CMP ChannelWeb have an on-line encyclopaedia of IT terms. This is a useful addition to my toolbar for composition, along with a more conventional dictionary.
The definition of ‘information security‘ seems limited to access control, which is very disappointing. The definition for ‘computer security‘ is more comprehensive. Never the less, to a security professional both these definitions are lacking.
What screams out to me, and this is very obviously my bias, is the lack of any mention of INTEGRITY in these definitions. As I keep pointing out, if you don’t have integrity, any other efforts at security, be it information security, or “Gates, Guards, Guns and Dogs” physical security, be it backup and disaster recovery, be it access control, be it 1024-bit SSL, are all going to be pointless.
Its not until we follow a few links at the Encyclopaedia do we come to a mention of Donn Parker‘s six fundamental and orthogonal attributes of security is there mention of ‘integrity’. Even so, that definition has only a like to ‘data integrity‘. There is a separate definition for ‘message integrity‘. While these specific items are important, they are details. What is lacking is a general definition of “Integrity”. Once again, Fred Cohen’s seminal 1997 article on the importance of Integrity comes to mind.
No, a much better reference is Rob Slade’s “Dictionary of Information Security“, which, of necessity, encompasses many IT terms.
