Security Architecture and Security by Design
July 17, 2008 by Antivirus Ware.com - Download Norton Antivirus software instantly!Security Architecture
Design aspects which describe how security countermeasures or controls are positioned, as well as how they are relative to the information technology of the total construct is referred to as “security architecture.” The designing of a plan wherein you place these security controls is another way of defining security architecture. The purpose of these plans is to ensure the quality of a system’s five basic attributes, which are:
- Accountability
- Assurance
- Availability
- Confidentiality
- Integrity
Security by Design
Logic is the basis for computer security technology. Secure behavior is usually not defined using some universal standard notion since it is a concept that is unique to each situation that it is applied to. Security imposes restrictions on application behavior because it is external, not internal. Typically, the following four approaches are employed, sometimes in combination, for creating a secure environment in computing:
- All software abides by a security policy, but the software itself isn’t trustworthy. This is also referred to as computer insecurity.
- All software abides by a security policy, and is also deemed as trustworthy by using extensive analysis (e.g. branch or path).
- The software is not trusted. However the mechanisms within the security policy are not trustworthy. This is also a form of computer insecurity.
- The software is not trusted. However, there are trustworthy mechanisms within the security policy.
