- Security testing
Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, availability and non-repudiation.
Confidentiality
* A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring.
Integrity
* A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
* Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.Authentication
* A measure designed to establish the validity of a transmission, message, or originator.
* Allows a receiver to have confidence that information it receives originated from a specific known source.Authorization
* The process of determining that a requester is allowed to receive a service or perform an operation.
* Access control is an example of authorization.Availability
* Assuring information and communications services will be ready for use when expected.
* Information must be kept available to authorized persons when they need it.Also authority to operate
Non-repudiation
* A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
* In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.ee also
*
National Information Assurance Glossary
Wikimedia Foundation. 2010.
