Which information security objective allows trusted entities to endorse information? You can have more awareness of this topic. If you want to understand more information, read this study.
Which Information Security Objective Allows Trusted Entities To Endorse Information?
Objective: Explain the role of trusted entities in information security.
Information systems must be from illegal access and use. In addition, the information that systems store and process must be protected.
Also, it is from unauthorized disclosure or modification. This protection is through several mechanisms.
One of the most important is the identification and authentication of users and processes. Also, it is to ensure that they are properly to access and use information and resources.
Another is the integrity mechanism to protect data from unauthorized modification or destruction.
Controlling Access
Trusted entities play an important role in ensuring that only authenticated users are to access information. Authentication means that the user has evidence to prove his identity; this process is called identification.
Once a user has been authenticated, he must be to perform certain actions. For example, a user must be to read, write, or delete data.
An important aspect of this is privilege management. Also, privileges are the rights and permissions that control the actions that a user can perform on a system.
Perform Privilege and Supervisory Actions
Two of the most important types of privilege are the right to perform privileged actions and the right to perform supervisory actions. Also, actions are those that can affect the security of a system or its users.
Supervisory actions are those that have the potential to affect a broad range of system users. For example, an alteration to a user’s account is a privileged action, while adding a user is a supervisory action.
A trusted entity can be a person or program that performs identification, authentication, and authorization functions. There are many types of trusted entities.
An example is a security guard who performs identification and authentication functions for employees as they access physical locations within an organization.
Another is a cryptographic module that performs these functions for information. Also, it is used to protect communications between users and the organization’s systems.
Another type of trusted entity is a secure server. It can perform identification, authentication, and authorization for remote users who access the organization’s systems over a network.
Also, this server can perform other functions such as message-level encryption and data-level encryption. There must be trust between the users on the network and the security server.
The security services can be on-site or off-site. A combination of on-site and off-site servers can provide effective security.
An example of an on-site security server uses hardware tokens to store user authentication information.
Conclusion
Authentication and authorization are important functions that are by trusted entities. Also, they ensure that users can access information and resources only if they have been properly identified and authorized.
The user must have trust in the information that he receives from a trusted entity to use it effectively. If a user does not trust a trusted entity, he can use a secure server to authenticate a remote user before allowing the user access to the organization’s systems.

