Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorization, availability and non-repudiation.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorization, availability and non-repudiation.
Confidentiality
A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring
Integrity
A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.
Authentication
A measure designed to establish the validity of a transmission, message, or originator.
Allows a receiver to have confidence that information it receives originated from a specific known source.
Authorization
The process of determining that a requester is allowed to receive a service or perform an operation.
Access control is an example of authorization.
Availability
Assuring information and communications services will be ready for use when expected.
Information must be kept available to authorized persons when they need it.
Also authority to operate
Non-repudiation
A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.
A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring
Integrity
A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.
Authentication
A measure designed to establish the validity of a transmission, message, or originator.
Allows a receiver to have confidence that information it receives originated from a specific known source.
Authorization
The process of determining that a requester is allowed to receive a service or perform an operation.
Access control is an example of authorization.
Availability
Assuring information and communications services will be ready for use when expected.
Information must be kept available to authorized persons when they need it.
Also authority to operate
Non-repudiation
A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.
No comments:
Post a Comment