2. What is Security?
• “The quality or state of being secure—to be
free from danger”
• A successful organization should have multiple
layers of security in place:
– Physical security
– Personal security
– Operations security
– Communications security
– Network security
– Information security
3. What is Information Security?
• The protection of information and its critical
elements, including systems and hardware that
use, store, and transmit that information
• Necessary tools: policy, awareness, training,
education, technology
• C.I.A. triangle was standard based on
confidentiality, integrity, and availability
• C.I.A. triangle now expanded into list of critical
characteristics of information
4.
5. Critical Characteristics of
Information
• The value of information comes from the
characteristics it possesses:
– Confidentiality
– Integrity
– Availability
– Authorization.
– Authentication
– Identification
– Accountability
6. CONFIDENTIALITY(Secrecy/Privacy)
• When we talk about confidentiality of information, we are talking about
protecting the information from disclosure to unauthorized parties.
• Information has value, especially in today’s world. Bank account
statements, personal information, credit card numbers, trade secrets,
government documents. Every one has information they wish to keep a
secret. Protecting such information is a very major part of information
security.
• A very key component of protecting information confidentiality would be
encryption. Encryption ensures that only the right people (people who
knows the key) can read the information. Encryption is VERY
widespread in today’s environment and can be found in almost every
major protocol in use. A very prominent example will be
SSL/TLS(secure Socket Layer/Transport Layer Security), a security
protocol for communications over the internet that has been used in
conjunction with a large number of internet protocols to ensure security.
7. Integrity (Truthfulness)
• Integrity means that data cannot be modified without authorization.
• Integrity is the quality or state of being whole, complete, and
uncorrupted.
• The integrity of information is threatened when it is exposed to
corruption, damage, destruction, or other disruption of its authentic
state. Corruption can occur while information is being compiled, stored,
or transmitted.
• Eg: Integrity is violated when an employee deletes important data files,
when a computer virus infects a computer, when an employee is able to
modify his own salary in a payroll database, when an unauthorized user
vandalizes a website, when someone is able to cast a very large
number of votes in an online poll, and so on.
8. Availability(Accessible)
• Availability is the characteristic of information that enables user
access to information without interference or obstruction and in
a required format.
• A user in this definition may be either a person or another
computer system. Availability does not imply that the information is
accessible to any user; rather, it means availability to authorized
users.
• For any information system to serve its purpose, the information must
be available when it is needed.
• Eg: High availability systems aim to remain available at all times,
preventing service disruptions due to power outages, hardware
failures, and system upgrades.
9. Authorization(Approval)
• Authorization to access information and other computing services
begins with administrative policies and procedures. The policies
prescribe what information and computing services can be accessed,
by whom, and under what conditions, what actions they will be
allowed to perform (run, view, create, delete, or change). The
access control mechanisms are then configured to enforce these
policies. This is called authorization.
• To be effective, policies and other security controls must be
enforceable and upheld. Effective policies ensure that people are
held accountable for their actions. All failed and successful
authentication attempts must be logged, and all access to information
must leave some type of audit trail.
10. Authentication(Verification/Validation)
• Authentication is the process of determining whether someone or
something is, in fact, who or what it is declared to be.
• Logically, authentication precedes authorization (although they may
often seem to be combined). The two terms are often used
synonymously but they are two different processes.
• Authentication is a process in which the credentials provided are
compared to those on file in a database of authorized users’
information on a local operating system or within an authentication
server.
• If the credentials match, the process is completed and the user is
granted authorization for access.
11. Identification(Recognition)
• Identification: It is how you identify someone, i.e., how you
would call that person or company.
• Could be the name, the account number in a bank, the
username in some specific system.
• Ex: One -Time Password
12. Accountability(Answerability)
• The characteristic of accountability exists
when a control provides assurance that
every activity undertaken can be attributed
to a named person or automated process.
• For example, audit logs that track user
activity on an information system provide
accountability.
13. Figure 1-4 – NSTISSC Security
Model
NSTISSC Security Model
14. • The National Security Telecommunications and
Information Systems Security Committee (NSTISSC) .
• It was established by President Bush under National Security
Directive 42 (NSD 42) entitled, "National Policy for the
Security of National Security Telecommunications and
Information Systems," dated 5 July 1990.
• The NSTISSC provides a forum for the discussion of policy
issues, sets national policy, and propagate direction,
operational procedures, and guidance for the security of
national security systems through the NSTISSC Issuance
System.
15. • The NSTISSC Security Model provides a more detailed perspective
on security.
• While the NSTISSC model covers the three dimensions of
information security, it omits discussion of detailed guidelines and
policies that direct the implementation of controls.
• The 3 dimensions of each axis become a 3x3x3 cube with 27 cells
representing areas that must be addressed to secure today’s
Information systems.
• To ensure system security, each of the 27 cells must be properly
addressed during the security process.
• For ex,the intersection between technology, Integrity & storage areas
requires a control or safeguard that addresses the need to use
technology to protect the Integrity of information while in storage.
16. • Assume that a security model is needed for protection of information in
your organization.
• Using the NSTISSC model, examine each of the cells and write a brief
statement on how you would address the three components
represented in that cell.
17. National security systems contain
classified information :
a. involves intelligence activities;
b. involves cryptographic activities related to national
security;
c. involves command and control of military forces;
d. involves equipment that is an integral part of a weapon
or weapons system(s); or
e. is critical to the direct fulfillment of military or intelligence
missions (not including routine administrative and
business applications).
18. Example of security policies
• Physical computer security policies such as physical access controls.
• Network security policies (for example, e-mail and Internet policies).
• Data security policies (access control and integrity controls, Anti-virus
software, Firewalls are software- or hardware-based devices that can be
deployed between networks to protect an organization from external or
internal network attacks.).
• Implement networking services such as DNS server to easily find and
access network services, and DHCP server for automatic, centralized IP
address management
• Computer security awareness and training.
• Monitoring and Logging Policy
• Encrypted Authentication Policy
• Antivirus Policy
• Encryption guidelines
19. Emerging security technologies
• Hardware authentication- Good authentication requires three things
from users: what they know, such as a password; who they are, such
as a username; and what they have, such as a token.
• User-behavior analytics- "Users can be identified and automatically
signed up for the training appropriate for the policies they were
violating.“
• Data loss prevention- A key to data loss prevention is technologies
such as encryption and tokenization.
• Protocol verification
20. Security Education
• Bachelor of Science in Cyber Security - Computer Systems
Security
• Bachelor of Science in Cyber Security - Information
Assurance
• Master of Science in Cyber security Policy
• Master of Science in Homeland Security – Cyber security
Policy
• Awareness Activities
– Awareness for CBSE/NCERT & State level educational Institutes:
– Cyber Security Awareness Programs
– Development of Multilingual Websites:
– Awareness Campaigns through Print and Electronic Media:
21. Components of an Information System
Information System (IS) is entire set of software,
hardware, data, people, procedures, and networks
necessary to use information as a resource in the
organization
22. SOFTWARE
• The software components of IS comprises
applications, operating systems, and
assorted command utilities.
• Software programs are the vessels that carry the
lifeblood of information through an
organization. These are often created under the
demanding constraints of project management,
which limit time, cost, and manpower.
23. Hardware
• Hardware is the physical technology that houses and executes the
software, stores and carries the data, and provides interfaces for the
entry and removal of information from the system.
• Physical security policies deal with hardware as a physical asset and with the
protection of these physical assets from harm or theft. Applying the traditional
tools of physical security, such as locks and keys, restricts access to and
interaction with the hardware components of an information system.
• Securing the physical location of computers and the computers
themselves is important because a breach of physical security can result in a
loss of information. Unfortunately, most information systems are built on
hardware platforms that cannot guarantee any level of information security if
unrestricted access to the hardware is possible.
24. Example of Physical security policies:
• Intruder Alarm Systems including area surveillance
sensors, volumetric sensors, high security perimeter
protection, infra-red devices, etc.
• Access Control Systems including card systems,
biometrics, turnstiles, trap doors, etc
• Closed Circuit Television (CCTV) Systems including
video surveillance, cameras, 360-degree surveillance
domes, switching matrixes, IP video, digital recording,
image analysis, privacy zone protection, etc.
25. Examples
Wide Area Surveillance
A Wide Area Surveillance Sensor
provides continuous views of expansive
areas.
high security perimeter
protection
26. Data
• Data stored, processed, and transmitted through a
computer system must be protected.
• Data is often the most valuable asset possessed by an
organization and is the main target of intentional attacks.
• The raw, unorganized, discrete(separate, isolated)
potentially-useful facts and figures that are later
processed(manipulated) to produce information.
27. People
• There are many roles for people in information systems.
Common ones include
– Systems Analyst
– Programmer
– Technician
– Engineer
– Network Manager
– MIS ( Manager of Information Systems )
– Data entry operator
28. Procedures
• A procedure is a series of documented
actions taken to achieve something.
• A procedure is more than a single simple
task. A procedure can be quite complex
and involved, such as performing a
backup, shutting down a system, patching
software.
29. Networks
• When information systems are connected to each other
to form Local Area Network (LANs), and these LANs are
connected to other networks such as the Internet, new
security challenges rapidly emerge.
• Steps to provide network security are essential, as is the
implementation of alarm and intrusion systems to make
system owners aware of ongoing compromises.
30. SECURING COMPONENTS
• Modern computer systems, linked by national and
global networks, face a variety of threats and
attacks that can result in significant financial and
information losses.
• These threats vary considerably, from threats to
data integrity resulting from accidental,
unintentional errors and omissions to threats from
malicious hackers attempting to crash a system.
31. Securing Components
• Computer can be subject of an attack and/or
the object of an attack
• Subject of an attack- When the subject of an
attack, computer is used as an active tool to
conduct attack.
• Object of an attack-When the object of an attack,
computer is the entity being attacked
33. ATTACK
• An attack is an intentional threat and is an action
performed by an entity with the intention to violate security.
Examples of attacks are destruction, modification,
fabrication, interruption or interception of data. An attack
is a violation of data integrity and often results in
disclosure of information, a violation of the
confidentiality of the information, or in modification of
the data.
• An attacker can gain access to sensitive information by
attacking in several steps, where each step involves an
illegal access to the system. An intentional threat can be
caused by an insider or outsider, can be a spy, hacker,
corporate raider, or a disgruntled employee.
34. TYPES OF ATTACK
• Any attack on the security of a system can be a
– direct attack
– indirect attack.
• A direct attack aims directly at the desired part
of the data or resources. Several components in
a system may be attacked before the intended
(final) information can be accessed.
35. TYPES OF ATTACK
• In an indirect attack, information is
received from or about the desired
data/resource without directly attacking
that resource. Indirect attacks are often
troublesome in database systems where it
is possible to derive confidential
information by posing indirect questions to
the database. Such an indirect attack is
often called inference.
36. TYPES OF ATTACK
• Passive attacks are made by monitoring a system performing its
tasks and collecting information. In general, it is very hard to detect
passive attacks since they do not interact or disturb normal system
functions. Monitoring network traffic, CPU and disk usage, etc are
examples of passive attacks.
• Encryption of network traffic can only partly solve the problem since
even the presence of traffic on a network may reveal some
information. Traffic analysis such as measuring the length, time and
frequency of transmissions can be very valuable to detect unusual
activities.
37. TYPES OF ATTACK
Active Attack
• An active attack changes the system behavior in some way. Examples
of an active attack can be to insert new data, to modify, duplicate or
delete existing data in a database, to deliberately abuse system
software causing it to fail and to steal magnetic tapes, etc.
• A simple operation such as the modification of a negative
acknowledgment (NACK) from a database server into a positive
acknowledgment (ACK) could result in great confusion and/or damage.
Active attacks are easier to detect if proper precautions are taken.
38. Securing Components
Two types of attacks
• Direct attack (object of an attack )
– When a Hacker uses his personal computer to break into a
system.[Originate from the threat itself]
• Indirect attack (Subject of an attack )
– When a system is compromised and used to attack other system.
[Originate from a system or resource that itself has been attacked,
and is malfunctioning or working under the control of a threat].
• A computer can, therefore, be both the subject and object of an attack
when ,for example, it is first the object of an attack and then
compromised and used to attack other systems, at which point it
becomes the subject of an attack.
40. Few Techniques Or Tools That Will Help In
Implementing These Security Mechanisms.
• Physical Access Security-protect network equipment such
as servers, switches, and routers is to keep them in a
locked, climate controlled, and fire protected environment
• Login / Password Security
• Anti-Virus Software
• Remote Access Security(a location not directly attached to
the network. )
• Internet Firewalls
• Encryption
• Data Backups
• Disaster Recovery Plan
• Audits
42. The Systems Development Life Cycle
• Systems development life cycle (SDLC) is methodology and
design for implementation of information security within an
organization.
• Methodology is formal approach to problem-solving based
on structured sequence of procedures.
• A methodology is, in simple terms, a set of steps,
guidelines, activities and/or principles to follow in a
particular situation.
• Goal is creating a comprehensive security
posture/program.
• Traditional SDLC consists of six general phases.
43.
44. Investigation
• What problem is the system being developed to
solve?
• Objectives, constraints and scope of project
are specified
• Preliminary cost-benefit analysis is developed
• At the end, feasibility analysis is performed to
assesses economic, technical, and behavioral
feasibilities of the process.
45. Investigation(Cont..)
Feasibility study
• To analyze whether the software will meet organizational
requirements.
• To determine whether the software can be implemented using the
current technology and within the specified budget and schedule.
• To determine whether the software can be integrated with other
existing software.
– Feasibility defines in the three views for making particular
software for the client.
– a) Technical b) financial c) social feasibility.
46. Analysis
• Consists of assessments of the organization,
status of current systems, and capability to
support proposed systems.
• Analysts determine what new system is
expected to do and how it will interact with
existing systems.
• Ends with documentation of findings(Software
Requirement Specification) and update of
feasibility analysis.
47. What is SRS?
• SRS is a complete reading base documentation focus on
the particular desired software to the specific client or
customer. After collecting the necessary data from SDLC
we have to summarize the useful and appropriate data for
making desired software.
• SRS has some objectives which is help to the software
developer as well as the customer for making a
successfully software.
• Characteristics of SRS-
1) complete - focuses on summarized from for a particular software
specification.
2) traceable
3) appropriate for the developer
4) modifiable
5) simple language
6) software requirement view .
48. Logical Design
• Main factor is business need; applications
capable of providing needed services are
selected
• Data support and structures capable of providing
the needed inputs are identified
• Technologies to implement physical solution are
determined
• Feasibility analysis performed at the end
49. Physical Design
• Technologies to support the alternatives identified
and evaluated in the logical design are selected
• Components evaluated on make-or-buy decision
• Feasibility analysis performed; entire solution
presented to end-user representatives for
approval.
• Ends with DDS - Design Document
Specification
50. Implementation
• Needed software created; components ordered,
received, assembled, and tested
• Users trained and documentation created
• Feasibility analysis prepared; users presented
with system for performance review and
acceptance test
51. Maintenance and Change
• Consists of tasks necessary to support and
modify system for remainder of its useful life
• Life cycle continues until the process begins
again from the investigation phase
• When current system can no longer support the
organization’s mission, a new project is
implemented
52. NEED OF SECURESDLC
In the past software product stakeholders did not view software security
has high priority. It was believed that a secure network infrastructure
would provide the level of protection needed against malicious attacks.
In recent history network security alone has proved inadequate against
such attacks.
Users have been successful in penetrating valid channels of
authentication through techniques such as cross site scripting, Structured
Query Language (SQL) Injection, and Buffer Overflow exploitation.
In such cases system assets were compromised and both data and
organizational integrity were damaged.
The Gartner Group reports that more than 70 percent of current business
security vulnerabilities are found within software applications rather than
the network boundaries .
A focus of application security emerged in order to reduce the risk of
poor software development, integration, and deployment. Through this
need software assurance quickly became an Information Assurance (IA)
focus area in the financial, government, and manufacturing sectors to
reduce the risk of unsecure code.
53. Secure SDLC
• Goal
–More security for riskier applications
–Ensures that you work the most critical issues first
–Scales to hundreds or thousands of applications
–Identification of specific threats and creating
controls to counter them.
• Tools and Methodology
–Security profiling tools can gather facts
• Size, complexity, security mechanisms, dangerous calls
–Questionnaire to gather risk information
• Asset value, available functions, users, environment, threats
–Risk-based approach
• Evaluates likelihood and consequences of successful attack
54. Phases of Secure SDLC
Requirements
and use cases
Design Test plans
Code
Test
results
Field
feedback
Security
requirements
Risk
analysis
Risk-based
security tests
Static
analysis
(tools)
Penetration
testing
Design
Review
Iterative approach
Code
Review
Risk = Threat x Vulnerability x Cost
What do we need to test,
And how Code review tools
56. ANALYSIS PHASE
CREATE APPLICATION SECURITY PROJECT
PLAN
Define the plan to ensure security at the end
Ideally done at start of project
Can also be started before or after development is complete
Based on the risk category
Identify Risk activities at each phase
Necessary people and expertise required
Who has responsibility for risks
Ensure time and budget for security activities
Establish framework for establishing the “line of sight”
57. REQUIREMENTS PHASE
• Get the security requirements and policy right
• Start with a generic set of security requirements
–Must include all security mechanisms
–Must address all common vulnerabilities( quality of being easily hurt or
attacked)
–Can be use (or misuse) cases
–Should address all driving requirements (regulation,
standards, best practices, etc.)
• Tailoring examples…
–Specify how authentication will work
–Detail the access control matrix (roles, assets, functions,
permissions)
–Define the input validation rules
–Choose an error handling and logging approach
58. DESIGN REVIEWS
Better to find flaws early
Security design reviews
Check to ensure design meets requirements
Also check to make sure they didn’t miss a
requirement
Assemble a team
Experts in the technology
Security-minded team members
Do a high-level penetration test against the design(A
penetration test can help determine whether a system is
vulnerable to attack, if the defenses were sufficient, and
which defenses (if any) the test defeated.)
Be sure to do root cause analysis on any flaws
identified
59. PENETRATION TEST
• Pen tests can be automated with software applications or
they can be performed manually. Either way, the process
includes gathering information about the target before the
test (reconnaissance), identifying possible entry points,
attempting to break in (either virtually or for real) and
reporting back the findings.
• The main objective of penetration testing is to determine
security weaknesses. A pen test can also be used to test
an organization's security policy compliance, its
employees' security awareness and the organization's
ability to identify and respond to security incidents.
• Penetration tests are sometimes called white hat attacks
because in a pen test, the good guys are attempting to
break in.
60. DEVELOPMENT
Develop the coding for application and Find the
flaws in the code early
Many different techniques
Static (against source or compiled code)
Security focused static analysis tools
Peer review process
Formal security code review
Dynamic (against running code)
Scanning
Penetration testing
Goal
Ensure completeness (across all vulnerability areas)
Ensure accuracy (minimize false alarms)
61. APPLICATION SECURITY
TESTING
Identify security flaws during testing
Develop security test cases
Based on requirements
Be sure to include “negative” tests
Test all security mechanisms and common vulnerabilities
Flaws feed into defect tracking and root cause analysis.
“Every security flaw is a process problem”
Tracking security defects
Find the source of the problem
Bad or missed requirement, design flaw, poor implementation, etc…
ISSUE: can you track security defects the same way as other
defects
62. Deployment and Configuration
Management
• Ensure the application configuration is secure
• Security is increasingly “data-driven”
–XML files, property files, scripts, databases, directories
• How do you control and audit this data?
–Design configuration data for audit
–Put all configuration data in Document
–Audit configuration data regularly
–Don’t allow configuration changes in the field
Editor's Notes
What Is Security?
In general, security is “the quality or state of being secure--to be free from danger.”
It means to be protected from adversaries--from those who would do harm, intentionally or otherwise.
What Is Security?
A successful organization should have the following multiple layers of security in place for the protection of its operations:
Physical security - to protect the physical items, objects, or areas of an organization from unauthorized access and misuse.
Personal security – to protect the individual or group of individuals who are authorized to access the organization and its operations.
Operations security – to protect the details of a particular operation or series of activities.
Communications security – to protect an organization’s communications media, technology, and content.
Network security – to protect networking components, connections, and contents.
What Is Information Security?
Information security, therefore, is the protection of information and its critical elements, including the systems and hardware that use, store, and transmit that information.
But to protect the information and its related systems from danger, tools, such as policy, awareness, training, education, and technology are necessary.
The C.I.A. triangle has been considered the industry standard for computer security since the development of the mainframe. It was solely based on three characteristics that described the utility of information: confidentiality, integrity, and availability.
The C.I.A. triangle has expanded into a list of critical characteristics of information.
Critical Characteristics Of Information
The value of information comes from the characteristics it possesses.
Availability - enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format.
Accuracy- free from mistake or error and having the value that the end-user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate.
Authenticity - the quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred.
Confidentiality - the quality or state of preventing disclosure or exposure to unauthorized individuals or systems.
Integrity - the quality or state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or other disruption of its authentic state.
Utility - the quality or state of having value for some purpose or end. Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end-user, it is not useful.
Possession - the quality or state of having ownership or control of some object or item. Information is said to be in possession if one obtains it, independent of format or other characteristic. While a breach of confidentiality always results in a breach of possession, a breach of possession does not always result in a breach of confidentiality.
This graphic informs the fundamental approach of the chapter and can be used to illustrate the intersection of information states (x-axis), key objectives of C.I.A. (y-axis) and the three primary means to implement (policy, education and technology).
Components Of An Information System
To fully understand the importance of information security, it is necessary to briefly review the elements of an information system.
An Information System (IS) is much more than computer hardware; it is the entire set of software, hardware, data, people, and procedures necessary to use information as a resource in the organization.
Securing The Components
When considering the security of information systems components, it is important to understand the concept of the computer as the subject of an attack as opposed to the computer as the object of an attack.
When a computer is the subject of an attack, it is used as an active tool to conduct the attack. When a computer is the object of an attack, it is the entity being attacked.
It is important to note that the same computer can be both the subject and object of an attack, especially in multi-user systems.
The Systems Development Life Cycle
Information security must be managed in a manner similar to any other major system implemented in the organization.
The best approach for implementing an information security system in an organization with little or no formal security in place, is to use a variation of the Systems Development Life Cycle (SDLC): the Security Systems Development Life Cycle (SecSDLC).
Methodology
The SDLC is a methodology for the design and implementation of an information system in an organization.
A methodology is a formal approach to solving a problem based on a structured sequence of procedures.
Using a methodology ensures a rigorous process, and avoids missing those steps that can lead to compromising the end goal.
The goal is creating a comprehensive security posture.
Very much a traditional SDLC diagram.
Investigation
The first phase, investigation, is the most important.
What is the problem the system is being developed to solve?
This phase begins with an examination of the event or plan that initiates the process.
The objectives, constraints and scope of the project are specified. A preliminary cost/benefit analysis is developed to evaluate the perceived benefits and the appropriate levels of cost an organization is willing to expend to obtain those benefits.
A feasibility analysis is performed to assesses the economic, technical, and behavioral feasibilities of the process and to ensure that implementation is worth the organization’s time and effort.
Analysis
The analysis phase begins with the information learned during the investigation phase.
This phase consists primarily of assessments of the organization, the status of current systems, and the capability to support the proposed systems.
Analysts begin to determine what the new system is expected to do, and how it will interact with existing systems.
This phase ends with the documentation of the findings and a feasibility analysis update.
Logical Design
In the logical design phase, the information gained from the analysis phase is used to begin creating a solution system for a business problem.
Then, based on the business need, select applications capable of providing needed services.
Based on the applications needed, select data support and structures capable of providing the needed inputs.
Finally, based on all of the above, select specific technologies to implement the physical solution.
In the end, another feasibility analysis is performed.
Physical Design
During the physical design phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design.
The selected components are evaluated based on a make-or-buy decision (develop in-house or purchase from a vendor).
Final designs integrate various components and technologies.
After yet another feasibility analysis, the entire solution is presented to the end-user representatives for approval.
Implementation
In the implementation phase, any needed software is created or purchased
Components are ordered, received and tested.
Afterwards, users are trained and supporting documentation created.
Again a feasibility analysis is prepared, and the users are then presented with the system for a performance review and acceptance test.
Maintenance and Change
The maintenance and change phase is the longest and most expensive phase of the process.
This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle.
Even though formal development may conclude during this phase, the life cycle of the project continues until it is determined that the process should begin again from the investigation phase. When the current system can no longer support the changed mission of the organization, the project is terminated and a new project is implemented.
Scheme to measure lots of apps across an organization.
prioritize based on most risky.
Cat 1 – 5: Based on hurricane scale.
1) Internal app, no sensitive assets
5) Internet app with personal info.
Use this scale to drive the plan for building new apps.
Activities:
Design review, pen test, …
Who has responsibility: Ask the class who has app security responsibility in their org?
Take LMCO standard and tailor it
Refine: “You will do access control”
Into: This is the access control matrix & this is how it will be enforced.
- we will use netegrity to implement this policy
Not trying to reinvent the whole SDLC, just trying to insert a few key activities that will help generate more secure code.
Goal is to find flaws…
- put up next slide
If the requirements (Security) are written down the normal testing process should work.