Chapter 5 focuses its intent on getting you thinking about various information security topics and how they apply to enterprise applications. In this chapter, we discuss some of the basic concepts and principles associated with information security including confidentiality, integrity, and availability. Authentication, authorization, audit, and administration of access control are also discussed in detail. These four topics tie together to form the access control mechanisms used by most enterprise applications today. Finally, we talk about defense in depth and applying the appropriate level of security controls at each layer of the enterprise application. The best approach is to always secure an enterprise application ...