Possession/control is a data security attribute which looks at whether data is within the possession and control of the data owner and authenticated users without breaching confidentiality.
There is a need to keep possession/control distinct from confidentiality due to the fact that it is possible for an unauthorised user to have possession of confidential data without actually breaching its confidentiality. To keep from violating possession/control, only authorised users are therefore permitted to be in possession of the data.
See Also
Possession/control is part of the Parkerian Hexad model of security attributes.
Last updated: 8 October 2017