Implement and Manage Engineering Processes Using Secure Design Principles
In this section of this tutorial, we’ll take a look at engineering processes using secure design principles to help you understand the different aspects of engineering design principles.
Key terms
Objects : Resources, which may be in the form of data, services or processes access by the subject are known as Object.
Subject : The subject is any user or process, which generates the request to access a resource.
In different access requests, the same resource can serve as Object and Subject.
CIA: stands for Confidentiality, Integrity and availability. Different techniques are enforced to ensure the confidentiality, integrity, and availability of data. Some of these technique follows:
- Process Isolation
- Software Confinement
- Bounds with limitations and restrictions
- Least Privileges Policy
Controls: The major component of designing a secure architecture. Access controls, is restrict unauthorized access, intrusion, and malicious activities. There are two different types of access controls:
- Mandatory Access Control (MAC)
- Discretionary Access Control (DAC)
Trust & Assurance: One of the important principles of secure design. A trusted system covers all layers of protection. Assurance is basically the level of trust, confidence in the reliability of security mechanisms.
A trusted system is a system can be defined as a system that has been proven to meet well-defined security requirements & considerations under evaluation by a credible body of information security experts.
Following are some of the most widely used assurance methods:
- ISO/IEC 21827
- Developer’s pedigree
- Warranty
- Supplier’s declaration
- Professional certification and licensing
- ISO/IEC 14598-1 Information technology
- ISO/IEC 27001
Decommissioning: It means that whenever the organization decides to decommission a system or a service for any reason, this service or system must be terminated without damaging other services, data, or systems. There are some steps in the process of decommissioning:
- Migration Plan
- Perform Migration
- Decommissioning Plan
- Perform Decommissioning
- Post Decommissioning Review