The hardware, software, and data residing in and between information systems must be protected from security threats that exploit vulnerabilities. Organizations must therefore enforce adequate controls to monitor, deter and prevent security breaches. Three areas have been considered, in a typical sense, as key security requirements critical to data protection: confidentiality is used to ensure privacy; integrity principles ensure that systems are modified in accordance with authorized practices; and availability is enforced to maintain adequate system functions to support service delivery (Dhillon, 2007, p. 19). These security requirements are depicted in Figure 1, Classic Critical Security Requirements. This figure illustrates cross-domain solutions of informal controls, also known as human relations, and formal and technical controls, which provide organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance for network environments because attacks now extend well beyond traditional firewall perimeters. This is authentication, used to ensure that a message actually comes from the source it claims to have originated; and non-repudiation, which can be applied to prevent an entity from denying the performance of a particular data processing action, thus ensuring the validity of the content and origin. Figure 2, Core Data Security Set, illustrates the interrelationship of the five core information security requirements. The rest of this paper will focus on non-repudiation, which can also be explained as a security protocol that allows an individual or organization to prove, for example, , t...... middle of paper... ...attempted. The backend receives the transaction request, validates the signature information, and once successfully validated, the transaction can continue. In closing, you need to understand that there are some variables that need to be considered when applying an OTP Challenge Response token and digital signature as non-repudiation methods. These include costs, technical support, speed, latency time and others. A comparison of these important variables is provided in Figure 9.Works CitedDhillon, G. (2007). Principles of information security systems. John Wiley & Sons, Inc. DHS. (2008). USA CERTIFIED. Retrieved September 14, 2011, from United States Certification: http://www.us-cert.gov/control_systems/pdf/SCADA_Procurement_DHS_Final_to_Issue_08-19-08.pdfProfessional Development Center. (2010). Retrieved September 7 from http://pdc-riphah.edu.pk/site/?page_id=69