Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Integrity<br />
The second <strong>of</strong> the three goals <strong>of</strong> security, integrity is the process <strong>of</strong> protecting the<br />
accuracy <strong>of</strong> information. An example <strong>of</strong> information for which integrity is important is<br />
financial records.<br />
Availability<br />
The third <strong>of</strong> the three goals <strong>of</strong> security, availability is the process <strong>of</strong> protecting the<br />
access to information. An example <strong>of</strong> information for which availability is important is<br />
data that is used in consecutive processes.<br />
Authorization<br />
The process <strong>of</strong> granting/receiving permission to access an information system.<br />
Identification<br />
The process <strong>of</strong> demonstrating one’s authorized use <strong>of</strong> an information system.<br />
Authentication<br />
The process <strong>of</strong> validating one’s identity.<br />
Identifier<br />
A token that is unique to an individual user and is used both in the identification process<br />
for information system access and to correlate actions within that system to the user.<br />
Identifiers do not necessarily have to be kept secret. An example <strong>of</strong> an identifier is a<br />
user id.<br />
Authenticator<br />
Also referred to as “Something you Are”, the third factor <strong>of</strong> authentication is usually<br />
some form <strong>of</strong> biometric measurement that is unique to the user. An example <strong>of</strong> the<br />
third factor <strong>of</strong> authentication is a fingerprint.<br />
Incident Response – Preparation Phase<br />
The process <strong>of</strong> establishing polices, procedures and agreements prior to the occurrence<br />
<strong>of</strong> a security incident in order to minimize the number <strong>of</strong> incidents that occur and<br />
accelerate the process <strong>of</strong> dealing with incidents that do occur.<br />
Incident Response – Detection Phase<br />
The process <strong>of</strong> determining whether an incident has or has not occurred and the<br />
severity on any incident that has occurred.<br />
Incident Response – Containment Phase<br />
The process <strong>of</strong> simultaneously preventing the spread <strong>of</strong> an incident while maintaining<br />
evidence <strong>of</strong> the occurrence <strong>of</strong> the incident. Containment can be compromised by the<br />
need to keep mission critical systems in production and must be handled carefully.<br />
51