SECURITY PRINCIPLES Flashcards
Confidentiality
Confidentiality relates to permitting authorized access to information, while at the same time protecting information from improper disclosure.
Integrity
Integrity is the property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.
Availability
Availability means that systems and data are accessible at the time users need them.
Confidentiality-related terms (3)
-Personally Identifiable Information (PII)
-Protected health information (PHI)
-Classified or sensitive information
Sensitivity
sensitivity is a measure of the importance assigned to information by its owner, or the purpose of denoting its need for protection.
The concept of integrity applies to:
-information or data
-systems and processes for business operations
-organizations
-people and their actions
Data Integrity
Data integrity is the assurance that data has not been altered in an unauthorized manner. This to ensure that it is free from improper modification, errors or loss of information and is recorded, used and maintained in a way that ensures its completeness.
Data integrity covers data in storage, during processing and while in transit.
System integrity
System integrity refers to the maintenance of a known good configuration and expected operational function as the system processes the information. Ensuring integrity begins with an awareness of state, which is the current condition of the system.
Authentication
Authentication is a process to prove the identity of the requestor.
There are three common methods of authentication:
-Something you know/(Knowledge-Based): Passwords or paraphrases
-Something you have/(Token Based): Tokens, memory cards, smart cards
-Something you are/(Characteristic Based): Biometrics , measurable characteristics
Authorization
The right or permission that is granted to a system entity to access a system resource
Integrity
The property that the data has not been altered in an unauthorized manner
Confidentiality
The characteristic of data or information when it’s not made available or disclosed to unauthorized persons
Privacy
The right of an individual to control the distribution of information about themselves
Availability
Ensuring timely and reliable access to and use of information by authorized users
Non-repudiation
The inability to deny taking an action, such as sending an email message
