The security of an information system depends on the following factors:
Information must be disclosed only to the right people
Information must be modified only by the right people
Information must be available to the right people
Collectively, these are known as the CIA-triad.
Sometimes you’ll see accountability as a fourth factor.
There are two different ways of looking at the properties of an information system through the security lens:
- Security features are features whose sole purpose is enforcing some aspect(s) of security
- Secure features are all features, security or otherwise, that are designed and implemented in such a way as not to compromise security
The former is usually referred to as information security, while the latter is known as application security or software security.