Security testing

Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, availability and non-repudiation.

Confidentiality

* A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring.

Integrity

* A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
* Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

* A measure designed to establish the validity of a transmission, message, or originator.
* Allows a receiver to have confidence that information it receives originated from a specific known source.

Authorization

* The process of determining that a requester is allowed to receive a service or perform an operation.
* Access control is an example of authorization.

Availability

* Assuring information and communications services will be ready for use when expected.
* Information must be kept available to authorized persons when they need it.

Also authority to operate

Non-repudiation

* A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
* In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.

ee also

* National Information Assurance Glossary


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • The Open Source Security Testing Methodology Manual — This Open Source Security Testing Methodology Manual ( [http://www.osstmm.org/ OSSTMM] ) provides a methodology for a thorough security test, now referred to as an OSSTMM audit. An OSSTMM audit is an accurate measurement of security at an… …   Wikipedia

  • Security engineering — is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to… …   Wikipedia

  • Security Audit — Als IT Sicherheitsaudit (englisch IT Security Audit; von lateinisch audit: „er/sie hört“; sinngemäß: „er/sie überprüft“) werden in der Informationstechnik (IT) Maßnahmen zur Risiko und Schwachstellenanalyse (engl. Vulnerability Scan) eines IT… …   Deutsch Wikipedia

  • Security Scan — Als IT Sicherheitsaudit (englisch IT Security Audit; von lateinisch audit: „er/sie hört“; sinngemäß: „er/sie überprüft“) werden in der Informationstechnik (IT) Maßnahmen zur Risiko und Schwachstellenanalyse (engl. Vulnerability Scan) eines IT… …   Deutsch Wikipedia

  • Security Test — Als IT Sicherheitsaudit (englisch IT Security Audit; von lateinisch audit: „er/sie hört“; sinngemäß: „er/sie überprüft“) werden in der Informationstechnik (IT) Maßnahmen zur Risiko und Schwachstellenanalyse (engl. Vulnerability Scan) eines IT… …   Deutsch Wikipedia

  • Security of person — or security of the person is a human right guaranteed by the Universal Declaration of Human Rights, adopted by the United Nations in 1948. It is also a right respected in the Constitution of Canada, the Constitution of South Africa and other laws …   Wikipedia

  • Security Content Automation Protocol — The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation (e.g., FISMA compliance). The National Vulnerability Database… …   Wikipedia

  • Security Administrator Tool for Analyzing Networks — The Security Administrator Tool for Analyzing Networks (SATAN) is a testing and reporting toolbox that collects a variety of information about networked hosts and was considered one of the best when written. In fact, it was the first truly user… …   Wikipedia

  • security and protection system — Introduction       any of various means or devices designed to guard persons and property against a broad range of hazards, including crime, fire, accidents, espionage, sabotage, subversion, and attack.       Most security and protection systems… …   Universalium

  • Security token — Several types of security tokens with a penny for scale …   Wikipedia


Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.