Security by Design

Beautiful Security

Chapter Ten

Security by Design

Authors believe security is beautiful when system designer apply it in system design lifecycle (design, built, and test). And they believe it is ugly when we use it as an afterthought. Also they believe security is highly interrelated, and is achievable in cost effective way. When you want to have a secure environment you need to know, and clearly define the environment to have an effective environment security posture. Whenever we need a secure system you need to have a clearly known, clearly defined system.

Security vulnerabilities contribute to low reliable, poor system performance, and poor quality system. What we need to do is focusing on achieving security and quality before expanding the feature set product. What the authors suggest is achieving appropriate levels of quality and security then transition a product to volume production.

Before developing a program;

·        Determine the attributes that need to be measured

·        Interdependencies of these attributes

·        And the acceptable levels for these attribute.

Some suggestions:

·        Develop risk based security programs that address security at all phases of the system development lifecycle.

·        Instead of testing security into the system, design security.

·        Good design discipline reduces the total cost of designing, developing and operating a system in many cases.

·        Well designed system will provide significant benefits in improved security.

Reference:

Oram, Andy, Viega, John (2009). “Beautiful Security, Leading Security Experts Explain How They Think”, Copyright 2009 O’reilly Media, Inc.