• Confidentiality: This term covers two related concepts:
    • Data1 confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.
    • Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed
  • Integrity: This term covers two related concepts:
    • Data integrity: Assures that information (both stored and is transmitted packets) and programs are changed only in a specified and authorized manner
    • System integrity: Assures that a system performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system
  • Availability: Assures that systems work promptly and service is not denied to authorized users

Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. A loss of confidentiality is the unauthorized disclosure of information

Integrity: Guarding against improper information modification or destruction, including ensuring information nonrepudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of information.

Availability: Ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system

Authenticity: The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. This means verifying that users are who they say they are and that each input arriving at the system came from a trusted source

Accountability: The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. Because truly secure systems are not yet an achievable goal, we must be able to trace a security breach to a responsible party. Systems must keep records of their activities to permit later forensic analysis to trace security breaches or to aid in transaction disputes.

Cryptography and Security_ide

 

 

Chapter 2

Cryptography and Security_sed_02

 

 Cryptography and Security_IT_03