Implement and Manage Engineering Processes Using Secure Design Principles

In this section of this tutorial, we’ll take a look at engineering processes using secure design principles to help you understand the different aspects of engineering design principles.

Key terms

Objects : Resources, which may be in the form of data, services or processes access by the subject are known as Object.

Subject : The subject is any user or process, which generates the request to access a resource.

In different access requests, the same resource can serve as Object and Subject.

CIA: stands for Confidentiality, Integrity and availability. Different techniques are enforced to ensure the confidentiality, integrity, and availability of data. Some of these technique follows:

Process Isolation
Software Confinement
Bounds with limitations and restrictions
Least Privileges Policy

Controls: The major component of designing a secure architecture. Access controls, is restrict unauthorized access, intrusion, and malicious activities. There are two different types of access controls:

Mandatory Access Control (MAC)
Discretionary Access Control (DAC)

[rev_slider alias=”Advertisement-1″ /]

Trust & Assurance: One of the important principles of secure design. A trusted system covers all layers of protection. Assurance is basically the level of trust, confidence in the reliability of security mechanisms.

A trusted system is a system can be defined as a system that has been proven to meet well-defined security requirements & considerations under evaluation by a credible body of information security experts.

Following are some of the most widely used assurance methods:

ISO/IEC 21827
Developer’s pedigree
Warranty
Supplier’s declaration
Professional certification and licensing
ISO/IEC 14598-1 Information technology
ISO/IEC 27001

Decommissioning: It means that whenever the organization decides to decommission a system or a service for any reason, this service or system must be terminated without damaging other services, data, or systems. There are some steps in the process of decommissioning:

Migration Plan
Perform Migration
Decommissioning Plan
Perform Decommissioning
Post Decommissioning Review