This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D
The correct answer is H, but I am confused why the "Confidentiality" is also used here.
Authentication: identifying a party to a web-application
Authorization: what the identified party is allowed to do within a web-application
Data integrity: the means used to prove that information has not been modified by a third party while in transit
Data privacy: the means to ensure that information is made available only to users who are authorized to access it
then the following apply: Authentication, Authorization, Data privacy
Confidentiality is just another word for Data privacy.
Joined: Jan 25, 2006
Thanks Frits, can I understand your meaning as the following example?
Department A can access the Dept A web resource. ---- That is Authorization.
Department B can't access the Dept A web resource. ---- That is Confidential.