Enterprise Security Architecture
From Glitchdata Wiki
- Authentication: The substantiation of the identity of a person or entity related to the enterprise or system in some way.
- Authorization: The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.
- Audit: The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.
- Assurance: The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.
- Availability: The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.
- Asset Protection: The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use.
- Administration: The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.
- Risk Management: The organization's attitude and tolerance for risk. (This risk management is different from the special definition found in financial markets and insurance institutions that have formal risk management departments.)