m (→See also) Tag: Source edit |
|||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 3: | Line 3: | ||
=== General === |
=== General === |
||
| − | '''Security''' |
+ | '''Security''' |
{{Quote|is the combination of [[system]]s, [[application]]s, and [[internal control]]s used to [[safeguard]] the [[integrity]], [[authenticity]], and [[confidentiality]] of [[data]] and operating processes.<ref>[[Electronic Money: Consumer Protection, Law Enforcement, Supervisory and Cross Border Issues]], at 12.</ref>}} |
{{Quote|is the combination of [[system]]s, [[application]]s, and [[internal control]]s used to [[safeguard]] the [[integrity]], [[authenticity]], and [[confidentiality]] of [[data]] and operating processes.<ref>[[Electronic Money: Consumer Protection, Law Enforcement, Supervisory and Cross Border Issues]], at 12.</ref>}} |
||
| Line 11: | Line 11: | ||
{{Quote|refers to the range of administrative, technical, and physical mechanisms that aim to preserve [[privacy]] and [[confidentiality]] by restricting [[information access]] to [[authorized user]]s for [[authorized]] purposes.<ref>[[Privacy and Civil Liberties Policy Development Guide and Implementation Templates]], App. E, Glossary.</ref>}} |
{{Quote|refers to the range of administrative, technical, and physical mechanisms that aim to preserve [[privacy]] and [[confidentiality]] by restricting [[information access]] to [[authorized user]]s for [[authorized]] purposes.<ref>[[Privacy and Civil Liberties Policy Development Guide and Implementation Templates]], App. E, Glossary.</ref>}} |
||
| + | {{Quote|[is] a collection of [[safeguard]]s that ensure the [[confidentiality]] of [[information]], protect the [[integrity]] of [[information]], ensure the [[availability]] of [[information]], account for use of the [[system]], and protect the [[system]](s) and/or [[network]](s) used to [[process]] the [[information]]. Security is intended to ensure that a [[system]] resists attacks and tolerates failures.<ref>[[Who Goes There?: Authentication Through the Lens of Privacy]], at 21.</ref>}} |
||
| − | [[File:Reconceptualizing Security (Bruce Schneier - TEDxPSU 10 21 2010)|thumb|right|335 px]] |
||
| + | |||
| + | {{Quote|[is a] condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite [[risk]]s posed by [[threat]]s to its use of [[information system]]s. Protection measures may involve a combination of [[deterrence]], [[avoidance]], [[prevention]], [[detection]], recovery, and correction that should form part of the enterprise's [[risk management]] approach.<ref>[[NIST Special Publication 800-160]], at B-9.</ref>}} |
||
=== Software === |
=== Software === |
||
| Line 23: | Line 25: | ||
'''Security''' is |
'''Security''' is |
||
| − | {{Quote|a system property. Security is much more that a set of functions and mechanisms. [[Information technology]] security is a [[system]] characteristic as well as a set of mechanisms which span the [[system]] both logically and physically.<ref>[[NIST Special Publication 800-33]], at 22.</ref>}} |
+ | {{Quote|a [[system]] property. Security is much more that a set of functions and mechanisms. [[Information technology]] security is a [[system]] characteristic as well as a set of mechanisms which span the [[system]] both logically and physically.<ref>[[NIST Special Publication 800-33]], at 22.</ref>}} |
== Overview == |
== Overview == |
||
| Line 30: | Line 32: | ||
Security encompasses [[data security]], [[computer security|computer]] and [[network security]], [[physical security]], and [[procedural control]]s. All of these must be deployed to protect [[personal information]] from a wide range of [[threat]]s. Measures that enhance security also enhance [[privacy]]; however, while these two concepts are complementary, they are not the same. Simply focusing on security alone does not ensure [[privacy]], even though it is an essential component of protecting privacy. One may securely [[transmit]] personal or credit card information to a company, but [[information]] about who within or outside the company has [[access]] to the [[information]] is generally unknown. Although [[privacy breach]]es directly affect individuals, they can also affect the organizations for which the affected individuals work. |
Security encompasses [[data security]], [[computer security|computer]] and [[network security]], [[physical security]], and [[procedural control]]s. All of these must be deployed to protect [[personal information]] from a wide range of [[threat]]s. Measures that enhance security also enhance [[privacy]]; however, while these two concepts are complementary, they are not the same. Simply focusing on security alone does not ensure [[privacy]], even though it is an essential component of protecting privacy. One may securely [[transmit]] personal or credit card information to a company, but [[information]] about who within or outside the company has [[access]] to the [[information]] is generally unknown. Although [[privacy breach]]es directly affect individuals, they can also affect the organizations for which the affected individuals work. |
||
| + | |||
| + | {{Quote|Concern for [[privacy]] arises in connection with the security of [[computer system]]s in two disparate ways: |
||
| + | * the need to protect [[personal information]] about people that is kept in [[computer system]]s; and |
||
| + | * the need to ensure that [[employee]]s of an organization are complying with the organization's [[policies]] and [[procedure]]s. |
||
| + | |||
| + | The first need supports [[privacy]]; the institution of [[policies]] and mechanisms for [[confidentiality]] should strengthen it. The second, however, is a case in which need is not aligned with [[privacy]]; strong [[auditing]] or [[surveillance]] measures may well infringe on the [[privacy]] of those whose actions are observed. It is important to understand both aspects of [[privacy]].<ref>[[Computers at Risk: Safe Computing in the Information Age]], at 66.</ref>}} |
||
== References == |
== References == |
||
| Line 36: | Line 44: | ||
== See also == |
== See also == |
||
| − | <div style="column-count |
+ | <div style="{{column-count|4}}"> |
* [[Adequate security]] |
* [[Adequate security]] |
||
| Line 66: | Line 74: | ||
* [[Personnel security]] |
* [[Personnel security]] |
||
* [[Physical security]] |
* [[Physical security]] |
||
| + | * [[Reasonable security]] |
||
* [[Secure]] |
* [[Secure]] |
||
* [[Secure Dial-in]] |
* [[Secure Dial-in]] |
||
Latest revision as of 01:31, 18 November 2021
Definitions
General
Security
| “ | is the combination of systems, applications, and internal controls used to safeguard the integrity, authenticity, and confidentiality of data and operating processes.[1] | ” |
| “ | relates to the capability to control access to information and system resources so that they cannot be used or altered by those lacking proper credentials.[2] | ” |
| “ | refers to the range of administrative, technical, and physical mechanisms that aim to preserve privacy and confidentiality by restricting information access to authorized users for authorized purposes.[3] | ” |
| “ | [is] a collection of safeguards that ensure the confidentiality of information, protect the integrity of information, ensure the availability of information, account for use of the system, and protect the system(s) and/or network(s) used to process the information. Security is intended to ensure that a system resists attacks and tolerates failures.[4] | ” |
| “ | [is a] condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protection measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise's risk management approach.[5] | ” |
Software
Security refers to
| “ | [a]ttributes of software that bear on its ability to prevent unauthorized access, whether accidental or deliberate, to programs or data.[6] | ” |
System security
Security is
| “ | a system property. Security is much more that a set of functions and mechanisms. Information technology security is a system characteristic as well as a set of mechanisms which span the system both logically and physically.[7] | ” |
Overview
Proper security relies on the development and implementation of adequate security policies and security measures for processes within an entity, and for communication between that entity and external parties. Security policies and measures can limit the risk of external and internal attacks, as well as the reputational risk arising from security breaches.
Security encompasses data security, computer and network security, physical security, and procedural controls. All of these must be deployed to protect personal information from a wide range of threats. Measures that enhance security also enhance privacy; however, while these two concepts are complementary, they are not the same. Simply focusing on security alone does not ensure privacy, even though it is an essential component of protecting privacy. One may securely transmit personal or credit card information to a company, but information about who within or outside the company has access to the information is generally unknown. Although privacy breaches directly affect individuals, they can also affect the organizations for which the affected individuals work.
| “ | Concern for privacy arises in connection with the security of computer systems in two disparate ways:
The first need supports privacy; the institution of policies and mechanisms for confidentiality should strengthen it. The second, however, is a case in which need is not aligned with privacy; strong auditing or surveillance measures may well infringe on the privacy of those whose actions are observed. It is important to understand both aspects of privacy.[8] |
” |
References
- ↑ Electronic Money: Consumer Protection, Law Enforcement, Supervisory and Cross Border Issues, at 12.
- ↑ Embedded, Everywhere: A Research Agenda for Networked Systems of Embedded Computers, at 128.
- ↑ Privacy and Civil Liberties Policy Development Guide and Implementation Templates, App. E, Glossary.
- ↑ Who Goes There?: Authentication Through the Lens of Privacy, at 21.
- ↑ NIST Special Publication 800-160, at B-9.
- ↑ ISO/IEC Standard 9126 (1991), revised by ISO/IEC 25010:2011.
- ↑ NIST Special Publication 800-33, at 22.
- ↑ Computers at Risk: Safe Computing in the Information Age, at 66.
See also
- Adequate security
- Administrative security
- Application security
- Baseline security
- Baseline security requirement
- Communications security
- Computer security
- Cybersecurity
- Data security
- Economic security
- Electronic security
- Electronics security
- Emission security
- Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
- Industrial security
- Information security
- Infrastructure security
- Layered security
- Managed security service
- Multilevel secure system
- Multilevel security
- National security
- Network security
- Open security
- Operational security
- Perimeter security
- Personnel security
- Physical security
- Reasonable security
- Secure
- Secure Dial-in
- Secure disposal
- Secure gateway
- Secure token
- Security administrator
- Security assessment
- Security assurance
- Security audit
- Security authorization
- Security automation
- Security breach
- Security category
- Security certification
- Security clearance
- Security controls
- Security countermeasures
- Security domain
- Security engineering
- Security evaluation
- Security event
- Security filter
- Security flaw
- Security functionality
- Security hole
- Security inspection
- Security log
- Security management
- Security measures
- Security metrics
- Security objective
- Security password
- Security patch
- Security plan
- Security policy
- Security procedures
- Security process
- Security program
- Security protocol
- Security requirements
- Security services
- Security software
- Security specification
- Security strength
- Security system
- Security test and evaluation
- Security testing
- Security update
- Security violation
- Security Zone
- Signals security
- Software security
- Teleprocessing security
- Transmission security
- Wireless security