The major factors to consider in security planning are:
-
Authentication. One of the primary decisions to make about any application is whether you need to know and control who is allowed to execute it. Authentication is the process of confirming the identity of a user, and using this information to determine whether they are allowed to access the application.
-
Authorization. Once you have authenticated a user, the next step is to determine and then enforce an appropriate level of access. Authorization is the process of enforcing user privileges to control the level of access within an application.
-
Confidentiality. Confidentiality ensures privacy, usually by encrypting information transmitted between or stored on components in an environment. Encryption may be weak or strong, and can be based on private or public encryption schemes. A decision regarding which data is sensitive is different for every organization.
-
Data Integrity. Data integrity is the assurance that information cannot be altered without proper authorization.