Glossary of Security Terms
Access Controls
Methods of limiting access to an information system resources based on any number of criteria.
Authentication
The process of identifying an individual is usually based on a username and password, or certificate.
Authorization
The process of permitting access to information system resources based on an individual's identity, group, or role.
Encryption
Encryption is a method which:
Scrambles messages and stored content to prevent it from being read by anyone but the intended recipients.
Hash messages to prove their original content.
Sign messages to prove the user that sent them.
Least Privilege
The practice of limiting access to the minimal level that will allow normal functioning. This means giving a user account only those privileges that are essential to that user's work.
Permission
A predefined authorization to perform a task. A set of permissions can be assigned to roles.
Role
A role is a collection of permissions.
System Security
System Security is a process by which computer-based equipment, information, and services are protected from unintended or unauthorized access, change, or damage.
User
A unique identity by which people and processes are granted access to system resources via authorizations. User identities are also recorded as the origin for specific transactions.