from
The Free On-line Dictionary of Computing (8 July 2008)
security
computer security
<security> Protection against unauthorized access to, or
alteration of, information and system resources including
{CPUs}, {storage devices} and programs.
Security includes:
* {confidentiality} - preventing unauthorized access;
{integrity} - preventing or detecting unauthorized
modification of information.
* {authentication} - determining whether a user is who they
claim to be.
* {access control} - ensuring that users can access the
resources, and only the resources, that they are authorised
to.
* {nonrepudiation} - proof that a message came from a certain
source.
* availability - ensuring that a system is operational and
accessible to authorised users despite hardware or software
failures or attack.
* privacy - allowing people to know and control how
information is collected about them and how it is used.
Security can also be considered in the following terms:
* physical security - who can touch the system to operate or
modify it, protection against the physical environment - heat,
earthquake, etc.
* operational/procedural security - who is authorised to do or
responsible for doing what and when, who can authorise others
to do what and who has to report what to who.
* personnel security - hiring employees, background screening,
training, security briefings, monitoring and handling
departures.
* System security - User access and authentication controls,
assignment of privilege, maintaining file and {filesystem}
integrity, {backup}, monitoring processes, log-keeping, and
{auditing}.
* {network security} - protecting network and
telecommunications equipment, protecting network servers and
transmissions, combatting eavesdropping, controlling access
from untrusted networks, firewalls, and intrusion detection.
{Encryption} is one important technique used to improve data
security.
{OWASP} is the {free} and {open} application security
community.
(2007-10-05)