Please enable JavaScript.
Coggle requires JavaScript to display documents.
Secure Software Engineering, Standards of security: - Coggle Diagram
-
Standards of security:
CIA
Availability:
- Making sure the info is available to authorised users wherever they need it.
Integrity:
- Implementing controls to ensure that info cannot be modified without proper authorization.
- To not let anyone tamper the stored info.
Confidentiality:
- Assuring that info is protected from being access by unauthorised users.
Golden Standards
Authentication:
- High assurance determination of the identity of a
principal.
- Establishing the validity of the principal’s credentials
- It may be the password, smartcard, biometric data, Digital signature(crypto).
Auditing:
- Maintaining a reliable record of actions by principals of
inspection.
- Keep a secure log that accurately records what principals do, including failed attempt while performing some actions
- Log of who did, what and when subject to regular review of
irregularities.
- If you discover that an important file is gone, the log should ideally provide details who deleted it and when, providing a starting point for further investigation.
Authorization :
- Reliably only allowing an action by an authenticated
principal.
- Data access for authenticated principals is subject to authorization decision.
- Either allowing or denying their actions according to prescribed rules.
- Ex: RBAC, ABAC/PBAC
A principal is any authenticated entity. A person, application,
device
Non Repudiation:
- Ensure that parties do interactions with the application or component cannot later repudiate (deny participation in) those interactions
-