COMPUter SECurity (COMPUSEC)
Definition - What does COMPUter SECurity (COMPUSEC) mean?
Techopedia explains COMPUter SECurity (COMPUSEC)
The differences between computer security (COMSEC) and COMPUSEC is that COMSEC is involved with data that is being transmitted and protecting the data while being transmitted. COMPUSEC concerns itself with protecting data during the act of processing or while being stored.One of the first devised standards for COMPUSEC was the DoD 5200.28-M, ADP Security Manual. This document contains certain essential computer system requirements, including:
- Labeling of any classified information. This involves compartmented computers - those holding information only accessible by individuals holding appropriate clearance levels.
- Keeping an audit trail of anything related to security. This could include keeping track of anyone who logged into or out of the system.
- Verifying privileges, such as whether a user can read or write. Letting only certain users have access to the memory.
- Utilizing identification, such as logins and passwords, to authenticate computer users.
Though COMPUSEC started out as a set of guidelines for protecting national assets, it now is more widespread. Later, other tools for COMPUSEC were developed and included CSC-STD-001-83, the Trusted Computer System Evaluation Criteria (TCSEC) or the Orange Book. The Orange Book took a layered approach to rating computer system requirements. It included ratings on security policy, accountability, assurance and documentation.