Information Security Guide
(Intro to information security)
Revision as of 11:59, 14 June 2012
Confidence in the meaning, disposition, and provenance of information is at the heart of the scientific enterprise. This enterprise is central to UAB's mission and the Research Computing System is designed to facilitate that enterprise. As such, development of the Research Computing System is focused on promoting and supporting processes that ensure confidence in the experiments conducted and results obtained using this platform.
To facilitate dialog about the Research Computing System and its development across a wide variety of groups and interests, this document will favor definitions and standards for information security being developed by NIST. According to NIST, information security is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. This term is defined in ([wikipedia:FIPS-199|FIPS-199]), the primary standards document that all participants in this dialog should be familiar with. FIPS-199 identifies information types and information systems as the two primary classes used to document information security requirements. Additionally, it defines three areas of information security "confidentiality, integrity, and availability" that are used to guide the implementation of appropriate process. FIPS-199 is a short document, and the heart of the matter is covered in the first 6 pages. The remaining content is an appendix defining the referenced terms.