Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design for Security Pepper.

Published byCynthia Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "Design for Security Pepper."— Presentation transcript:

1 Design for Security Pepper

2 Types of Security Threats
Confidentiality of the system and data Integrity of system and data Availability of system and data

3 Common Workplace Holes
Easy to guess passwords Not installing protection software

4 Ways to Protect Vulnerability avoidance
Don't connect to internet Password changes (but not so often that people write them down) Encryption Attack detection and neutralization Monitor operation Alert unusual patterns of activity Shut down a a part of the system or deny access to certain users Exposure limitation and recovery Automated backup or mirror Insurance policies

5 Firesmith: 10 types of security requirements
Identification - Whether a system should identify its users (for inquiry and/or change) Authentication - how to identify users Authorization - who can do what Immunity - how to protect against malware Integrity - How data corruption can be avoided Intrusion detection - what mechanisms should be used to detect attacks Non-repudiation requirements - ensure every party in the transaction must admit its involvement Privacy - keep data private if it should not be shared Security auditing - how to audit and check that the system is secure System maintenance - prevent unauthorized changes to production systems

6 Assessment Can decide what to invest based upon
likelihood of problem occurring level of problem a security break would cause. There are mathematical models to help you assess and compare the likelihood and level of problems.

7 Secure System Design Guidelines
Base security decisions on explicit security policy - write it if it does not exist Avoid a single point of failure Fail securely Balance security and usability Log user actions Use redundancy and diversity to reduce risk Validate all inputs (buffer overflow, sql injection …) Compartmentalize your assets Design for deployment Design for recoverability

8 Summary Types of Security Threats - confidentiality, integrity, availability Protection - avoid vulnerability; detect and neutralize attacks, ensure recovery 10 security requirements to consider Weigh risk and level of issue a break would cause

Download ppt "Design for Security Pepper."

Similar presentations

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering 2.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.

Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Engineering Security Requirement

Engineering Security Requirement
Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.

Achieving Qualities 1 Võ Đình Hiếu. Contents Architecture tactics Availability tactics Security tactics Modifiability tactics 2.
© Pearson Education Limited, 20041 Chapter 5 Database Administration and Security Transparencies.

© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.

CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Business Computing 550 Lesson 6. 2 Security Threats on Web Sites Issues and vulnerabilities 1.Illegal Access and Use (Hacking the system or users exposing.

Similar presentations

Ads by Google