Abstract

The objective of this thesis is to review the need for information system security, evaluate the technical solutions commonly used today, make recommendations on where extra research is needed, and to overview the technologies, algorithms, standards, and security policies used in providing computer and communications security. The information-security issue is equally important to the users of the Internet (e.g., businesses engaged in e-commerce) and to users of stand-alone ("air-gapped") systems. The problems that these two groups of users face are both different and have a different scale. However, there is no question that the urgent security problems are driven by the increasing demand for all-to-all connectivity; security is a top issue primarily because of the Net. Internet security is the most urgent and the most challenging field in computer security. Moreover, cyber security involves issues that go beyond technological solutions, algorithms and hardware. Often ignored or not stressed enough are user education and prudent engineering. Today, we are more alert about security, but still lack a complete understanding of what it means, bow far it should go and bow to accomplish it. Nevertheless, people are starting to feel that they should accept it, or at least try to understand it. Many users have an impression that they ought to know more about computer security, but few make the effort to learn about it. This thesis explains why the user has to be educated about security, what are different security levels, trusted systems, encryption, mandatory access control, and legislation. It helps the readers to understand the basics of computer security that will persuade them to practice safe computing