CMP ChannelWeb have an on-line encyclopedia of IT terms. THis is a useful addition to my toolbar for composition, along with a more conventional dictionary.
The definition of ‘information security‘ seems limited to access control, which is very disapointing. The definition for ‘computer security‘ is more comprehensive. Never the less, to a security professional both these definiotns are lacking.
What screams out to me, and this is very obviously my bias, is the lack of any mention of INTEGRITY in these defintions. As I keep pointing out, if you don’t have integrity, any other efforts at security, be it information security, or “Gates, Guards, Guns and Dogs” physical security, be it backup and disaster recovery, be it access control, be it 1024-bit SSL, are all going to be pointless.
Its not until we follow a few links at the Enclyclopedia do we come to a mention of Donn Parker’s six fundamental and orthogonal attributes of security is ther mention of ‘integrity’. Even so, that defintion has only a like to ‘data integrity‘. There is a separate defintion for ‘message integrity‘. While these specific items are important, they are details. What is alcking is a general definition of “Integrity”. Once again, Fred Cohen’s seminal 1997 article on the importance of Integrity comes to mind.
No, a much better reference is Rob Slade’s “Dictionary of Information Security“, which, of necessity, emcompasses many IT terms.