Cybersecurity Governance and Security Measures 377
• The capability of a system to allow data access to authorised persons
and processes only relates to the preservation of data condentiality and
integrity. These are ensured by access control procedures (identica-
tion, authentication, and authorisation with respect to certain permis-
sions or access rights) and by encryption mechanisms.
• The capability of a system to allow data modication by authorised
persons and processes only evokes the integrity criterion. It is produced
by access controls, error controls, and coherency checking procedures.
• The capability of a system to prove that actions and transactions have
really taken place provides traceability, proof, administration, ...