Security concepts
Security is the process of ensuring that a system is used for its
intended purposes by its intended users.
Some policy needs to exist to define a system's intended purposes
and intended user community; without policy, one cannot meaningfully
manage security.
Some common security terms:
- Trust
- The assumption that people will follow security guidelines that
are not otherwise technically enforced. By granting access to a
system, one is always extending some level of trust.
- Authentication
- Verifying the identity of a system user.
- Authorization
- What a system user is permitted to do, which may be specific
permissions granted and enforced by operating system mechanisms, or
expectations of what a user should do.
- Privilege
- Authorization to perform certain critical operations (such as
reboot a system or bypass system restrictions for administrative
purposes).
- Access control
- Mechanisms for restricting access to system resources based on
identity or location.
Next ->
Steve VanDevender
Last modified: Tue Jul 8 14:42:49 PDT 2003