Seguridad o certeza que se tiene sobre algo.
De garantía. Que ofrece confianza.
DRAE. Diccionario de la Lengua Española.
Especificación de aseguramiento de las funciones de
seguridad que deben implementarse para alcanzar uno o varios objetivos de
seguridad, centrada generalmente en el entorno de desarrollo del sistema.
[EBIOS:2005]
1. Confianza que puede depositarse en la seguridad
suministrada por el Objeto de Evaluación (ITSEC)
2. Confianza depositada en un sistema para alcanzar su
Objetivo de Seguridad.
[Ribagorda:1997]
Seguridad de que un sistema alcanza los objetivos de
seguridad para los que ha sido diseñado. [CESID:1997]
Something that makes something
else certain to happen.
Oxford
Advanced Learner's Dictionary.
Measure of confidence that
the security features, practices, procedures, and architecture of an information
system accurately mediates and enforces
the security policy. [CNSSI_4009:2010]
in the context of this
document: Grounds for confidence that a deliverable meets its security objectives
[ISO/IEC 15408].
NOTE. This definition is generally
accepted within the security community; within ISO the more generally used
definition is: Activity resulting in a statement giving confidence that a
product, process or service fulfills specified requirements [ISO/IEC Guide 2].
[ISO-21827:2007]
a set of structured
assurance claims, supported by evidence and reasoning, that demonstrate clearly
how assurance needs have been satisfied. [ISO-21827:2007]
an assertion or supporting
assertion that a system meets a security need. Claims address both direct
threats (e.g., system data are protected from attacks by outsiders) and
indirect threats (e.g., system code has minimal flaws). [ISO-21827:2007]
data on which a judgment or
conclusion about an assurance claim may be based. The evidence may consist of
observation, test results, analysis results and appraisals. [ISO-21827:2007]
1. (I) An attribute of an
information system that provides grounds for having confidence that the system
operates such that the system's security policy is enforced. (Compare: trust.)
2. (I) A procedure that
ensures a system is developed and operated as intended by the system's security
policy.
[RFC4949:2007]
Grounds for confidence that
a TOE meets the SFRs.
TOE - Target of Evaluation
SFR - Security Functional
Requirement
[CC:2006]
Specification of the
assurance provided by security functions to be implemented to contribute to one
or more security objectives, and generally concerning the system development
environment. [EBIOS:2005]
Grounds for confidence that
the other four security goals (integrity, availability, confidentiality, and
accountability) have been adequately met by a specific implementation.
"Adequately met" includes (1) functionality that performs correctly,
(2) sufficient protection against unintentional errors (by users or software),
and (3) sufficient resistance to intentional penetration or by-pass. [NIST-SP800-27:2004]
A grouping of assurance
methods according to the aspect examined. [ISO-15443-1:2005]
Verification and recording
of the overall types and amounts of assurance associated with the deliverable
(entered into the assurance argument). [ISO-15443-1:2005]
Grounds for confidence that
the other four security objectives (integrity, availability, confidentiality,
and accountability) have been adequately met by a specific implementation.
Adequately met includes (1) functionality that performs correctly, (2)
sufficient protection against unintentional errors (by users or software), and
(3) sufficient resistance to intentional penetration or by-pass. [NIST-SP800-33:2001]
the confidence that may be
held in the security provided by a Target of Evaluation. [ITSEC:1991]
Spécification
d'assurance des fonctions de sécurité à mettre en œuvre pour participer à la
couverture d'un ou plusieurs objectifs de sécurité, et portant généralement sur
l'environnement de développement du système. [EBIOS:2005]