Security architecture is a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls. The design process is generally reproducible.
In security architecture, the design principles are reported clearly, and in-depth security control specifications are generally documented in independent documents. System architecture can be considered a design that includes a structure and addresses the connection between the components of that structure.
Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data. Read more
Cloud security involves the procedures and technology that secure cloud computing environments against both external and insider cybersecurity threats. Read more
Network design refers to the planning of the implementation of a computer network infrastructure. Read more
Cryptography is one of the most significant instruments for building secure frameworks. Through the best possible utilization of cryptography, one can guarantee the secrecy of information, shield information from unapproved alteration, and verify the wellspring of information. Cryptography can empower numerous other security objectives too.
Cryptography is so hard to get right that it always makes sense to work with an expert if you can. Note that expertise in applied cryptography is not the same as being a mathematician and having a mathematical understanding of cryptography. At the highest level, make use of proven algorithms and libraries, but realize thatjust the use of such things does not guarantee security — it is easy to accidentally misuse these things.
Have a cryptography expert work with your designers to provide an API abstraction around a strong library, so that that your developers are not making decisions on algorithms and cipher modes, and so that if you need to change algorithms behind that abstraction layer you can.
The most basic uses of computer cryptography is for scrambling a piece of text and sending it over the internet to a remote location, where the data is unscrambled and delivered to the receiver. In this manner computer cryptography and cyber security go hand-in-hand. Certificate Authorities (CAs) are responsible for passing out digital certificates to validate the ownership of the encryption key that is used for securing communication on a trust basis.
Security engineering is about building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves
Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper-resistance and formal methods to a knowledge of economics, applied psychology, organizations and the law. System engineering skills, from business process analysis through software engineering to evaluation and testing, are also important; but they are not sufficient, as they deal only with error and mischance rather than malice. [I Kant et al]
‘Security’ is a terribly overloaded word, which often means quite incompatible things to different people. To a corporation, it might mean the ability to monitor all employees’ email and web browsing; to the employees, it might mean being able to use email and the web without being monitored. [Reference]
Many security systems have critical assurance requirements. Their failure may endanger human life and the environment (as with nuclear safety and control systems), do serious damage to major economic infrastructure (cash machines and other bank systems), endanger personal privacy (medical record systems), undermine the viability of whole business sectors (pay-TV), and facilitate crime (burglar and car alarms). Even the perception that a system is more vulnerable than it really.
Secure application development
Apps rule. They’re everywhere. Every business with an online presence has web applications—sometimes hundreds or thousands. They are in constant use in just about every workplace. There are about 2 million available on the Google Play store and another 1.83 million on the Apple App store, according to Statista. Smartphone users carry an average of 80 apps in their pockets and use at least 40 of them every month.
Insecure applications put organizations at risk in multiple ways—financial, legal, brand damage, and more. Which is something everybody should know all the time, not just during NCSAM.
But there is a major gap between “should know” and “do know,” not to mention that many who do know still don’t do what they should. So, given that the online world in which we live remains riddled with application vulnerabilities, and that the theme of the month is “Own IT. Protect IT. Secure IT,” it makes sense to turn some extra focus on one of the most fundamental elements of how to do that: application security, or AppSec. [Reference]
Beyond the standard best practices for secure development, companies in certain industries must take special care to protect their applications and data from unauthorized breaches.
For example, the Health Insurance Portability and Accountability Act (HIPAA) requires health care organizations to secure patients’ protected health information (PHI). Companies that suffer a data breach must report the attack soon after its discovery. They may face financial penalties if the information was not adequately protected.
Another security standard, PCI-DSS (Payment Card Industry Data Security Standard), regulates how organizations may handle and store customers’ payment card information. [Reference]
Secure system build
Regardless of whether an organization assembles programming itself, coordinates outsiders or just obtains an answer, the dangers of an inadequate made framework will at last significantly affect the business. Secure frameworks designing, isn’t something that generally gets organized against the need to get the chance to advertise rapidly or decrease costs, except if obviously the business genuinely comprehends the dangers.
This part covers the dangers emerging from helpless security designing. We take a gander at the possible effect on the business, what steps can be taken to moderate these and in this manner what addresses all danger administrators ought to ask their inward and outer planners and engineers, featuring the expected effect of programming advancement strategies, for example, AGILE on secure improvement philosophies
Secure Systems – Why it’s hard Securing systems is not trivial. An operating system has tens of millions of lines of code, a database server or a web server can contain several millions of lines of code. The software is resident on a complex mesh of servers, network infrastructure and multiple protocols on top of which the actual application is built that delivers the services which differentiate the organisation and provides value to your customers.
So it’s not surprising that, given this rich stack of technology, some ‘issues’ might arise either through the complexity of the application being assembled or through delivery pressures. Unfortunately, such issues can quickly become security vulnerabilities. [Reference]