One dictionary defines ``security'' as `` The state of being secure'' [McL87]. The same dictionary has several meanings for the word ``secure''. Most pertinent among them are:
1. Free from danger, damage, etcApplied to an individual, these definitions are intuitive and easy to apply. However, when we try to apply them to something more abstract, like an organization, it is not evident how these definitions should be interpreted. If we look more closely, it is clear that in essence what is expressed is an underlying idea of protection from harm. Adopting this view, ``having security'' within the context of an organization comes to mean ``having an organization protected from harm''.
2. Free from fear, care, etc
3. In safe custody
4. Not likely to fail.
It is against this background that in this chapter we give an introduction to how the concept of security applies to organizations in general and to computer systems in an organization in particular. The chapter has three sections. First we introduce the security process as the chain of events and actions that can bring security to an organization. We then go on to introduce the concept of computer security and discuss the complications that can arise when computing and applications become distributed over a network. To show how some of these problems can be solved, the last section introduces some commonly used building blocks that can be used to construct secure systems.
The purpose of this chapter is to introduce the basic ideas and concepts upon which the following chapters are based. For the interested reader, chapter 6 gives a more detailed introduction to computer security.