The major factors to consider in security planning are:
-
Authentication. One
of the primary decisions to make about any application is whether
you need to know and control who is allowed to execute it. Authentication
is the process of confirming the identity of a user, and using this information
to determine whether they are allowed to access the application.
-
Authorization. Once
you have authenticated a user, the next step is to determine and
then enforce an appropriate level of access. Authorization is the
process of enforcing user privileges to control the level of access
within an application.
-
Confidentiality. Confidentiality
ensures privacy, usually by encrypting information transmitted between
or stored on components in an environment. Encryption may be weak
or strong, and can be based on private or public encryption schemes.
A decision regarding which data is sensitive is different for every
organization.
-
Data Integrity. Data
integrity is the assurance that information cannot be altered without
proper authorization.