Implement and Manage Engineering Processes Using Secure Design Principles

In this section of this tutorial, we’ll take a look at engineering processes using secure design principles to help you understand the different aspects of engineering design principles.

Key terms

Objects : Resources, which may be in the form of data, services or processes access by the subject are known as Object.

Subject : The subject is any user or process, which generates the request to access a resource.

In different access requests, the same resource can serve as Object and Subject.

CIA: stands for Confidentiality, Integrity and availability. Different techniques are enforced to ensure the confidentiality, integrity, and availability of data. Some of these technique follows:

  • Process Isolation
  • Software Confinement
  • Bounds with limitations and restrictions
  • Least Privileges Policy

Controls: The major component of designing a secure architecture. Access controls, is restrict unauthorized access, intrusion, and malicious activities. There are two different types of access controls:

  • Mandatory Access Control (MAC)
  • Discretionary Access Control (DAC)
[rev_slider alias=”Advertisement-1″ /]

Trust & Assurance: One of the important principles of secure design. A trusted system covers all layers of protection. Assurance is basically the level of trust, confidence in the reliability of security mechanisms.

A trusted system is a system can be defined as a system that has been proven to meet well-defined security requirements & considerations under evaluation by a credible body of information security experts.

Following are some of the most widely used assurance methods:

Decommissioning: It means that whenever the organization decides to decommission a system or a service for any reason, this service or system must be terminated without damaging other services, data, or systems. There are some steps in the process of decommissioning:

  1. Migration Plan
  2. Perform Migration
  3. Decommissioning Plan
  4. Perform Decommissioning
  5. Post Decommissioning Review