Overview#

Security is the degree of resistance to encountering an unfortunate eventSecurity is only required when you do not have TrustSecurity exists to facilitate Trust.[1]

Security is distinct and separate from Privacy.

Security is way too broad to be an objective of any endeavor. Sure an end-user may use the term but any project manager must determine what Security implies in the context of the project and provide appropriate details.

Security implies there are Protected Resources and the requirement of Access Control to prevent an unfortunate event.

Information security is the degree of resistance to encountering an unfortunate event involving data

Security Objectives (CIA): #

Many sources, including NIST.SP.800-53, imply the Security Objectives are:

• confidentiality
• integrity
• availability

Some of them even claim advanced security goals like Perfect Forward Secrecy.

Interestingly Security Objectives and Cryptography Objectives are the same except for possibly Authenticity and availability.

perfect Security#

There is no such thing as Perfect Security

More Information#

There might be more information for this subject on one of the following:

• 5G
• 5G-ENSURE
• API Service Delivery
• API-Gateway
• AWS Inspector
• AWS Trusted Advisor
• Access Control Service
• Accountability
• Amazon Web Services
• Attack
• Attribute Provider Statement
• Best Practices
• Best Practices For Unique Identifiers
• BeyondCorp
• Bill of Rights
• Biometric Data Challenges
• Blockstack
• Bob Blakley
• Bruce Schneier
• Bug
• CIA
• Caesar Cipher
• Card Processor
• Center for Internet Security
• Certification Authority Browser Forum
• Cheat Sheets
• Cloud Access Security Broker
• Cloudflare
• Computational Hardness Assumption
• Constitutional Order
• Containerization vs Metadata
• Crypto Forum Research Group
• Cryptography
• Cryptography Objectives
• Decentralized Identity
• Decentralized Public Key Infrastructure
• Device Inventory Service
• Distributed Consensus
• Electronic Identification Authentication and trust Services
• Encryption
• FIDO Standards
• Fair Information Practices
• Fast Healthcare Interoperability Resources
• Federal Information Processing Standard
• Federal Information Security and Management Act
• Financial API
• Firewall
• Glossary Of LDAP And Directory Terminology
• Government abuse
• Guidelines for Writing RFC Text on Security Considerations
• HHSOCR
• Hash Function Security Properties
• Health Insurance Portability and Accountability Act
• ICAO Document 9303
• IDSA Integration Framework
• IMA Policies
• ISO 29003
• Identity Custodian
• Identity Ecosystem Framework
• Identity Token
• Identity and Access Management
• If men were angels
• Implicit Grant
• Incident Management
• Independent Identity
• Instant Messaging
• Internet Corporation for Assigned Names and Numbers
• Java Card
• Kerckhoffs principle
• Knowledge Consistency Checker
• LAN Manager authentication level
• Legitimacy of Social Login
• Liars and Outliers
• Local Security Authority
• MSFT Access Token
• Messaging Layer Security
• Mimikatz
• Mobile Security Framework
• Modular Open Source Identity Platform
• Multi-Factor Authentication
• NIST Cybersecurity Framework
• NIST Special Publication
• NIST.SP.800-53
• NIST.SP.800-70
• National Cybersecurity Center of Excellence
• Network Security
• Network Security Services
• OAuth 2.0 Protocol Flows
• Open Web Application Security Project
• OpenID Connect Flows
• Operation Aurora
• Opportunistic Security
• Password Periodic Changes
• Password Quality
• Passwordless SMS Authentication
• Penetration Test
• Perfect Security
• Personal Unblocking Code
• Privacy
• Privacy And Security Conflicts
• Privacy Paradox
• REAL ID
• RFC 4301
• RFC 7384
• RFC 7672
• RFC 7748
• ROT13
• Risk Taxonomy Technical Standard
• Runtime Application Self-Protection
• SOC 2
• SSL-TLS Interception
• Secure Electronic Transaction
• Secure Element
• Secure connection
• Security Considerations
• Security Information and Event Management
• Security Layer
• Security Operations
• Security Principal Objects
• Shared Responsibility Model
• Smart Card
• Smart contracts
• Social contract
• Sovereignty
• Stellar Consensus Protocol
• Subscriber Identification Module
• Technical Positions Statements
• Time synchronization
• Trust
• Trust No One
• U-Prove
• United States Department of Homeland Security
• User Layer
• User-centric Identity
• Verifiable Credentials
• Voice recognition
• Vulnerability
• Vulnerability Assessment
• Web Authentication API
• Web Service Security Specifications
• XDAS Security Events
• Zcash
• Zero Trust

• [#1] - Bruce Schneier on Trust - based on data observed: 2012-09-16