Information Security

Eight fundamental concepts in security:
– Identification (user ID, application ID, or system ID. IDs are used to indicate to a system who or what is trying to gain access)
– Authentication (validate the claimed identity of a user or resource)
– Authorization (determine if an entity is permitted access to a particular resource)
– Confidentiality (ensure that only authorized parties have access to sensitive data. Privacy is a concept related to personal information, whereas confidentiality is a mechanism or a goal)
– Integrity (verification that data has not been garbled, modified, or lost inadvertently, system has not been tampered with)
– Availability (DDOS, performance)
– Non-Repudiation (legally admissible proof that a transaction occurred, such that neither participant in a transaction can later deny having participated)
– Accountability (processes and technologies necessary to track system usage, identify inappropriate actions, and address the problem)