Security Architecture

A structured approach to system security that is typically composed of three efforts:

1. Definition
2. Maintenance
3. Measurement

Taken together, these three processes serve to define the rationale for the security system, how it is to be operated and maintained and by which means it can be demonstrated to be functioning correctly.

Security Requirements

A collection of performance characteristics that defines the targets against which the performance of an implemented security system will be measured.  The security requirements documents define the general context of the approach, the assets to be secured and any roles, situations or other implementation-specific information that is deemed appropriate and necessary.

Security System Maintenance

The processes and protocols that are required to maintain the integrity of a security implementation, including the general upkeep, scheduling of any required maintenance and the behavioral norms expected of the system and those who are selected to ensure its availability and soundness.

Security Audit

The process by which the performance characteristics of a security system is measured.  The security audit process is heavily influenced by quality driven methodologies, such as ISO.  The goal of a security audit is to measure the systems conformance to explicit, unambiguous design goals.  These design goals are captured in a formal requirements document (see Security Requirements) - The audit tests for variance and identifies the portions of the system which are in nonconformity and in need of remediation.

Internet Security Issues

The body of knowledge surrounding the security industry, security resources and the ever-expanding universe of security advisoriesl alerts and remediations.  There are many resources available to research this topic, some of which are SANS , CERT, insecure.org, slashdot.com and many, many others.

Internet Security Architecture

A security architecture that has been specifically designed for performance using Internet-based technologies or public/insecure networks, typically focusing on three aspects of "public computing":
 

1. Remote Access
2. Website Access (Public/Semi-Private/Private)
3. mail

The above are almost always policy driven.

Firewall

A system tasked with protecting the boundary of a given asset.  Some companies have one firewall at the ingress/egress point of the corporation, some have them at the departmental or facility level.  Regardless of the number or physical location of the firewall, the role of a firewall is constant - to raise the difficulty of unauthorized penetration of the facilities protected by the firewall.  Many different types of firewall exist and at several different layers of the ISO MODEL.

Web Security

The approach taken by the security implementation team to mitigate the risks associated with the operation of a web server, particularly the identification of which assets are to be transmitted with the unencrypted HTTP service, which with the encrypted HTTPS service and which portions of the documents collection is to have only authenticated access.

E-mail Security

The approach taken by the security implementation team to mitigate the risks associated with the operation of a e-mail server and the risks of issuing and receiving information via E-mail.  This includes any policy surrounding acceptable use of e-mail, employee disclaimers and the response to computer viruses.

Data Encryption

A means of securing (usually) digital data through the use of an algorithm shared by interested, authorized parties.  Plaintext is sent through an encryption process, producing ciphertext.  To obtain plaintext once more, the ciphertext is sent through a decryption process - which should render an exact replica of the original plaintext. 

 Data encryption is also the general term used to collectively describe all the above processes and technologies

Message Digest

 A definition is available here.

Digital Signature

A definition is available here.

Digital Certificate

A definition is available here.