|
|
 |
 |
| Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding! |
Targets of security |
| |
|
|
|
There are three general targets of computer security, confidentiality, integrity and availability, confidentiality. Confidentiality assumes also authenticity and when you are taking communication security, you can define further security targets, which can be contradictory of course. By means of cryptography these targets are mostly achievable.
|
|
|
general Security Targets |
Confidentiality:
Confidentiality means protection against unauthorised notice of stored, processed or transmitted informations. This includes also data which seems not sensitiv itself, but can be used for getting access to sensitiv information.
In the scope of communication security this can mean even the information, that such communication occured, has to be kept confidential.
Integrity:
Integrity means securing the correctness (intactness, rightness and completeness) of informations (data integrity) resp. the correct functioning of systems (systemintegrity). The processed, transmitted or stored data may only be manipulated with right authorisation and in intended way, they have to be also right and comply with business assets and expectations in economical aspect.
These requirements include also attributes, backups and documentation of all kinds. A system must be logical correct at eacht time, assuming logical completeness of all parts of hard and software, which are implementing security functions.
Availability:
All processed data as well as the necessary systems and means for processing has to be available and ready for action resp. in expected or required quality when an authorised user wants to access. This includes all hardware, programs and functions - as well as for data, and therefore archives and backups.
|
more Security Targets |
In scope of E-Commerce and communication security you often find the following security target.
Authenticity
Authenticitymeans the securing genuineness of informations resp. the claimed identity. It has to be secured that information really come from the indicated source (message authenticity) resp. that the claimed identy of a user or involved system is correct ( bzw. dass die vorgegebene Identität, etwa eines Benutzers oder eines an der Kommunikation beteiligten Systems (participant authenticity). This necessary proof can be done by different means
.
|
other Targets |
Reliability:
Reliabilitiy means protection against intended or unintended interferences, by attacks or by force majeure. Other are talking about vulnerableness. This target can be assigned to the security target: Availability.
Non-Propagation:
Informations must not to be copied by unauthoriesed, resp. repeated unrecognised (Replay Attack). This target can be assigned soonest to integrity.
Anonymity:
Securing anonymity means protection against identification, which is in conflict to authenticity. This can be reached through e.g. "blind signatures", which are used with electronic votes or digital coins.
Pseudonymity:
Pseudonymity protects against identification by name.
Non-Observability:
Non Observatbility is a subset of confidentiality. Not only the content but also the taking place is the asset which has to be protected. You can imagine, that taking place of communication with certain institutions (notary, lawyer, authorities,..) should not known.
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
Legal notice