1/9
Design Guidelines for Security Engineering (Resilience)
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
base decisions on an explicit security policy
define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems
avoid a single point of failure
ensure that a security failure can only result when there is more than one failure in security procedures e.g., have password and question based authentication
fail securely
when systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorised users even though normal security procedures are unavailable
balance security and usability
try to avoid security procedures that make the system difficult to use
log user actions
maintain a log of user actions that can be analysed to discover who did what
use redundancy and diversity to reduce risk
keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure
validate all inputs
check that all inputs are within range so that unexpected inputs cannot cause problems
compartmentalise assets
organise the system so assets are in separate areas and users only have access to information that they need
design for deployment
design the system to avoid deployment problems
design for recoverability
design the system to simplify recoverability after a successful attack