seguridad
1. f.
Cualidad de seguro.
seguro, ra.
1. adj. Libre
y exento de todo peligro, daño o riesgo.
DRAE.
Diccionario de la Lengua Española.
A condition that results
from the establishment and maintenance of protective measures that enable an
enterprise to perform its mission or critical functions despite risks posed by
threats to its use of information systems. Protective measures may involve a
combination of deterrence, avoidance, prevention, detection, recovery, and
correction that should form part of the enterprise’s risk management approach. [CNSSI_4009:2010]
1a. (I) A system condition
that results from the establishment and maintenance of measures to protect the
system.
1b. (I) A system condition
in which system resources are free from unauthorized access and from
unauthorized or accidental change, destruction, or loss. (Compare: safety.)
2. (I) Measures taken to
protect a system.
Tutorial: Parker [Park]
suggests that providing a condition of system security may involve the
following six basic functions, which overlap to some extent:
·
"Deterrence":
Reducing an intelligent threat by discouraging action, such as by fear or
doubt. (See: attack, threat action.)
·
"Avoidance":
Reducing a risk by either reducing the value of the potential loss or reducing
the probability that the loss will occur. (See: risk analysis. Compare:
"risk avoidance" under "risk".)
·
"Prevention":
Impeding or thwarting a potential security violation by deploying a
countermeasure.
·
"Detection":
Determining that a security violation is impending, is in progress, or has
recently occurred, and thus make it possible to reduce the potential loss. (See:
intrusion detection.)
·
"Recovery":
Restoring a normal state of system operation by compensating for a security
violation, possibly by eliminating or repairing its effects. (See: contingency
plan, main entry for "recovery".)
·
"Correction":
Changing a security architecture to eliminate or reduce the risk of
reoccurrence of a security violation or threat consequence, such as by eliminating
a vulnerability.
[RFC4949:2007]
All aspects related to
defining, achieving, and maintaining confidentiality, integrity, availability,
accountability, authenticity, and reliability.
Note. A product, system, or
service is considered to be secure to the extent that its users can rely that
it functions (or will function) in the intended way. This is usually considered
in the context of an assessment of actual or perceived threats. a) The
capability of the software product to protect information and data so that
unauthorised persons or systems cannot read or modify them and authorised
persons or systems are not denied access to them [ISO/IEC 9126-1].
[ISO-15443-1:2005]
Security is a system
property. Security is much more that a set of functions and mechanisms.
Information technology security is a system characteristic as well as a set of
mechanisms which span the system both logically and physically. [NIST-SP800-33:2001]
The IT security goal is to
enable an organization to meet all mission/business objectives by implementing
systems with due care consideration of IT-related risks to the organization,
its partners, and its customers. [NIST-SP800-33:2001]
the combination of
confidentiality, integrity and availability. [ITSEC:1991]