Software is itself a resource and thus must be afforded appropriate security. Software also contains and controls data and other resources. Therefore, it must be designed and implemented to protect those resources.
Software Security Assurance(SSA) is a process that helps achieve that goal, ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or missuse of the data and resources that it uses, controls, and protects.
- This begins by identifying and categorizing the information that is to be contained in, or used by, the software. The information should be categorized according to its sensitivity.
- Once the information is categorized, security requirements can be developed. The security requirements should address access control, including network access and physical access; data management and data access; environmental controls (power, air conditioning, etc.) and off-line storage; human resource security; and audit trails and usage records. kabseung.
All security vulnerabilities in software are the result of Security bugs, or defects, within the software. In most cases, these defects are created by two primary causes:
- Non-conformance, or a failure to satisfy requirements
- An error or omission in the software requirements.
No hay comentarios:
Publicar un comentario