Difference between revisions of "Confidentiality"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
<br /> | <br /> | ||
==Definitions== | ==Definitions== | ||
| + | === International definitions=== | ||
| + | ==== ITU-T ==== | ||
| + | {{definitionThe property that information is not made available or disclosed to unauthorized individuals, entities, or processes. <ref>ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.</ref>}} | ||
| + | By a ''direct attack'' on a system they exploit deficiencies in the underlying algorithms, principles, or properties of a security mechanism. ''Indirect attacks'' are performed | ||
| + | when they bypass the mechanism, or when they make the system use the mechanism incorrectly.<br /> | ||
| + | |||
=== National Definitions === | === National Definitions === | ||
====Czech Republic==== | ====Czech Republic==== | ||
| Line 29: | Line 35: | ||
[[Category:Information]][[Category:Security]] | [[Category:Information]][[Category:Security]] | ||
| − | {{#set:defined by=Czech Republic|defined by=Norway|defined by=Turkey|defined by=ISO}} | + | {{#set:defined by=ITU-T|defined by=Czech Republic|defined by=Norway|defined by=Turkey|defined by=ISO}} |
Revision as of 17:04, 14 June 2015
Contents
Definitions
International definitions
ITU-T
{{definitionThe property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [1]}}
By a direct attack on a system they exploit deficiencies in the underlying algorithms, principles, or properties of a security mechanism. Indirect attacks are performed
when they bypass the mechanism, or when they make the system use the mechanism incorrectly.
National Definitions
Czech Republic
Characteristic that information is not available or is not disclosed to unauthorized individuals, entities or processes (Vlastnost, že informace není dostupná nebo není odhalena neautorizovaným jednotlivcům, entitám nebo procesům). [2]
Norway
Assurance that specific information is not disclosed to unauthorised persons, and that only authorised persons have access. [3]
Turkey
Information systems and data can be accessed by authorized persons or systems only, and the confidential information pertaining to information systems or confidential information in the system will not be disclosed by unauthorized persons or systems. [4]
Standard Definition
ISO/IEC 27000:2014
Property that information is not made available or disclosed to unauthorized individuals, entities, or processes. [5]
See also
Notes
- ↑ ITU Security in Telecommunications and Information Technology: An overview of issues and the deployment of existing ITU-T Recommendations for secure telecommunications, ITU-T, Geneva (2012) - ITU-T X-800.
- ↑ Cyber Security Explanatory Glossary (2013)
- ↑ Nasjonal strategi for informasjonssikkerhet (2012)
- ↑ Turkey's National Cyber Security Strategy and 2013-2014 Action Plan
- ↑ ISO/IEC 27000:2014, Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary
