Security

Confidentiality

• Security measures must protect against disclosure of information to parties other than the intended recipient(s).
• Information should be secured by means of encoding, using a defined algorithm and some secret information known only to the originator and the intended recipient(s) (cryptography).

Integrity

• Measures intended to allow the recipient to determine that the information it receives has not been altered in transit or by anyone or process other than the originator.
• Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

• Measures designed to establish validity of a transmission, message, or originator.
• Allows the recipient to have confidence that information it receives originated from a specific known source.

Authorization

• Process of determining that a requestor is authorized to receive a specified service or perform an operation.
• Access control is an example of an authorization scheme.

Availability

• Assures that information and communications services will be ready for use when expected.
• Information must be kept available to authorized persons when they need it.

Non-repudiation

• Measures intended to prevent the future denial that an action occurred, or a communication that took place.
• Non-repudiation is often performed when the interchange of authentication information is combined with some form of provable time stamp.