ABSTRACT
This chapter describes several information system security risks, outlines some strategies for countering them, and briefly discusses how security is designed into a system. The objective of security is to protect the hardware, software, data, and other system resources from unauthorized, illegal, or unwanted access, use, modification, or theft. A good way to visualize security threats is to imagine the system as a chain and look for weak links. Exposures can come from people, hardware, and/or software. The personal computer or workstation is one of the weakest links in network security. Users upload and download data to and from the Internet, share public domain software, and share common peripherals, any of which can constitute a security threat. Physical security is concerned with denying physical access to the system, preventing the physical destruction of the system, and keeping the system available. Logical security is implemented by the system as it runs.
