Browse Definitions :
Definition

open security

Open security is an approach to safeguarding software, hardware and other information system components with methods whose design and details are publicly available.

Open security is based on the idea that systems should be inherently secure by design. That concept derives from Kerckhoff’s principle, which maintains that a Cryptographic system should be secure enough that, even if all its details but the key are available to the general public, the system will still be safe. The mathematician Claude Shannon further refined Kerckhoff’s principle. According to Shannon’s maxim, "one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them."

An open cryptographic system includes algorithmic transparency. In such a system, the strength of a cryptographic implementation must be based on secrecy of the key. Keys are a fundamental element of cryptography, generated to encrypt and decrypt sensitive information.

One of the major challenges of cryptography is ensuring the secrecy of the keys, while ensuring that the authorized parties can access them at the appropriate time. Different levels of security may be sought, depending on the sensitivity of the message. A system is said to be computationally secure if it is theoretically breakable through a brute force attack but the time and expense required makes it not worth the effort. A system is said to be unconditionally or perfectly security exists when an attacker with unlimited resources still could not break it.

This was last updated in August 2015

Continue Reading About open security

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • secondary storage

    Secondary storage is persistent storage for noncritical data that doesn't need to be accessed as frequently as data in primary ...

  • optical storage

    Optical storage is any storage type in which data is written and read with a laser.

  • JBOD (just a bunch of disks)

    JBOD, which stands for 'just a bunch of disks,' is a type of multilevel configuration for disks.

Close