1
00:00:01,140 --> 00:00:08,040
Welcome back here we'll cover the question What is security and what security solutions often prove

2
00:00:08,130 --> 00:00:09,190
ineffective.

3
00:00:11,090 --> 00:00:16,700
Here we will examine more formal methods for computer security.

4
00:00:16,740 --> 00:00:18,380
Let us start with the basics.

5
00:00:19,430 --> 00:00:24,090
That is from some classic definitions.

6
00:00:24,140 --> 00:00:27,540
The first comes from Cambridge Dictionary of English and states.

7
00:00:29,810 --> 00:00:37,810
Security is an ability to avoid damage resulting from any kind of risk danger or threats.

8
00:00:37,820 --> 00:00:41,500
Please note that this definition is very general and quite restrictive.

9
00:00:43,910 --> 00:00:46,530
We must avoid damage.

10
00:00:46,600 --> 00:00:51,730
Thus the definition suggests that you could avoid any kind of damage and that your system would be completely

11
00:00:51,730 --> 00:00:52,590
secure.

12
00:00:54,550 --> 00:01:03,280
On the other hand security standards such as ISO IEC 2 7 0 0 2 defined security as a preservation of

13
00:01:03,280 --> 00:01:11,290
confidentiality integrity and the availability of information.

14
00:01:11,290 --> 00:01:19,280
However both definitions share the same full they are based on too optimistic of an assumption.

15
00:01:19,330 --> 00:01:26,980
They require people who are responsible for computer security like you and I to do something impossible.

16
00:01:28,830 --> 00:01:30,960
They require us to avoid any damage

17
00:01:34,790 --> 00:01:36,320
in the previous lectures.

18
00:01:36,620 --> 00:01:43,070
We discuss the service level agreement and we mentioned that the recovery time objective is defined

19
00:01:43,070 --> 00:01:49,510
as a percentage but it can never be 100 percent.

20
00:01:49,540 --> 00:01:51,870
Security is similar.

21
00:01:51,940 --> 00:01:59,800
It would be unrealistic to assume that complete security can be achieved speaking more realistically.

22
00:01:59,890 --> 00:02:06,130
There are only different levels of computer system protection.

23
00:02:06,230 --> 00:02:12,400
With that in mind let's try to rephrase our definition of security.

24
00:02:12,440 --> 00:02:19,060
However we have to remember that system security must not interfere with system functionality.

25
00:02:19,160 --> 00:02:28,520
That is to say you cannot implement security solutions at the expense of functionality.

26
00:02:28,540 --> 00:02:34,270
Granted it would be relatively easy to design a highly secure but very impractical system.

27
00:02:37,150 --> 00:02:44,430
For example a system with no graphic interface that would require a user to confirm their identity every

28
00:02:44,430 --> 00:02:50,680
15 minutes by providing a 64 character password would be very secure.

29
00:02:50,970 --> 00:02:55,340
But as functionality would be greatly limited.

30
00:02:55,430 --> 00:03:02,420
Besides I assure you that if security interferes with functionality users will find a way to bypass

31
00:03:02,420 --> 00:03:02,760
it.

32
00:03:04,120 --> 00:03:11,220
Users always prefer solutions that are more comfortable and effective security policy must not provoke

33
00:03:11,220 --> 00:03:12,330
them to ignore it.

34
00:03:13,890 --> 00:03:22,580
Security should not be pitted against functionality keeping that in mind let us try to redefine security

35
00:03:22,580 --> 00:03:23,530
once more.

36
00:03:26,560 --> 00:03:35,760
The goal of security is to be able to avoid too much damage by assessing risk dangers or threats.

37
00:03:35,810 --> 00:03:42,480
It may not sound that optimistic but it is certainly more realistic.

38
00:03:42,680 --> 00:03:48,210
Therefore we will consider how to assess risk and potential damage by means of threat classification.