The security of a system, application, or protocol is always relative to:
A set of desired properties
An adversary with specific capabilities
The avoidance of the unauthorized disclosure of information.
it involves the protection of data, providing access for those who are allowed to see it while disallowing others from learning anything about its content.
The transformation of information using a secret called an encryption key, so that the transformed information can only be read using another secret, called the decryption key (which may, in come cases be the same as the encryption key)
rules and policies that limit access to confidential information to those people and/or systems with a "need to know".
may be determined by identity, such as person's name or a computer's serial number, or by a role that a person has, such as being a manager or a computer security specialist.
The determination of the identity or role that someone has. This determination can be done in a number of different ways, but it is usually based on a combination of:
something the person has
something the person knows
something the person is
The determination if a person or system is allowed access to resources, based on an access control policy.
Such authorizations should prevent an attacker from tricking the system into letting him access to protected resources.
The establishment of physical barriers to limit access to protected computational resources.
Such barriers include locks on cabinets and doors, the placement of computers in windowless rooms, the use of sound dampening materials, and even the construction of buildings or rooms with walls incorporating copper meshes.
The property that information has not be altered in an unauthorized way.
the periodic archiving of data
the computation of a function that maps the contents of a file to a numerical value. A checksum function depends on the entire contents of a file and is designed in a way that even a small change to the input file (such as flipping a single bit) is highly likely to result in a different output value.
Data correcting codes
methods for storing data in such a way that small changes can be easily detected and automatically corrected.
the property that information is accessible and modifiable in a timely fashion by those authorized to do so.
infrastructure meant to keep information available even in the event of physical challenges.
Computers and storage devices that serve as fall backs in the case of failures.