Security Structure  «Prev  Next»

Lesson 3Security standards
ObjectiveSecurity Standards currently being used

Security Standards currently being used

What are the security standards currently being used?
In the quest for an effective security system, some basic services and standards are used. Security services as defined by ISO 7498-2 security architecture, are summarized in the MouseOver below.
These services will be examined in more detail in upcoming lessons. In the diagram below each of the violet rectangles is represented by a line of text below the diagram.

  1. The process of proving identity, authentication services ensure the authenticity of an entity during communication and/or transfer of data.
  2. Access control provides protection against the unauthorized use of system resources that may be accessible. This service relates to what resources a user or service may access on the system or network.
  3. Data confidentiality services protect data from unauthorized disclosure and passive threats.
  4. Data integrity services protect against active threats by verifying or maintaining the consistency of information.
  5. Repudiation is defined as the denial by one of the entities involved in a communication of having participated in all or part of the communication. Non-repudiation services provide for proof of origin and/or proof of delivery.
The process of proving identity, authentication services ensure the authenticity of an entity during communication and/or transfer of data.
Security Standards/ Security Services

Security mechanisms

The actual systems and software that provide the different security services are referred to by ISO as security mechanisms. These mechanisms are classified as either specific or pervasive. Specific mechanisms implement specific services. Encryption is a specific mechanism used for data confidentiality. Pervasive mechanisms are not related to a specific service. Examples of pervasive mechanisms include security labels and audit trails.

Government security standards

NSA and NIST jointly released a new series of standards called Trust Technology Assessment Program (TTAP).
TTAP defines seven security levels beginning with Evaluation Assurance Level (EAL) 1 and continuing through EAL 7 (the most secure level). TTAP is still in its early development and shows promise of defining in industry-wide security standardization.
Click the link below to review the standards of security.
Security Standards Definitions