Security is about protecting your assets. These assets could be anything in company. In software these assets represent your web resources or website (Web Security), Software application (Application Security), Data (Data Security), Web service (Web service Security) or Network (Network Security).
Security relies on following security properties.
1. Authentication – Authentication is process to verify the identity of visitor to your application or Website. Typically this authentication process is based on visitor’s username and password.
2. Authorization – Authorization is a process to define user access or privilege to resources or system to use. Authorization is user privilege in which they are eligible to access system or resources (e.g. Hours of Access, Access of file or directory, access of resources in website…etc.).
3. Auditing – Auditing is a process of systematic evaluation of the security vulnerability or security weakness of company’s resources or system. Security Audit is typically conducted for the purpose of business risk assessment, Information security and regulatory compliance (e.g. PCI, HIPAA… etc.).
Last three properties of security called CIA of a system. They are very important to implement any security compliances. They are goal for security implementation.
4. Confidentiality – Confidentiality is a process to keep information or resources secret from unauthorized access. Confidentiality is governed by Local/National Legislation or compliances and Provider Policies.
5. Integrity – Integrity in security refers to reliable and protecting information/resources from being tampered or change. Integrity includes Authenticity and Non-repudiation/Accountability.
6. Availability – Information/Resources available to authorize users and application when they need. Information only has value if right user/application can access it at right time.
Rajnish Kumar is CTO of Vanrish Technology with Over 25 years experience in different industries and technology. He is very passionate about innovation and latest technology like APIs, IOT (Internet Of Things), Artificial Intelligence (AI) ecosystem and Cybersecurity. He present his idea in different platforms and help customer to their digital transformation journey.