Security concepts


Security is the process of ensuring that a system is used for its intended purposes by its intended users.

Some policy needs to exist to define a system's intended purposes and intended user community; without policy, one cannot meaningfully manage security.

Some common security terms:

Trust
The assumption that people will follow security guidelines that are not otherwise technically enforced. By granting access to a system, one is always extending some level of trust.
Authentication
Verifying the identity of a system user.
Authorization
What a system user is permitted to do, which may be specific permissions granted and enforced by operating system mechanisms, or expectations of what a user should do.
Privilege
Authorization to perform certain critical operations (such as reboot a system or bypass system restrictions for administrative purposes).
Access control
Mechanisms for restricting access to system resources based on identity or location.

Next ->


Steve VanDevender
Last modified: Tue Jul 8 14:42:49 PDT 2003