Buy an essay on Confidentiality

) In the context of computer and network security, confidentiality has become a technical term with a meaning distinctly different from privacy. What is the difference?
Confidentiality in the context of computer and network security is understood as confidentiality of data, and is defined as “the property that data is not disclosed to system entities unless they have been authorized to know the data” or as “property that information is not made available or disclosed to unauthorized individuals, entities, or processes” (RFC4949, 2007). Thus, it is actually a property of an information system, where non-disclosure or availability of data is controlled. Concerning privacy, this is not a property of information system but a right of a person (or an entity, as it is defined in RFC). Thus, the main difference is that privacy is the right to determine which information could be accessed and by which entities, and confidentiality is the property of information systems in fact providing privacy maintenance.
1b) Integrity and authentication, as technical terms, denote different things. Explain.
Integrity, or data integrity, is defined as “the property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner” and “The property that information has not been modified or destroyed in an unauthorized manner” (RFC4949, 2007). Data integrity service, thus, is a service that provides data protection against accidental and unauthorized changes. Authorization, in its turn, is “the process of verifying a claim that a system entity or system resource has a certain attribute value”. Authentication is the basic process for data integrity service. Thus, authentication serves to maintain data identity.
1c) Name some malicious and some non-malicious ways that an ordinary PC user might experience the loss of availability. Which of these qualify as a security concern, and which do not?
Examples of malicious ways to get access to ordinary PC is the use of trojan software, exploits, the vulnerabilities of system and back doors in order to make the computer or the whole system not available. Attacks made via network or through Internet such as denial of services and distributed denial of services are also examples of malicious influence on an information system. The examples of non-malicious actions may be: accidental deleting of critical system files, system breaks due to electricity drops, disclosure of confidential information etc. However, all the issues that lead to system failure should be a security concern. According to RFC, “complete system security architecture includes administrative security, communication security, computer security, emanations security, personnel security, and physical security”.
2) Contrast the Panko chapter with the reading from Schneier. How similar are their inventories of attackers and attacks? Do their conclusions on the severity of dangers and other aspects of the threat environment tend to converge, or are there significant disagreements? Do the two readings supplement each other usefully, or are they so similar that either one makes the other superfluous?
In my opinion, the definitions and classification of attacks are more clearly outlined and classified in Schneier’s chapter. Schneier lists 3 classes of attacks basing on one classification feature, while Panko’s classification is not so easily understandable. Also, Panko’s approach is more technical and focuses on IT features, while Schneier tries to go deeper into the meaning and essence of the act of attack. Also, Panko focuses more on consequences of attacks, and Schneier’s view focuses on consequences and legal applications. In my opinion, Schneier’ envisions more severity and dangers in the developing information systems than Panko does. In general, though there are similar issues in both readings, the supplement each other because they are written using different approaches and different points of view.
3) Identify three term project topics that could be of interest to you.
3.1. Analysis of payment security systems
It could be interesting to study existing systems of payment, and their protection. This is a developing field, and systems of protection here seem to be one of the strongest; thus, it can be a very useful and factual analysis.
3.2. Intellectual property
Evolution of intellectual property protection, its past, future and current issues are another burning problem. It could be very informative to study this questions: learn current lawsuits, changes in laws and legal actions. I believe there are going to be significant changes in this area in near future.
3.3. Study of protection against web attacks
Currently the types and evolution of web attacks has significantly grown. A review of existing methods which help to protect from these attacks (software, hardware, policies etc.) will be useful both from theoretical and practical point of view.

 
Reference
Panko, Raymond R. (2009). Corporate computer and network security. Pearson.
Schneier, Bruce. (2000). Secrets and lies: digital security in a networked world. John Wiley.
RFC4949. (2007). Available from