security can be thought of as having three aspects:
• Access: The product’s data and functionality are accessible to authorized users and can be produced in a timely manner. Other access requirements focus on denying access to unauthorized people.
• Privacy: Data stored by the product is protected from unauthorized or accidental disclosure.
• Integrity: The product’s data is the same as the source, or authority, of the data, and is protected from corruption.
We have added a fourth security aspect:
• Audit: what the product has to do to allow complete verification of its operations and data.