Open Framework, Information Management Strategy & Collaborative Governance | Data & Social Methodology - MIKE2.0 Methodology
Wiki Home
Collapse Expand Close

Members
Collapse Expand Close

To join, please contact us.

Improve MIKE 2.0
Collapse Expand Close
Need somewhere to start? How about the most wanted pages; or the pages we know need more work; or even the stub that somebody else has started, but hasn't been able to finish. Or create a ticket for any issues you have found.

Information Security Deliverable Template

From MIKE2.0 Methodology

Share/Save/Bookmark
Jump to: navigation, search

SECURITY DEFINITIONS

Authentication

Verifying that the identity of an entity is exactly what the entity (e.g., a user) claims it to be. Authentication can be done via the use of user ID and passwords, security tokens, smart cards or biometrics such as a fingerprint or iris scan. In general, authentication is said to be stronger when a user seeking access can provide at least two of the following three items: something you know, something you have, something you are.

Entitlements

Determining what information and computing resources the identified party is allowed to access. Entitlements are enforced through an authorization mechanism that automatically enforces a management policy regarding the use of the resource. This policy could be role-based, rules-based or a combination of the two. Clearly, authorization is driven by and depends on reliable authentication.

Confidentiality

Defining the rules and processes that can protect certain information from unauthorized use. Often, confidentiality is enabled through encryption. Confidentiality is stronger if the organization also implements access controls based on authentication, authorization and entitlements.

Integrity

Ensuring that data in a file or a message traversing the network remains unchanged or that any data received matches exactly what was sent. Data integrity deals with the prevention of accidental or malicious changes to data or message content.

Auditing and Accountability

Collecting and analyzing data so administrators and others, such as information technology auditors, can verify that authentication and authorization rules are producing the intended results. Individual accountability for attempts to violate the intended policy depends on monitoring relevant security events, which should be stored securely and time-stamped using a trusted time source in a reliable log of events, also known as an audit trail or a chain of evidence archive. This audit log can be analyzed to detect attempted or successful security violations. The monitoring process can be implemented as a continuous automatic function, as a periodic check or as an occasional verification that proper procedures are being followed. The audit trail may be used by security administrators, internal audit personnel, external auditors and government regulatory officials, as well as in legal proceedings.

Wiki Contributors
Collapse Expand Close