In article , Jacob Sparre Andersen writes: > Larry Kilgallen wrote: >> In article , Jacob Sparre Andersen >> writes: > >> > Please distinguish between security (unauthorized access) and >> > denial-of-service. >> >> Since the time of the Orange Book, security has long been divided >> into three segments in discussions: >> >> Confidentiality >> Integrity >> Availability >> >> Denial-of-service issues clearly fall under Availability. >> Unauthorized access is just a tiny part of Confidentiality. > > I stand corrected, apologise to Pascal, and go to the library to have > a look at the �Orange Book� (what's its real title?). Reverse engineering "TCSEC", I believe it is "Trusted Computer Security Evaluation Criteria". But I did not promise those exact words are in the Orange Book, just that the _timing_ of that terminology matched that of the Orange Book :-) While those words were widely used at the time, NSA employees might have felt it inappropriate to use three terms with that acronym. But it was the way the rest of us remembered them.