Introduction to Security

The primary goals of security are to ensure:

  • Data confidentiality. Only authorised individuals should be able to view data.
  • Data integrity. All authorised users should feel confident that the data presented to them is accurate and not improperly modified.
  • Data availability. Authorised users should be able to access the data they need, when they need it.

Security can be broken up into six requirements, or tenets. All of the tenets are equally important for ensuring the confidentiality, integrity, and availability of data. The tenets are listed as follows:

  • Identification. Identification is concerned with user names and how users identify themselves to a computer system.
  • Authentication. Authentication is concerned with passwords, smart cards, biometrics, and so forth. Authentication is how users prove to the system that they are who they claim to be.
  • Access control (also called authorisation). Access control is concerned with access and privileges granted to users so that they may perform certain functions on a computer system.
  • Confidentiality. Confidentiality is concerned with encryption. Confidentiality mechanisms ensure that only authorised people can see data stored on or travelling across the network.
  • Integrity. Integrity is concerned with checksums and digital signatures. Integrity mechanisms ensure that data is not garbled, lost, or changed when travelling across the network.
  • Nonrepudiation. Nonrepudiation is concerned with digital signatures. It is a means of providing proof of data transmission or receipt, such that occurrence of a transaction cannot later be denied.

Another very important aspect of security is auditing. Audit logs may give the only indication that a security breach has occurred. Or, if the breach is discovered some other way, proper audit settings generate an audit log that can help administrators pinpoint the location and the perpetrator of the breach.

Relationship to Other Processes

Security administration can impact an entire information system and many other processes as well.

Relationship to other System Management Functions

 

Read more information on Systems Management Functions

 Printable Version

News
Virus and Security News
Atlantech recommends CounterSpy
eWeek says ""CounterSpy is the most affordable and richly featured product we reviewed... Sunbelt's CounterSpy Enterprise provides the best mix of management, reporting and cleaning capabilities we've seen, at the most affordable price. With its CounterSpy Enterprise solution, Sunbelt exhibits its experience in designing enterprise-class software. CounterSpy Enterprise has the best reporting tools we've seen by far, offering a wide array of high-level and heavily detailed reports that can be organized by date ranges."
Consulting >>
Introduction to Security
An information system with a weak security foundation will eventually experience a security breach. Examples of security breaches include data loss, data disclosure, loss of system availability, corruption of data, and so forth. Depending on the information system and the severity of the breach, the results could vary from embarrassment, to loss of revenue, to loss of life.
Consulting >>
More Internet Bank Account Fraud!
Fraudsters have developed phishing emails capable of automatically stealing bank log-in details
Consulting >>
IE cross-zone privilege escalation vulnerability
Active exploitation of a cross-zone privilege escalation vulnerability in Internet Explorer has been observed.
Consulting >>
Not-so-witty Worm Destroys System Data Through BlackIce Firewalls
A fast-spreading worm got loose on the Internet Saturday, crawled through a vulnerability in Internet Security Systems' BlackIce firewall, has infected between 10,000 and 50,000 systems worldwide, and can trash infected hard drives.
Support and Maintenance >>
2004 worms (well 4 anyway!)
Virus generates massive support traffic to helpdesks - confusion abounds....
Support and Maintenance >>
Apple Mac OS X vulnerability
Apple MacOS X DHCP Response Root Compromise
Consulting >>
Breaking into Microsoft - "Tougher than you think!"
Microsoft repels 2500 to 3000 electronic attacks every day--or almost 100,000 a month.
Consulting >>
Worm Alert
Don't be caught by the new "Credit Card Worm Scam"!
Support and Maintenance >>
© Copyright Atlantech 2003. Powered by Cooperate's Content Management Server and the .Net Framework.