Computer security has been, is, and will continue to be a hot topic for discussion. Newspapers frequently chronicle computer security breaches and estimates of lost revenue. Bookstores carry books that describe how to secure your home and work computers against would-be intruders. Television news features depict high-profile computer security incidents and show interviews with computer system owners and sometimes even those who broke in. We're being barraged by computer security information that includes recommendations about software that we should install and other steps we should take to secure our home and office computer systems.

But when all is said and done, do we really know the problem we're trying to solve? That is, do we really know the goal of computer security?

Simply stated, the goal of computer security is this: keep your computer-based possessions-your computer system (CPU cycles, memory, disk space, and Internet connectivity and speed), the software you've purchased, and the files and folders you've created-yours unless and until you explicitly give them to others. As you'll soon see, most mitigation strategies discussed in those books and self-help articles on the Internet are ultimately aimed at keeping what belongs to you yours.

And this concept isn't new. It's what you've been doing for years with most all of your other possessions. For example, the doors on your house have locks and you use them. So do the windows and so does your car, and you use them too. You don't give the keys to anyone who asks for them without a really good reason, or perhaps never at all. You don't leave your CD player and your CDs out for all to use and perhaps take. You don't store your financial or your personal medical records on your front porch.

Why then are we so willing to give up our computer possessions to anyone who wants to take them?

Back in the days before the Internet became popular and affordable, we could treat our personal computer possessions much like anything else we owned. The computer was in a room in our house and we locked our doors. The intruder who wanted access had to come to the house, break in, and take what they wanted.

We knew how to deal with that situation. We had locks and deadbolts on our doors and security systems to notify the police when someone tried to break in. Yes, there were break-ins and yes, computer assets were stolen. But the incidents were few and the signs of a break in were well understood by law enforcement. Just watch CSI or any other television programs of that genre to see how well-understood they really are.

These days, with widespread and inexpensive access to the Internet, the only thing that's changed is that intruders can literally be anywhere in the world and still gain access to your computer possessions. They don't need to be where your computer is. It's like giving your credit card to the waiter or waitress at a restaurant to pay your bill and discovering that the whole world is waiting in the kitchen, prepared to make a copy of the information on your card.

And unfortunately those computer assets are not protected like your house. That is, they don't always come with locks, and those that do can sometimes be too easily "picked" by an intruder. In fact, in many cases, though the number is getting smaller, your computer assets are shared automatically to anyone who comes knocking, and you have to do something to lock them. One of the challenges of using a computer is and will continue to be finding the locks that keep intruders out and making sure they work correctly and appropriately.

Another challenge, which may be even more significant, is keeping these locks working correctly. Again, we know how to deal with this type of situation. For example, if your house needs to be painted, you'd paint it after first scraping off what's loose and doing any other necessary preparatory steps. But you know that paint job won't last forever. In a few years, you'll need to do it all again. You accept this as part of the responsibility of home ownership.

With your home and office computer system, it's the same thing. You first install a piece of software, a firewall, for example, as described in Task 4 below, and then you tune it to match your Internet usage patterns. Over time, your patterns may change, as may the programs you use to access the Internet. You'll need to tune the firewall program again. Unfortunately too many home computer system owners and users get frustrated by the attention that some software requires. Rather than mastering it, they remove it. They don't accept this as part of their responsibility of home computer ownership.

Let's now return to this goal of home computer security-keeping what belongs to you yours-and look at one set of recommendations to see how they support this goal. The recommendations are taken from the Home Computer Security Guide, which is available from http://www.cert.org/homeusers/HomeComputerSecurity.

Task 1 - Install and Use an Anti-Virus Program
A virus is a program that runs on your computer system without your permission. This means that when the virus runs, somebody else is using your computer possessions. A virus may also be destroying your files or disclosing them to others who aren't otherwise allowed to see them. An anti-virus program attempts to stop this from happening.

Task 2 - Keep Your System Patched
Programs that need to be patched are weak spots through which intruders can more easily gain access to your computer possessions. Patching attempts to eliminate this kind of access. To protect your possessions, you need to keep all of the software you've purchased patched with all of the patches provided by the vendors who write that software. Each vendor will tell you where to find and how to patch the software you've purchased from them.

Task 3 - Use Care When Reading Email with Attachments
Email attachments that you weren't expecting are usually viruses, so the comments from Task 1 also apply here. Whether they are viruses or not, they are most often programs that run on your computer system without your permission. By using care, you are attempting to stop running unwanted programs on your computer system.

Task 4 - Install and Use a Firewall Program
A firewall program attempts to keep outside access out and limits inside access to outside resources. That is, it works like your locked front door that keeps unwanted people out and your toddler in. If intruders can't get to your computer resources, they can't use them for their purposes.

Task 5 - Make Backups of Important Files and Folders
If a file or folder is destroyed by accident, by an intruder, or in some other way, then a backup provides another copy. You are keeping what is yours yours by having more than one copy.

Task 6 - Use Strong Passwords
These days, most computer resource access uses a login and a password. Selecting a strong password makes it harder for intruders to access your computer resources, because those passwords are harder to guess.

Task 7 - Use Care When Downloading and Installing Programs
The Internet is a powerful resource for finding and using the work of others to enhance your computing resources. Programs are one example. However, not all programs on the Internet are what they say they are. Some programs are viruses like those described in Task 1, while others are like the email attachments described in Task 3. By taking care before downloading and installing these programs, you are trying to improve the chances that these programs are what they say they are, will do to your computer resources what you want them to do, and will do nothing more.

Task 8 - Install and Use a Hardware Firewall
A hardware firewall does the same job as the firewall program described in Task 4. It provides another layer that keeps unwanted outside access out and limits inside access to outside resources. A hardware firewall sits between your Internet connection (a cable or DSL modem) and the computer systems in your house or office. These days, a hardware firewall often comes bundled with that Internet connection hardware. Just like an airplane with two engines, where if one fails you can still fly, the combination of a hardware and software firewall give your home and office computer systems two layers of defense against intruders.

Task 9 - Install and Use a File Encryption Program and Access Controls
Access controls are attributes of files and folders that limit access to only those who should have access. As a failsafe, encryption scrambles file contents so that only those who have access to a file and know the decryption keys can see a file's contents.

The intent of these tasks is to keep what belongs to you yours and deny access to all others. It doesn't matter whether an intruder tries to gain access by sending you a virus as an email attachment, exploiting a program that hasn't yet been patched, or accessing your system in a way that a firewall would normally prevent. They're all examples of the same fundamental concept: someone is trying to access your computer resources and you don't want them to have that access.