Defining the word security
The word "security" in general usage is synonymous with "safety," but as a technical term "security" means that something not only is secure but that it has been secured For example, In telecommunication, the term security has the following meanings:
* A condition that results from the establishment and maintenance of protective measures that ensure a state of inviolability from hostile acts or influences.
* With respect to classified matter, the condition that prevents unauthorized persons from having access to official information that is safeguarded in the interests of national security.
* Measures taken by a military unit an activity or installation to protect itself against all acts designed to, or which may, impair its effectiveness.
Sources: from Federal Standard 1037C and adapted from the Department of defense Dictionary of military and Associated Terms
Another proposed alternative definition:
When our expectations are met, we can say that quality has been met. When our expectations are met once and again, despite of errors, catastrophes and attacks which in principle could prevent our expectations to be met, we can say that security has been met. Security is not falsifiable (Popper). We can prove that there has been a security failure, but we can't prove that there hasn't. Security measures improve the likeliness of expectations to be met, and therefore improve security. With respect to classified matter there is an expectation of the classified matter to remain secret for as long as we wish. A control access system is the security measure that helps this expectation to be accomplished.
The key problem in defining security is that it is an inherently fuzzy concept. If someone offers you a cigarette, should your bodyguard stop him? This is a method of making your death more likely, but, since you want to smoke the cigarette you would consider it bad to be deprived. If, on the other hand, the cigarette was poisoned, this would be a clear breach of security. Most security measures also involve compromise. If you want to be safe from poisoned cigarettes, you must also accept that you will lose access to free cigarettes from strangers. If you want to be even safer, you must stop smoking.
Security has to be compared and contrasted with other related concepts: Safety, continuity, reliability. The key difference between security and reliability is that security must take into account the actions of active malicious agents attempting to cause destruction.
A simple and clear definition of effective security could be a secure system is a system which does exactly what we want it to do and nothing that we don't want it to do even when someone else tries to make it behave differently.
Perceived security compared to real security
It is very often true that people's perception of security is not directly related to the actual security. For example, a fear of flying is much more common than a fear of driving; however, driving is generally a much more dangerous form of transport.
Another side of this is a phenomenon called security theatre where ineffective security measures such as screening of airline passengers based on static databases are introduced with little real increase in security or even, according to the critics of one such measure--CAPPS--with an actual decrease in real security.
There is an immense literature on the analysis and categorisation of security. Part of the reason for this Is that, in most security systems, it Is the "weakest link in the chain" which is the most important. The situation is asymmetric since defender must cover all points of attack whilst the attacker must only identify one weak point and concentrate on that.
Types of security
* physical security * information security * Computing security * financial security * human security
Certain concepts recur throughout different fields of security.
* risk--a risk is a possible event which could cause a loss
* threat--a threat is a method of triggering a risk event
* countermeasure--a countermeasure is a way to stop a threat from triggering a risk event
* defense in depth--never rely on one single security measure alone
* assurance--assurance is the level of guarantee that a security system will behave as expected
* TCSEC (Orange Book)
* Common Criteria
* ISO 17799:2000 Code of practice for information security management (http://www.iso.ch/iso/en /CatalogueDetailPage.CatalogueDetail?CSNUMBER=33441&1CSI=35)
* The newer ISO 17799:2005 Code of practice for information security management (http://www.iso.org/iso/en /CatalogueDetailPage.CatalogueDetail?CSNUMBER=39612&ICSI=35&ICS2=40&ICS3=)