Content deleted Content added
No edit summary Tags: Reverted Mobile edit Mobile web edit |
Citation bot (talk | contribs) Added bibcode. Removed URL that duplicated identifier. Removed parameters. | Use this bot. Report bugs. | Suggested by Headbomb | Linked from Wikipedia:WikiProject_Academic_Journals/Journals_cited_by_Wikipedia/Sandbox | #UCB_webform_linked 495/1032 |
||
| (34 intermediate revisions by 21 users not shown) | |||
Line 8:
'''Computer security''' (also '''cybersecurity''', '''digital security''', or '''information technology (IT) security''') is a subdiscipline within the field of [[information security]]. It focuses on protecting [[computer software]], [[system]]s and [[computer network|networks]] from [[Threat (security)|threats]] that can lead to unauthorized information disclosure, theft or damage to [[computer hardware|hardware]], [[software]], or [[Data (computing)|data]], as well as from the disruption or misdirection of the [[Service (economics)|services]] they provide.<ref name=":2">{{Cite journal |last1=Schatz |first1=Daniel |last2=Bashroush |first2=Rabih |last3=Wall |first3=Julie |date=2017 |title=Towards a More Representative Definition of Cyber Security |url=https://commons.erau.edu/jdfsl/vol12/iss2/8/ |journal=Journal of Digital Forensics, Security and Law |language=en |volume=12 |issue=2 |issn=1558-7215}}</ref><ref>{{Britannica|130682}}</ref>
The growing significance of
As Although many aspects of computer security involve digital security, such as electronic [[passwords]] and [[encryption]], [[physical security]] measures such as [[Lock and key|metal locks]] are still used to prevent unauthorized tampering. IT security is not a perfect subset of [[information security]], therefore does not completely align into the [[security convergence]] schema.
Line 222 ⟶ 225:
* Mobile-enabled access devices are growing in popularity due to the ubiquitous nature of cell phones.<ref>{{Cite web |date=2024-02-23 |title=Access Control Statistics: Trends & Insights |url=https://entrycare.com/access-control-statistics/ |access-date=2024-04-26 |language=en-US}}</ref> Built-in capabilities such as [[Bluetooth]], the newer [[Bluetooth low energy]] (LE), [[near-field communication]] (NFC) on non-iOS devices and [[biometrics|biometric]] validation such as thumbprint readers, as well as [[QR code]] reader software designed for mobile devices, offer new, secure ways for mobile phones to connect to access control systems. These control systems provide computer security and can also be used for controlling access to secure buildings.<ref>{{cite web |date=4 November 2013 |title=Forget IDs, use your phone as credentials |url=http://video.foxbusiness.com/v/2804966490001/forget-ids-use-your-phone-as-credentials/?playlist_id=937116503001#sp=show-clips |url-status=live |archive-url=https://web.archive.org/web/20140320215829/http://video.foxbusiness.com/v/2804966490001/forget-ids-use-your-phone-as-credentials/?playlist_id=937116503001#sp=show-clips |archive-date=20 March 2014 |access-date=20 March 2014 |publisher=[[Fox Business Network]]}}</ref>
* [[IOMMU]]s allow for hardware-based [[Sandbox (computer security)|sandboxing]] of components in mobile and desktop computers by utilizing [[direct memory access]] protections.<ref>{{cite web |title=Direct memory access protections for Mac computers |url=https://support.apple.com/guide/security/direct-memory-access-protections-seca4960c2b5/1/web/1 |access-date=16 November 2022 |website=Apple}}</ref><ref>{{cite web |title=Using IOMMU for DMA Protection in UEFI Firmware |url=https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf |url-status=live |archive-url=https://web.archive.org/web/20211209062425/https://www.intel.com/content/dam/develop/external/us/en/documents/intel-whitepaper-using-iommu-for-dma-protection-in-uefi-820238.pdf |archive-date=2021-12-09 |access-date=16 November 2022 |publisher=Intel Corporation}}</ref>
* [[Physical unclonable function|Physical Unclonable Functions]] (PUFs) can be used as a digital fingerprint or a unique identifier to integrated circuits and hardware, providing users the ability to secure the hardware supply chains going into their systems.<ref>{{Cite journal |last1=Babaei |first1=Armin |last2=Schiele |first2=Gregor |last3=Zohner |first3=Michael |date=2022-07-26 |title=Reconfigurable Security Architecture (RESA) Based on PUF for FPGA-Based IoT Devices |journal=Sensors |language=en |volume=22 |issue=15 |page=5577 |bibcode=2022Senso..22.5577B |doi=10.3390/s22155577 |issn=1424-8220 |pmc=9331300 |pmid=35898079 |doi-access=free}}</ref><ref>{{Cite journal |last1=Hassija |first1=Vikas |last2=Chamola |first2=Vinay |last3=Gupta |first3=Vatsal |last4=Jain |first4=Sarthak |last5=Guizani |first5=Nadra |date=2021-04-15 |title=A Survey on Supply Chain Security: Application Areas, Security Threats, and Solution Architectures
===Secure operating systems===
Line 560 ⟶ 563:
There is growing concern that cyberspace will become the next theater of warfare. As Mark Clayton from ''[[The Christian Science Monitor]]'' wrote in a 2015 article titled "The New Cyber Arms Race":
{{blockquote|In the future, wars will not just be fought by soldiers with guns or with planes that drop bombs. They will also be fought with the click of a mouse a half a world away that unleashes carefully weaponized computer programs that disrupt or destroy critical industries like utilities, transportation, communications, and energy. Such attacks could also disable military networks that control the movement of troops, the path of jet fighters, the command and control of warships.<ref>{{cite journal |last1=Clayton |first1=Mark |title=The new cyber arms race |url=
This has led to new terms such as ''cyberwarfare'' and ''[[cyberterrorism]]''. The [[United States Cyber Command]] was created in 2009<ref>{{Cite news |author=Nakashima, Ellen |date=13 September 2016 |title=Obama to be urged to split cyberwar command from NSA |newspaper=[[The Washington Post]] |url=https://www.washingtonpost.com/world/national-security/obama-to-be-urged-to-split-cyberwar-command-from-the-nsa/2016/09/12/0ad09a22-788f-11e6-ac8e-cf8e0dd91dc7_story.html |archive-url=https://archive.today/20161012083815/https://www.washingtonpost.com/world/national-security/obama-to-be-urged-to-split-cyberwar-command-from-the-nsa/2016/09/12/0ad09a22-788f-11e6-ac8e-cf8e0dd91dc7_story.html |archive-date=12 October 2016 |access-date=15 June 2017 }}</ref> and many other countries [[Cyberwarfare#Cyber activities by nation|have similar forces]].
Line 637 ⟶ 640:
Since the [[Internet]]'s arrival and with the digital transformation initiated in recent years, the notion of cybersecurity has become a familiar subject in both our professional and personal lives. Cybersecurity and cyber threats have been consistently present for the last 60 years of technological change. In the 1970s and 1980s, computer security was mainly limited to [[wikt:academia|academia]] until the conception of the Internet, where, with increased connectivity, computer viruses and network intrusions began to take off. After the spread of viruses in the 1990s, the 2000s marked the institutionalization of organized attacks such as [[distributed denial of service]].<ref>{{Cite web |title=A Brief History of the Cybersecurity Profession |url=https://www.isaca.org/resources/news-and-trends/industry-news/2022/a-brief-history-of-the-cybersecurity-profession |access-date=2023-10-13 |website=ISACA}}</ref> This led to the formalization of cybersecurity as a professional discipline.<ref>{{Cite web |title=One step ahead in computing security |url=https://www.rit.edu/news/one-step-ahead-computing-security |access-date=2023-10-13 |website=RIT |language=en}}</ref>
The [[Security and Privacy in Computer Systems|April 1967 session]] organized by [[Willis Ware]] at the [[Spring Joint Computer Conference]], and the later publication of the [[Ware Report]], were foundational moments in the history of the field of computer security.<ref name="MAHC.2016.48">{{Cite journal |last1=Misa |first1=Thomas J. |year=2016 |title=Computer Security Discourse at RAND, SDC, and NSA (1958-1970) |url=https://dl.acm.org/doi/10.1109/MAHC.2016.48 |journal=IEEE Annals of the History of Computing |volume=38 |issue=4 |pages=12–25 |doi=10.1109/MAHC.2016.48 |bibcode=2016IAHC...38d..12M |s2cid=17609542|url-access=subscription }}</ref> Ware's work straddled the intersection of material, cultural, political, and social concerns.<ref name="MAHC.2016.48" />
A 1977 [[NIST]] publication<ref>{{cite web |first1=A. J.|last1=Neumann|first2=N.|last2=Statland|first3=R. D.|last3=Webb |date=1977 |title=Post-processing audit tools and techniques |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |url-status=live |archive-url=https://web.archive.org/web/20161010044638/http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-19.pdf |archive-date=2016-10-10 |access-date=2020-06-19 |website=nist.gov |publisher=US Department of Commerce, National Bureau of Standards |pages=11–3–11–4 |language=en-US}}</ref> introduced the ''CIA triad'' of confidentiality, integrity, and availability as a clear and simple way to describe key security goals.<ref>{{cite web |last1=Irwin |first1=Luke |date=5 April 2018 |title=How NIST can protect the CIA triad, including the often overlooked 'I' – integrity |url=https://blog.itgovernanceusa.com/blog/how-nist-can-protect-the-cia-triad-including-the-often-overlooked-i-integrity |access-date=16 January 2021 |website=www.itgovernanceusa.com}}</ref> While still relevant, many more elaborate frameworks have since been proposed.<ref>{{cite web |last=Perrin |first=Chad |date=30 June 2008 |title=The CIA Triad |url=http://www.techrepublic.com/blog/security/the-cia-triad/488 |access-date=31 May 2012 |website=techrepublic.com}}</ref><ref>{{cite report |url=http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |title=Engineering Principles for Information Technology Security |last1=Stoneburner |first1=G. |last2=Hayden |first2=C. |publisher=csrc.nist.gov |doi=10.6028/NIST.SP.800-27rA |last3=Feringa |first3=A. |archive-url=https://web.archive.org/web/20041012074937/http://csrc.nist.gov/publications/nistpubs/800-27A/SP800-27-RevA.pdf |archive-date=2004-10-12 |url-status=live |year=2004}} ''Note: this document has been superseded by later versions.''</ref>
However, in the 1970s and 1980s, there were no grave computer threats because computers and the internet were still developing, and security threats were easily identifiable. More often, threats came from malicious insiders who gained unauthorized access to sensitive documents and files. Although malware and network breaches existed during the early years, they did not use them for financial gain. By the second half of the 1970s, established computer firms like [[IBM]] started offering commercial access control systems and computer security software products.<ref>{{Cite journal |last=Yost |first=Jeffrey R. |date=April 2015 |title=The Origin and Early History of the Computer Security Software Products Industry
One of the earliest examples of an attack on a computer network was the [[computer worm]] [[Creeper and Reaper|Creeper]] written by Bob Thomas at [[BBN Technologies|BBN]], which propagated through the [[ARPANET]] in 1971.<ref>{{Cite web |date=2023-04-19 |title=A Brief History of Computer Viruses & What the Future Holds |url=https://www.kaspersky.com/resource-center/threats/a-brief-history-of-computer-viruses-and-what-the-future-holds |access-date=2024-06-12 |website=www.kaspersky.com |language=en}}</ref> The program was purely experimental in nature and carried no malicious payload. A later program, [[Creeper and Reaper|Reaper]], was created by [[Ray Tomlinson]] in 1972 and used to destroy Creeper.{{citation needed|date=April 2020}}
| |||