LDAP Security
Requirements
Section 2.19 of ISO/IEC 27000:2009 [ISO27000] defines information security as "preservation of
confidentiality,
integrity and
availability of information". It also notes that other properties, such as authenticity, accountability, non-repudiation, and reliability are relevant.
Following up the definitions of those terms, we find:
Confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes.
Integrity is the property of protecting the accuracy and completeness of assets, where asset is given the very broad definition "anything that has value to the organization" - a synonym for 'data' in the context of this site.
Availability is the property of "being accessible and usable upon demand by an authorized entity".
Controls
A
Control is "a means of\ managing risk,
including policies, procedures, guidelines, practices or organizational structures,\xA0which\xA0can\xA0be\xA0administrative,\xA0technical,\xA0management,\xA0or\xA0legal\xA0in\xA0
nature".
Controls have been grouped into categories here. Feel free to add more or to move things around:
--
AndrewFindlay - 06 Oct 2011