xviii ◾ Introduction
Defining Security
e first problem is the definition of information security (Infosec). It is generally
described as the process of ensuring the confidentiality, integrity, and availability of
information resources. Some efforts include adding accountability and nonrepudia-
tion as well. is shopworn definition, however, speaks to the practice of security,
not to what it is. It speaks to processes, not objectives, and not to standards of mea-
surement. It provides little guidance as to scope or range of responsibilities. Although
availability can be measured in ways not necessarily relevant to security, there is no
defined measure of confidentiality or integrity. It can be argued that a measure of
percentage uptime or downtime ...