FAQ

Frequently Asked Questions: Security

Q: What is Security?

A: Adequate security is the belief that there is an acceptable balance of threats against safeguards for a particular circumstance.

Q: Why does my organization need information security?

A: In today's networked society, Information Security is becoming more and more important. Everyone knows that it is important to protect your information and system by installing a firewall to keep intruders out, and by loading anti-virus software onto your workstation to protect your PC from malicious viruses, worms, and Trojan horse viruses. However, reports show that the majority of security breaches occur from within an organization. Therefore, CKM - combining with these traditional measures - offers a higher level of information security by encryption of the actual information and role based access within the organization.

Q: How can I distinguish among Confidentiality (or Privacy), Integrity and Availability?

A: Confidentiality (or Privacy): Information is unavailable to those who are unauthorized to see it.

Integrity: Information cannot be modified in unexpected ways.

Availability: Maintains the availability of data while preventing resources from being deleted or becoming accessible to unauthorized persons.

Q: What are some common security risks?

A: Unauthorized Access: An unauthorized person gains access to a computer system, or a person authorized to use a system for one purpose uses it for another.

Planting: An attacker leaves behind a mechanism to facilitate future attacks, such as a Trojan Horse.

Communications Monitoring: An attacker learns confidential information without necessarily penetrating the victim's computer.

Spoofing: An attacker tampers with the data to the communications process to learn confidential information. For example, a bogus server system is installed to trick a user into voluntarily divulging information.

Repudiation: A party to a transaction falsely denies that the transaction occurred or was authorized, after the fact.

Q: How does CKM provide enhanced security??

A: Typically, an organization's security needs are threefold:

To protect data-at-rest
To protect data-in-transit
To enforce Role-Based Access Control (RBAC), that is, to ensure that only those individuals authorized to see specific information actually do.

TecSec^®, Incorporated's Constructive Key Management^® (CKM^®) technology and administrative system is designed to protect sensitive information - both at rest and in transit - through encryption, and to provide access control based on a Member's right-to-know. CKM allows you to assign access privileges, known as Credentials, to Members, and is ideally suited for large organizations where different parts of the organization have a need to access different parts of an information repository, and where that access needs to be conditional based upon the Member's Role.

Q: What is a Digital Signature?

A: The term "digital signature" applies to the technique of adding a string of characters to an electronic message that serves to verify the identity of the sender. Some digital signature applications check against any changes made to the text of the message after the digital signature was originally added.

Q: Why do I need a digital signature?

A: A digital signature is a non-forgeable transformation of data that allows proof of the source with non-repudiation and the verification of the integrity of that data.