Computer security is often thought of as a simple matter of keeping private data private. That is part of the concept, perhaps even the most important part, but there are other parts also. We see three issues at the heart of computer security.
- Secrets: Computers are information systems, and some information is necessarily proprietary. This information might include the passwords and keys that protect access to the system’s scarce resources, the data that allows access to users identities, and even actual real-life secrets that could affect physical safety. Security in this respect is about making sure that such secrets do not fall into the wrong hands, so that spammers can’t use a server to relay spam email, crooks can’t charge their purchases to your credit card, and malicious hackers can’t learn what is being done to prevent their threats.
- Scarce resources: Every computer has a limited number of CPU cycles per second, a limited amount of memory, a limited amount of disk space, and a limited amount of communications bandwidth. In this respect, then, security is about preventing the depletion of those resources, whether accidental or intentional, so that the needs of legitimate users can be met.
- Good netizenship: When a computer is connected to the Internet, the need for security takes on a new dimension. Suddenly, the compromise of what would appear to be merely local resources or secrets can affect other computers around the world. In a networked world, every programmer and system admin has a responsibility to every other programmer and system admin to ensure that their code and systems are free from either accidental or malicious exploitation that could compromise other systems on the net. Your reputation as a good netizen thus depends on the security of your systems.