Monday, 1 April 2013

Security testing


Security Testing


Security testing is a process to determine that an information system protects data and maintains functionality as intended.
The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.

Confidentiality


  • A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.

Integrity

  • A measure intended to allow the receiver to determine that the information provided by a system is correct.
  • Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding information to a communication, to form the basis of an algorithmic check, rather than the encoding all of the communication.

Authentication


  • This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one.

Authorization

  • The process of determining that a requester is allowed to receive a service or perform an operation.
  • Access control is an example of authorization.

Availability

  • Assuring information and communications services will be ready for use when expected.
  • Information must be kept available to authorized persons when they need it.

Non-repudiation

  • In reference to digital security, nonrepudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.























Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)