Ver:
· Seguridad de las operaciones
· Seguridad en las comunicaciones
· Compusec
· TEMPEST
seguridad
1. f.
Cualidad de seguro.
seguro, ra.
1. adj. Libre
y exento de todo peligro, daño o riesgo.
DRAE.
Diccionario de la Lengua Española.
A condition that
results from the establishment and maintenance of protective measures that
enable an enterprise to perform its mission or critical functions despite risks
posed by threats to its use of information systems. Protective measures may
involve a combination of deterrence, avoidance, prevention, detection,
recovery, and correction that should form part of the enterprises risk
management approach. [CNSSI_4009:2010]
1a. (I) A system
condition that results from the establishment and maintenance of measures to
protect the system.
1b. (I) A system
condition in which system resources are free from unauthorized access and from
unauthorized or accidental change, destruction, or loss. (Compare: safety.)
2. (I) Measures
taken to protect a system.
Tutorial: Parker
[Park] suggests that providing a condition of system security may involve the
following six basic functions, which overlap to some extent:
·
"Deterrence":
Reducing an intelligent threat by discouraging action, such as by fear or
doubt. (See: attack, threat action.)
·
"Avoidance":
Reducing a risk by either reducing the value of the potential loss or reducing
the probability that the loss will occur. (See: risk analysis. Compare:
"risk avoidance" under "risk".)
·
"Prevention":
Impeding or thwarting a potential security violation by deploying a
countermeasure.
·
"Detection":
Determining that a security violation is impending, is in progress, or has
recently occurred, and thus make it possible to reduce the potential loss. (See:
intrusion detection.)
·
"Recovery":
Restoring a normal state of system operation by compensating for a security
violation, possibly by eliminating or repairing its effects. (See: contingency
plan, main entry for "recovery".)
·
"Correction":
Changing a security architecture to eliminate or reduce the risk of
reoccurrence of a security violation or threat consequence, such as by eliminating
a vulnerability.
[RFC4949:2007]
All aspects
related to defining, achieving, and maintaining confidentiality, integrity,
availability, accountability, authenticity, and reliability.
Note. A product,
system, or service is considered to be secure to the extent that its users can
rely that it functions (or will function) in the intended way. This is usually
considered in the context of an assessment of actual or perceived threats. a)
The capability of the software product to protect information and data so that
unauthorised persons or systems cannot read or modify them and authorised
persons or systems are not denied access to them [ISO/IEC 9126-1].
[ISO-15443-1:2005]
Security is a
system property. Security is much more that a set of functions and mechanisms.
Information technology security is a system characteristic as well as a set of
mechanisms which span the system both logically and physically. [NIST-SP800-33:2001]
The IT security
goal is to enable an organization to meet all mission/business objectives by
implementing systems with due care consideration of IT-related risks to the
organization, its partners, and its customers. [NIST-SP800-33:2001]
the combination
of confidentiality, integrity and availability. [ITSEC:1991]
Temas relacionados