Definitions
General
Security
“ | is the combination of systems, applications, and internal controls used to safeguard the integrity, authenticity, and confidentiality of data and operating processes.[1] | ” |
“ | relates to the capability to control access to information and system resources so that they cannot be used or altered by those lacking proper credentials.[2] | ” |
“ | refers to the range of administrative, technical, and physical mechanisms that aim to preserve privacy and confidentiality by restricting information access to authorized users for authorized purposes.[3] | ” |
“ | [is] a collection of safeguards that ensure the confidentiality of information, protect the integrity of information, ensure the availability of information, account for use of the system, and protect the system(s) and/or network(s) used to process the information. Security is intended to ensure that a system resists attacks and tolerates failures.[4] | ” |
“ | [is a] condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protection measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise's risk management approach.[5] | ” |
Software
Security refers to
“ | [a]ttributes of software that bear on its ability to prevent unauthorized access, whether accidental or deliberate, to programs or data.[6] | ” |
System security
Security is
“ | a system property. Security is much more that a set of functions and mechanisms. Information technology security is a system characteristic as well as a set of mechanisms which span the system both logically and physically.[7] | ” |
Overview
Proper security relies on the development and implementation of adequate security policies and security measures for processes within an entity, and for communication between that entity and external parties. Security policies and measures can limit the risk of external and internal attacks, as well as the reputational risk arising from security breaches.
Security encompasses data security, computer and network security, physical security, and procedural controls. All of these must be deployed to protect personal information from a wide range of threats. Measures that enhance security also enhance privacy; however, while these two concepts are complementary, they are not the same. Simply focusing on security alone does not ensure privacy, even though it is an essential component of protecting privacy. One may securely transmit personal or credit card information to a company, but information about who within or outside the company has access to the information is generally unknown. Although privacy breaches directly affect individuals, they can also affect the organizations for which the affected individuals work.
“ | Concern for privacy arises in connection with the security of computer systems in two disparate ways:
The first need supports privacy; the institution of policies and mechanisms for confidentiality should strengthen it. The second, however, is a case in which need is not aligned with privacy; strong auditing or surveillance measures may well infringe on the privacy of those whose actions are observed. It is important to understand both aspects of privacy.[8] |
” |
References
- ↑ Electronic Money: Consumer Protection, Law Enforcement, Supervisory and Cross Border Issues, at 12.
- ↑ Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers, at 128.
- ↑ Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
- ↑ Who Goes There?: Authentication Through the Lens of Privacy, at 21.
- ↑ NIST Special Publication 800-160, at B-9.
- ↑ ISO/IEC Standard 9126 (1991), revised by ISO/IEC 25010:2011.
- ↑ NIST Special Publication 800-33, at 22.
- ↑ Computers at Risk: Safe Computing in the Information Age, at 66.
See also
- Adequate security
- Administrative security
- Application security
- Baseline security
- Baseline security requirement
- Communications security
- Computer security
- Cybersecurity
- Data security
- Economic security
- Electronic security
- Electronics security
- Emission security
- Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
- Industrial security
- Information security
- Infrastructure security
- Layered security
- Managed security service
- Multilevel secure system
- Multilevel security
- National security
- Network security
- Open security
- Operational security
- Perimeter security
- Personnel security
- Physical security
- Reasonable security
- Secure
- Secure Dial-in
- Secure disposal
- Secure gateway
- Secure token
- Security administrator
- Security assessment
- Security assurance
- Security audit
- Security authorization
- Security automation
- Security breach
- Security category
- Security certification
- Security clearance
- Security controls
- Security countermeasures
- Security domain
- Security engineering
- Security evaluation
- Security event
- Security filter
- Security flaw
- Security functionality
- Security hole
- Security inspection
- Security log
- Security management
- Security measures
- Security metrics
- Security objective
- Security password
- Security patch
- Security plan
- Security policy
- Security procedures
- Security process
- Security program
- Security protocol
- Security requirements
- Security services
- Security software
- Security specification
- Security strength
- Security system
- Security test and evaluation
- Security testing
- Security update
- Security violation
- Security Zone
- Signals security
- Software security
- Teleprocessing security
- Transmission security
- Wireless security