Siebel Security Guide > About Security for Siebel Business Applications >

General Security Concepts

When assessing the security requirements of an organization and evaluating security products and policies, the manager responsible for security must systematically define the requirements for security and characterize the approaches to satisfying those requirements.

To create an effective security plan, a manager must consider the following:

• What types of actions or security attacks can compromise the security of information owned by an organization?
• What mechanisms are available to detect, prevent, or recover from a security breach?
• What services are available to enhance the security of data processing systems and information transfers within an organization?

Classifications of security services include:

• Confidentiality. Confidentiality makes sure that stored and transmitted information is accessible only for reading by the appropriate parties.
• Authentication. Authentication makes sure that the origin of a message or electronic document is correctly identified, with an assurance that the identity is correct.
• Integrity. Integrity makes sure that only authorized parties are able to modify computer system assets and transmitted information.
• Nonrepudiation. Nonrepudiation requires that neither the sender or receiver of a message be able to deny the transmission.
• Access control. Access control requires that access to information resources can be controlled by the target system.

This guide describes security services available on the Siebel network. These services are intended to counter security attacks and use one or more security mechanisms to provide the service.