The University of SydneyPage 25Data Security Requirements–Software Controls–Encryption: action of transforming data into something an attacker cannot understand–Authentication: action of verifying the claimed identity of an entity (e.g., client, server, host, user, etc.)–Authorization: action of verifying whether the entity has the rights to perform the action it requests–Auditing: action of monitoring which entity access what and how