Security testing

Security Testing: (The) Process to determine that an IS (Information System) protects data and maintains functionality as intended.

The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, authorisation, availability and non-repudiation.

Confidentiality

* A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring.

Integrity

* A measure intended to allow the receiver to determine that the information which it receives has not been altered in transit or by other than the originator of the information.
* Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

* A measure designed to establish the validity of a transmission, message, or originator.
* Allows a receiver to have confidence that information it receives originated from a specific known source.

Authorization

* The process of determining that a requester is allowed to receive a service or perform an operation.
* Access control is an example of authorization.

Availability

* Assuring information and communications services will be ready for use when expected.
* Information must be kept available to authorized persons when they need it.

Also authority to operate

Non-repudiation

* A measure intended to prevent the later denial that an action happened, or a communication that took place etc.
* In communication terms this often involves the interchange of authentication information combined with some form of provable time stamp.

ee also

* National Information Assurance Glossary