Welcome » IT Booklets » Information Security » Introduction » Security Objectives
Information security enables a financial institution to meet its business objectives by implementing business systems with due consideration of information technology (IT)-related risks to the organization, business and trading partners, technology service providers, and customers. Organizations meet this goal by striving to accomplish the following objectives.Underlying Models for IT Security, NIST, SP800-33, p. 2.
Integrity and accountability combine to produce what is known as non-repudiation. Non-repudiation occurs when the financial institution demonstrates that the originators who initiated the transaction are who they say they are, the recipient is the intended counter party, and no changes occurred in transit or storage. Non-repudiation can reduce fraud and promote the legal enforceability of electronic agreements and transactions. While non-repudiation is a goal and is conceptually clear, the manner in which non-repudiation can be achieved for electronic systems in a practical, legal sense may have to wait for further judicial clarification.The federal E-Sign Act, 15 USC 7001, et seq., does not resolve this issue.