Security Disciplines for Objective 2: Prevention
 |
"There's enough protective technology out there—security should never be the excuse to not share justice information. This overview should help remove security concerns as a roadblock." Dr. Alan Harbitter |
Information Security Disciplines |
Definition and Relevance |
|---|---|
| 2-1. Identification and Authentication | Ensures those wishing to gain access to information resources are who they represent themselves to be. Typical methods include passwords, smart cards, and biometrics. |
| 2-2. Authorization and Access Control | Determines what permissions and access authorization an information system user holds. |
| 2-3. Data Integrity | Safeguards information content and protects against inadvertent or intentional information modification or loss. |
| 2-4. Data Classification | Provides guidelines to label information by its level of sensitivity and appropriate treatment. |
| 2-5. Change Management | Recommends procedures so that system configurations are controlled and understood, reducing the risk of security compromise. |
| 2-6. Public Access, Privacy, and Confidentiality | Outlines tools and procedures to protect the privacy of individuals and information in light of the increased accessibility offered by networked information systems. |
| 2-7. Firewalls, VPNs, and Other Network Safeguards | Identifies the tools employed to establish a barrier between private and public information in a justice organization. |