3. Authentication
-is the act of confirming the truth of an attribute of a datum or
entity.
Example:
When entering a restricted establishment, you are required to be
identified before you enter. An Identification Card (ID) is the perfect
example to verify your identity which allows access.
Username and password is often used to allow access on data.
The server that contains the data determines if you are allowed to
access the data.
4. Transport Security (Encryption)
- is the process of encoding messages (or information) in such a way that
eavesdroppers or hackers cannot read it, but that authorized parties can.
Example:
A messenger is asked to deliver certain documents that contains financial
information from a large company to another company. The documents was
accidentally dropped somewhere on the road. Fortunately the information on
the documents is encoded to prevent unauthorized persons to read it.
When computers interact with each other, they send encrypted information
through secured lines to prevent unauthorized persons from acquiring it.
5. Authorization
- is the function of specifying access rights to resources, which is
related to information security and computer security in general
and to access control in particular.
Having multiple users has different levels of access which is
determined by the server that holds the data.
Example:
Inside any establishment there is a door that says “authorized
personnel only”. This informs you that if you are not authorized or
an employee of the establishment that you are denied of access.
6. Access Control
is the selective restriction of access to a place or other resource.
Different kinds of users has different levels of access. Some can access more data
than the others.
Example:
Inside a bank, a client can only enter the lobby and interact with personnel while an
employee can access the lobby and work stations to perform bank operations.
7. Auditing
The process of reviewing security logs that is acquired throughout a certain period
or as it happens.
Monitoring interactions between the server to anyone that is wanting and acquiring
access to the data. Basically having a record of who goes in and out of the system.
Example:
Some establishments has strict guidelines on who enters and exits. A security guard
would require you to write down your name and destination inside the
establishment. This allows them to monitor the flow of people to the establishment.