Authorization is the processes of allowing access to specific data within a system. Delegation is the utilization of a third party to manage and certify each of the users of your system. (Certificate Authorities).
Auditing and Logging
This is the independent examination and recording of records and activities to ensure compliance with established controls, policy, and operational procedures, and to recommend any indicated changes in controls, policy, or procedures.
Management
Is the oversight and design of the elements and mechanisms discussed above and below. Card management also requires the management of card issuance, replacement and retirement as well as polices that govern a system. Cryptography/Confidentiality Confidentiality is the use of encryption to protect information from unauthorized disclosure. Plain text is turned into cipher text via an algorithm, and then decrypted back into plain text using the same method. Cryptography is the method of converting data from a human readable form to a modified form, and then back to its original readable form, to make unauthorized access difficult. Cryptography is used in the following ways:
• Ensure data privacy, by encrypting data
• Ensures data integrity, by recognizing if data has been manipulated in an unauthorized way
• Ensures data uniqueness by checking that data is “original”, and not a “copy” of the “original”. The sender attaches a unique identifier to the “original” data. This unique identifier is then checked by the receiver of the data.
