Information Security

Eight fundamental concepts in security: - Identification (user ID, application ID, or system ID. IDs are used to indicate to a system who or what is trying to gain access) - Authentication (validate the claimed identity of a user or resource) - Authorization (determine if an entity is permitted access to a particular resource) - Confidentiality (ensure that only authorized parties have access to sensitive data. Privacy is a concept related to personal information, whereas confidentiality is a mechanism or a goal) - Integrity (verification that data has not been garbled, modified, or lost inadvertently, system has not been tampered with) - Availability (DDOS, performance) - Non-Repudiation (legally admissible proof that a transaction occurred, such that neither participant in a transaction can later deny having participated) - Accountability (processes and technologies necessary to track system usage, identify inappropriate actions, and address the problem)