Design Guidelines for Security Engineering (Resilience)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/9

flashcard set

Earn XP

Description and Tags

Design Guidelines for Security Engineering (Resilience)

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

10 Terms

1
New cards

base decisions on an explicit security policy

define a security policy for the organization that sets out the fundamental security requirements that should apply to all organizational systems

2
New cards

avoid a single point of failure

ensure that a security failure can only result when there is more than one failure in security procedures e.g., have password and question based authentication

3
New cards

fail securely

when systems fail, for whatever reason, ensure that sensitive information cannot be accessed by unauthorised users even though normal security procedures are unavailable

4
New cards

balance security and usability

try to avoid security procedures that make the system difficult to use

5
New cards

log user actions

maintain a log of user actions that can be analysed to discover who did what

6
New cards

use redundancy and diversity to reduce risk

keep multiple copies of data and use diverse infrastructure so that an infrastructure vulnerability cannot be the single point of failure

7
New cards

validate all inputs

check that all inputs are within range so that unexpected inputs cannot cause problems

8
New cards

compartmentalise assets

organise the system so assets are in separate areas and users only have access to information that they need

9
New cards

design for deployment

design the system to avoid deployment problems

10
New cards

design for recoverability

design the system to simplify recoverability after a successful attack