Front cover - IBM Redbooks

This NIST document provides, on page 5, a definition of computer security.
Computer Security: The protection afforded to an automated information
system in order to attain the applicable objectives of preserving the integrity,
availability and confidentiality of information system resources (includes
hardware, software, firmware, information/data, and telecommunications).
This is a definition that is bit difficult to grasp, so let’s take a small step back. Let’s
define in simpler terms the concepts of both security and IT security.
Security (General)
Security is something that gives or assures safety, such as:
► Measures adopted by a government to prevent espionage, sabotage, or
attack
► Measures adopted by a business or homeowner to prevent a crime such as
burglary or assault.
Security is thus the freedom from risk or danger
Security (Information Technology)
IT Security is also something that gives or assures safety, such as:
► Measures adopted by an IT department to prevent espionage, sabotage, or
attack of their IT architecture
► Measures adopted by an IT department to prevent the defacement, damage
or destruction of their IT architecture
IT Security is also a set of measures adopted by an IT department to prevent
denial of service attacks or any attack preventing access to their IT architecture.
IT Security is thus the freedom from such security risks or dangers; safety for an
IT department (and the company) in knowing that their systems are secure.
Computer security (revisited)
The term computer security, which can be used interchangeably with IT security,
is the facet of computer science whose primary objective is to assure safety of
information and to offer measures to guard against attack, theft, or disclosure so
that:
► The information is timely, accurate, complete, and consistent; and that when
transmitted over a computer network, it has not been changed during
transmission (integrity).
Chapter 1. Fundamentals of IT security 13