What is COMPUter SECURITY (COMPUSEC)?
COMPUter SECURITY (COMPUSEC) is a military term used to refer to the security of computer system information. Today it can refer to either the military or the civilian community. COMPUSEC also relates to preventing unauthorized users from accessing a computer system.
The differences between Computer Security (COMSEC) and COMPUSEC are that COMSEC participates in data that is being transmitted and protects the data during transmission. COMPUSEC deals with the protection of data during processing or during storage.
One of the first standards developed for COMPUSEC was the DoD 5200.28-M, ADP Security Manual. This document contains certain basic computer system requirements, including:
Classified information labeling These are computers in subassemblies that store information that can only be accessed by those who have appropriate authorization levels.
Maintain an audit trail for everything related to security. This could include tracking people who have logged in or out of the system.
Checking permissions, e.g. B. whether a user can read or write. Only certain users are allowed to access the storage.
Using identifiers such as logins and passwords to authenticate computer users.
Although COMPUSEC started out as a series of guidelines to protect national assets, it is now more widespread. Further tools for COMPUSEC were later developed and contain CSC-STD-001-83, the Trusted Computer System evaluation criteria (TCSEC) or the Orange Book. The Orange Book used a tiered approach to assessing computer system requirements. It included security policy, accountability, safety, and documentation reviews.