the-cia-triad-including-the-often-overlooked-i-integrity |access-date=16 January 2021 |website=www.itgovernanceusa.com}}</ref> While still relevant, many more elaborate frameworks have since been proposed.<ref>{{cite web |last=Perrin |first=Chad |date=30 June 2008 |title=The CIA Triad |url=http://www.techrepublic.com/blog/security/the-cia-triad/488 |access-date=31 May 2012 |website=techrepublic.com}}</ref><ref>{{cite report |url=http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |title=Engineering Principles for Information Technology Security |last1=Stoneburner |first1=G. |last2=Hayden |first2=C. |publisher=csrc.nist.gov |doi=10.6028/NIST.SP.800-27rA |last3=Feringa |first3=A. |archive-url=https://web.archive.org/web/20041012074937/http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |archive-date=2004-10-12 |url-status=live |year=2004}} ''Note: this document has been superseded by later versions.''</ref>
However, in the 1970s and 1980s, there were no grave computer threats because computers and the internet were still developing, and security threats were easily identifiable. More often, threats came from malicious insiders who gained unauthorized access to sensitive documents and files. Although malware and network breaches existed during the early years, they did not use them for financial gain. By the second half of the 1970s, established computer firms like [[IBM]] started offering commercial access control systems and computer security software products.<ref>{{Cite journal |last=Yost |first=Jeffrey R. |date=April 2015 |title=The Origin and Early History of the Computer Security Software Products Industry
One of the earliest examples of an attack on a computer network was the [[computer worm]] [[Creeper and Reaper|Creeper]] written by Bob Thomas at [[BBN Technologies|BBN]], which propagated through the [[ARPANET]] in 1971.<ref>{{Cite web |date=2023-04-19 |title=A Brief History of Computer Viruses & What the Future Holds |url=https://www.kaspersky.com/resource-center/threats/a-brief-history-of-computer-viruses-and-what-the-future-holds |access-date=2024-06-12 |website=www.kaspersky.com |language=en}}</ref> The program was purely experimental in nature and carried no malicious payload. A later program, [[Creeper and Reaper|Reaper]], was created by [[Ray Tomlinson]] in 1972 and used to destroy Creeper.{{citation needed|date=April 2020}}
Line 663 ⟶ 666:
* [[Matt Blaze]]
* [[Stefan Brands]]
* [[Josh Brunty]]
* [[L. Jean Camp]]
* [[Lorrie Cranor]]
Line 687 ⟶ 691:
* [[Fred Piper]]
* [[Ron Ross]]
* [[Tony Sager]]
* [[Roger R. Schell]]
* [[Bruce Schneier]]
| |||