SlideShare une entreprise Scribd logo

Data security in practice

Andres Kütt
Andres Kütt

A presentation given at Arrow ECS Inspiration Day 7th of March 2014, Tallinn. The deck elaborates on why it is important to have information security built into your systems rather than tacked on later and offers some approaches to actually doing it.

Technologie
1  sur  19
Télécharger pour lire hors ligne
Information security in practice
 Why do you really need it Andres Kütt Information System Authority / Information System Architect ! 07. March 2014
Agenda today " " " Information security from the architects perspective Implications of security on system design Approaching information security in a standardised fashion It must be emphasised, this is not a security centric view. The speech will not go into specific security details but will rather cover designing systems with security considerations in mind.
So what does an architect do anyway? " " " He or she designs systems What are systems? What does it mean to “design” something To understand what system architecture is and why it is vital, it is important to understand, what does an architect do. ! So an architect designs systems. What do the two elements of that definition actually mean?
What are systems? " " In an abstract sense, collections of things relating to each other " The things might be software, hardware, people, activities etc. So where exactly does my system end? Systems are collections of things (including other systems) relating to each other in a way. It sounds abstract but is a rather important realization as this means people, hardware, processes and software form equally important elements of any system. ! Since this definition is rather abstract, it raises a question about what things are included in the system. Since everything is realted to everything else, don’t we have the entire universe as a single system? While this is, stricktly speaking, true, it is impractical to design the entire universe every time we want to build a website. Thus, there must be an explicit decision about what is included in this particular system and what is not.
On system boundaries In case of information system security, determining the boundaries of the system in question is of paramount importance Information security is about protecting the information in the system against unauthorized use. Therefore, it is absolutely paramount, that all elements of the system are considered when thinking of how to protect the information. ! Typically, for example, people are left out of the system, they are considered just “users”. However, how many of you will happily connect to any open wifi hotspot during this event as long as it is called “somethingsomething FREE Swissotel”? Unfortunately experience shows, the answer is “many” and that people are often the weakest security element of all the systems. The same is true for processes. It is rather pointless to encrypt a database when there is no process in place to ensure the application software does not write a debug log with all database input and outputs in the production environment.
Inputs to the design process " " Functionality or value to deliver Known constraints: " NFR " Execution constraints (competences, time, money) " Information security requirements " Operational constraints The first, but not the only, input to the system design process is the functionality to be delivered. Regardless of whether the customer can express this, there is a structure to the functional requirements that can be referred to as “functional architecture”. The better and more explicit that structure is, the easier the work of the architect is. Level of detail is not necessarily a good indicator but the structure is. ! The second class of input are the NFR (essentially an agreement between technical parties about what constitutes a “good” system), execution constraints (i.e. whom do we have available to build the system using what tools, how long to we have to do this and what are the manufacturing tolerances to be expected) and information security requirements. ! It is important to realize that this is usually where the boundary between the customer and service provider lies (again we are dealing with system boundaries). Unless there are explicit security requirements, they will not be taken into consideration and the system will be insecure. It is not enough to state that “the system must be secure”. It is the responsibility of the customer to procure a secure system exactly as it is the responsibility of the customer to procure a system that performs the necessary business function.
Concept is developed Based on this input, a concept of the system is developed, that embodies basic metaphores, thought patterns and values that form the foundation of the design An architect takes the input described previously and develops some sort of a mental model of the system to be built. This is not necessarily a conscious or explicit process but every architect does this nevertheless. Basically, a concept is about how people think about the system.
System is designed The functions are mapped to elements of the system using the concept within the boundaries of the known constraints At this point the architect takes the functional elements and map them to technical components based on the concept and within the boundaries of known constraints. How exactly this happens, is part of the art of an architect but at this point already it is becoming late to start talking about security.
The described process has a major impact on information security It is almost impossible to retro-fit security to a system that is already designed and/or implemented If one looks at the steps that have been taken in system design up to this point, it becomes clear that retro-fitting security to a system that is already built is neigh to impossible. In the following, lets review in more detail, why this is.
Fundamentally, it is about the concept " " " All design decisions, big and small are based on the concept Unless the concept already contains the notion of security, the decisions down the line will not consider it It is also impossible to tell, which ones do and which ones do not If the concept forms the basic mental model about the system and that model does not involve security, the system will not be secure. The main reason for this is that, either consciously or subconsciously, all design decisions made during the design and build process of the system, are based on that basic mental model. And unless the foundation includes some premise of security, there is no way to tell, if any of the subsequent decisions are taking security into account or not. Even worse, it is impossible to tell, where security is thought of and where it is simply forgotten or bypassed as a project-induced shortcut.
Level of detail in the design " " " Rule of thumb: the more secure the system, the more detailed the design The less freedom the developer has Or, we could choose to trust the developer As a rule of thumb, a more secure system requires a more detailed and thoughtful design process. Whether that process is undertaken explicitly or is offloaded to the heads of good developers, matters little. The point is that both the choice of the level of detail in system design and the selection of developers can only be made once. Re-iterating these decisions basically means re-engineering the entire system and building it from scratch.
Security domains across layers Security domain A Security domain B Security domain C Functionality Implementation Infrastructure Security domain is defined as a system area with similar security requirements. The boundaries of the security domains of the system must be clearly defined and protected through functionality, implementation and infrastructure layers. As the uncertainty about the details of the system decreases while the system is built, it becomes more and more difficult to draw boundaries between the security domains and thus, it is very hard to retro-fit security domains to an already built system.
Security domains " " " If the system contains multiple security domains, they should be aligned There should be clear boundaries with access control and logging between the domains External boundaries of the system are also security domain boundaries! To have the security domains aligned across layers means, that the boundaries of components on the layers must not cross the boundaries of the security domain. If there is one functional piece (i.e. data warehouse, self-service etc), it must not belong to two separate security domains. If there are two functional pieces belonging to separate security domains (internal application administrator interface and external end-user interface, for example) they must not be deployed into the same virtual box. ! Clear boundaries with access control and security monitoring must be in place between the domains. By the way, the external boundary of the system is also a security domain boundary and thus needs to be considered carefully. Usually, only user interfaces are considered but technical interfaces need as careful consideration. It is perfectly possible to have an SQL injection attack vector through a machine-machine interface that is nicely encrypted and authenticated.
Holistic security of the whole system " " " " It makes no sense to protect one part and neglect others What were our system boundaries again? It is very easy to over-react It is also easy to under-react and forget things It is important to have the same level of security across a security domain. It makes no sense to invest into protecting one part of the system while neglecting others. Again, the question of system boundaries appears as often things on the vague edges of the systems are where security breaks down. For example, is a data warehouse part of your system? If you choose to encrypt your database but do not protect the results of functions that, by definition, are meant to increase the value of the information, there is a problem. ! It is easy to err on both sides by either over-spending on security or under-spending. You do not want to build a cast iron gate to a simple wooden garden fence, neither do you want to have a latch-and-hook in a stone wall.
Holistic security built in Information security has to be built into the entire system up front, retro-fitting is expensive and likely to leave gaps
Approaching security: baseline " " " " Use a baseline security standard to validate the measures in place Cheap to impelement, easy to under/overshoot In Estonia, ISKE is obligatory for the public sector, OWASP ASVS becoming more prominent This does not relieve anybody of the burden of thinking! The idea of baseline security is to take a hypothetical, standardized, system and perform a risk analysis on it under typical conditions. The results should then, to an extent, be applicable to all similar systems under similar conditions. While it is relatively cheap to implement, it is easy to over/under shoot as it is not necessarily clear how your system or risks deviate from the standard. Therefore, baseline security is exactly what the name says: a good baseline. Nothing more and nothing less. There is still a need to think about what you are doing in terms of security.
Approaching security: risk analysis " " " Conduct a tailored risk analysis of the systems at hand and the processes surrounding them How often are you really willing to do this? How to respond to both of risks and the systems changing continuously? As an alternative, one can choose to perform a thorough risk analysis of the systems including processes around software. While, when done properly, this produces very good results, the choice between the approaches is not trivial as it is not about a one-time effort. Security needs to be holistic over space and time, thus one needs to be ready and willing to spend resources of repeating the analysis frequently.
Summary " " " " Security has to be built in. There is no other way Think before spending money Think after spending money Pick a sustainable approach to security and stick to it
Thank you! Andres Kütt andres.kutt@ria.ee

Recommandé

System thinking in public sector architecture
System thinking in public sector architectureSystem thinking in public sector architecture
System thinking in public sector architectureAndres Kütt
 
Architecting estonia
Architecting estoniaArchitecting estonia
Architecting estoniaAndres Kütt
 
Talking to organisations with x-road
Talking to organisations with x-roadTalking to organisations with x-road
Talking to organisations with x-roadAndres Kütt
 
Foundations of digital government
Foundations of digital governmentFoundations of digital government
Foundations of digital governmentAndres Kütt
 
Service centricity in public sector
Service centricity in public sectorService centricity in public sector
Service centricity in public sectorAndres Kütt
 
Systems Thinking workshop, given at Lean UX NYC
Systems Thinking workshop, given at Lean UX NYCSystems Thinking workshop, given at Lean UX NYC
Systems Thinking workshop, given at Lean UX NYCjohanna kollmann
 
Interusability: Designing a Coherent System UX
Interusability: Designing a Coherent System UXInterusability: Designing a Coherent System UX
Interusability: Designing a Coherent System UXClaire Rowland
 
Over the Air 15: Experience design for the IoT: system UX & interusability 15...
Over the Air 15: Experience design for the IoT: system UX & interusability 15...Over the Air 15: Experience design for the IoT: system UX & interusability 15...
Over the Air 15: Experience design for the IoT: system UX & interusability 15...Claire Rowland
 

Recommandé

System thinking in public sector architecture
System thinking in public sector architectureSystem thinking in public sector architecture
System thinking in public sector architectureAndres Kütt
 
Architecting estonia
Architecting estoniaArchitecting estonia
Architecting estoniaAndres Kütt
 
Talking to organisations with x-road
Talking to organisations with x-roadTalking to organisations with x-road
Talking to organisations with x-roadAndres Kütt
 
Foundations of digital government
Foundations of digital governmentFoundations of digital government
Foundations of digital governmentAndres Kütt
 
Service centricity in public sector
Service centricity in public sectorService centricity in public sector
Service centricity in public sectorAndres Kütt
 
Systems Thinking workshop, given at Lean UX NYC
Systems Thinking workshop, given at Lean UX NYCSystems Thinking workshop, given at Lean UX NYC
Systems Thinking workshop, given at Lean UX NYCjohanna kollmann
 
Interusability: Designing a Coherent System UX
Interusability: Designing a Coherent System UXInterusability: Designing a Coherent System UX
Interusability: Designing a Coherent System UXClaire Rowland
 
Over the Air 15: Experience design for the IoT: system UX & interusability 15...
Over the Air 15: Experience design for the IoT: system UX & interusability 15...Over the Air 15: Experience design for the IoT: system UX & interusability 15...
Over the Air 15: Experience design for the IoT: system UX & interusability 15...Claire Rowland
 
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015Antwerp Management School
 
Socio Technical Systems
Socio Technical SystemsSocio Technical Systems
Socio Technical SystemsJoe Christensen
 
Future Internet Arch - Open Workshop
Future Internet Arch - Open WorkshopFuture Internet Arch - Open Workshop
Future Internet Arch - Open WorkshopSOFIProject
 
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...RSD Relating Systems Thinking and Design
 
Perspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems ThinkingPerspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems ThinkingRichard Veryard
 
Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15Claire Rowland
 
Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)BekiTamirat
 
Hci activity#1
Hci activity#1Hci activity#1
Hci activity#1Desalegn Aweke
 
Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016Claire Rowland
 
Interusability: designing a coherent system UX
Interusability: designing a coherent system UXInterusability: designing a coherent system UX
Interusability: designing a coherent system UXClaire Rowland
 
UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505Claire Rowland
 
2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkit2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkitMarc Smith
 
Social Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg SelectionSocial Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg SelectionMark A.M. Kramer
 
Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design) Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design) Teemu Toivonen
 
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14Claire Rowland
 
Social Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg SelectionSocial Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg SelectionMark A.M. Kramer
 
Tapia fireside chat-towns
Tapia fireside chat-townsTapia fireside chat-towns
Tapia fireside chat-townsJohn Towns
 
Digital Business
Digital BusinessDigital Business
Digital BusinessLisa Harris
 
The network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshopThe network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshopClaire Rowland
 
CIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docxCIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docxmccormicknadine86
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
CHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you willCHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you willJinElias52
 

Contenu connexe

Tendances

Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015Antwerp Management School
 
Future Internet Arch - Open Workshop
Future Internet Arch - Open WorkshopFuture Internet Arch - Open Workshop
Future Internet Arch - Open WorkshopSOFIProject
 
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...RSD Relating Systems Thinking and Design
 
Perspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems ThinkingPerspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems ThinkingRichard Veryard
 
Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15Claire Rowland
 
Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)BekiTamirat
 
Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016Claire Rowland
 
Interusability: designing a coherent system UX
Interusability: designing a coherent system UXInterusability: designing a coherent system UX
Interusability: designing a coherent system UXClaire Rowland
 
UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505Claire Rowland
 
2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkit2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkitMarc Smith
 
Social Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg SelectionSocial Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg SelectionMark A.M. Kramer
 
Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design) Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design) Teemu Toivonen
 
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14Claire Rowland
 
Social Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg SelectionSocial Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg SelectionMark A.M. Kramer
 
Tapia fireside chat-towns
Tapia fireside chat-townsTapia fireside chat-towns
Tapia fireside chat-townsJohn Towns
 
Digital Business
Digital BusinessDigital Business
Digital BusinessLisa Harris
 
The network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshopThe network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshopClaire Rowland
 

Tendances (19)

Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
Antwerp Management School Alumni Internet of Things Meetup June 24th 2015
 
Socio Technical Systems
Socio Technical SystemsSocio Technical Systems
Socio Technical Systems
 
Future Internet Arch - Open Workshop
Future Internet Arch - Open WorkshopFuture Internet Arch - Open Workshop
Future Internet Arch - Open Workshop
 
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
Kimberley Peter and Michael Schaus: Understanding Bitcoin Currency and Blockc...
 
Perspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems ThinkingPerspectives on Enterprise Architecture and Systems Thinking
Perspectives on Enterprise Architecture and Systems Thinking
 
Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15Interusability: designing a coherent system UX: NUX 23.10.15
Interusability: designing a coherent system UX: NUX 23.10.15
 
Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)Hci unit 2(3rd final) (2)
Hci unit 2(3rd final) (2)
 
Hci activity#1
Hci activity#1Hci activity#1
Hci activity#1
 
Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016Direct manipulation is broken: O'Reilly Design Conference Jan 2016
Direct manipulation is broken: O'Reilly Design Conference Jan 2016
 
Interusability: designing a coherent system UX
Interusability: designing a coherent system UXInterusability: designing a coherent system UX
Interusability: designing a coherent system UX
 
UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505UX for the internet of things: ThingsCon 150505
UX for the internet of things: ThingsCon 150505
 
2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkit2009-C&T-NodeXL and social queries - a social media network analysis toolkit
2009-C&T-NodeXL and social queries - a social media network analysis toolkit
 
Social Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg SelectionSocial Informatics Lecture 2 Salzburg Selection
Social Informatics Lecture 2 Salzburg Selection
 
Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design) Value stream mapping for complex processes (innovation, Lean, service design)
Value stream mapping for complex processes (innovation, Lean, service design)
 
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
Getting the IoT into Tesco: Internet of things UX for the mass market - IoT 14
 
Social Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg SelectionSocial Informatics Lecture 1 Salzburg Selection
Social Informatics Lecture 1 Salzburg Selection
 
Tapia fireside chat-towns
Tapia fireside chat-townsTapia fireside chat-towns
Tapia fireside chat-towns
 
Digital Business
Digital BusinessDigital Business
Digital Business
 
The network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshopThe network as a design material: Interaction 16 workshop
The network as a design material: Interaction 16 workshop
 

Similaire à Data security in practice

CIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docxCIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docxmccormicknadine86
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An IntroductionMarcel Winandy
 
CHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you willCHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you willJinElias52
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security NextLabs, Inc.
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and ComplianceAnton Chuvakin
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comPrescottLunt384
 
Ncsc security architecture anti patterns white paper
Ncsc security architecture anti patterns white paperNcsc security architecture anti patterns white paper
Ncsc security architecture anti patterns white paperAhmedHany Sayed
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testingankitmehta21
 
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D cscpconf
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructureAnton Chuvakin
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Securitysecdevmel
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneAlec Sloman
 
Design Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureDesign Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureTiffany Graham
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 

Similaire à Data security in practice (20)

CIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docxCIS502 discussion post responses.Respond to the colleagues posts.docx
CIS502 discussion post responses.Respond to the colleagues posts.docx
 
Security Patterns - An Introduction
Security Patterns - An IntroductionSecurity Patterns - An Introduction
Security Patterns - An Introduction
 
CHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you willCHAPTER 9 Design Considerations In this chapter you will
CHAPTER 9 Design Considerations In this chapter you will
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security Addressing Gaps in Your Cyber Security
Addressing Gaps in Your Cyber Security
 
SECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATIONSECURITY SYSTEM INTEGRATION
SECURITY SYSTEM INTEGRATION
 
Audit logs for Security and Compliance
Audit logs for Security and ComplianceAudit logs for Security and Compliance
Audit logs for Security and Compliance
 
Csec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.comCsec 610 Inspiring Innovation--tutorialrank.com
Csec 610 Inspiring Innovation--tutorialrank.com
 
Ncsc security architecture anti patterns white paper
Ncsc security architecture anti patterns white paperNcsc security architecture anti patterns white paper
Ncsc security architecture anti patterns white paper
 
020170482 x
020170482 x020170482 x
020170482 x
 
Software Security Testing
Software Security TestingSoftware Security Testing
Software Security Testing
 
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
Host-based Security
Host-based SecurityHost-based Security
Host-based Security
 
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development MelbourneHost-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
Host-based Security, by Dmitry Khlebnikov @ Secure Development Melbourne
 
Design Decisions For Understanding Software Architecture
Design Decisions For Understanding Software ArchitectureDesign Decisions For Understanding Software Architecture
Design Decisions For Understanding Software Architecture
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 

Plus de Andres Kütt

API First Government
API First GovernmentAPI First Government
API First GovernmentAndres Kütt
 
Tarkvarasüsteemi arhitektuuri kavandamisest
Tarkvarasüsteemi arhitektuuri kavandamisestTarkvarasüsteemi arhitektuuri kavandamisest
Tarkvarasüsteemi arhitektuuri kavandamisestAndres Kütt
 
Digital evolution of Estonia
Digital evolution of EstoniaDigital evolution of Estonia
Digital evolution of EstoniaAndres Kütt
 
Cryptography and trust
Cryptography and trustCryptography and trust
Cryptography and trustAndres Kütt
 
Turvalisest pilvest
Turvalisest pilvestTurvalisest pilvest
Turvalisest pilvestAndres Kütt
 
Building government e-services in Estonia
Building government e-services in EstoniaBuilding government e-services in Estonia
Building government e-services in EstoniaAndres Kütt
 
Mis toond on meid siia
Mis toond on meid siiaMis toond on meid siia
Mis toond on meid siiaAndres Kütt
 
E-residency, data embassy and the Cloud
E-residency, data embassy and the CloudE-residency, data embassy and the Cloud
E-residency, data embassy and the CloudAndres Kütt
 
Country without borders
Country without bordersCountry without borders
Country without bordersAndres Kütt
 
Praktilised Avaandmed
Praktilised AvaandmedPraktilised Avaandmed
Praktilised AvaandmedAndres Kütt
 
Architecting a country: how Estonia built its e-government success
Architecting a country: how Estonia built its e-government successArchitecting a country: how Estonia built its e-government success
Architecting a country: how Estonia built its e-government successAndres Kütt
 
Mõistlikud nõuded
Mõistlikud nõudedMõistlikud nõuded
Mõistlikud nõudedAndres Kütt
 
Riigi infosüsteemi arhitektuuri juhtimine
Riigi infosüsteemi arhitektuuri juhtimineRiigi infosüsteemi arhitektuuri juhtimine
Riigi infosüsteemi arhitektuuri juhtimineAndres Kütt
 
System architecture in public service context
System architecture in public service contextSystem architecture in public service context
System architecture in public service contextAndres Kütt
 
E-riigist. ERAH loeng TTÜs
E-riigist. ERAH loeng TTÜsE-riigist. ERAH loeng TTÜs
E-riigist. ERAH loeng TTÜsAndres Kütt
 

Plus de Andres Kütt (16)

API First Government
API First GovernmentAPI First Government
API First Government
 
Tarkvarasüsteemi arhitektuuri kavandamisest
Tarkvarasüsteemi arhitektuuri kavandamisestTarkvarasüsteemi arhitektuuri kavandamisest
Tarkvarasüsteemi arhitektuuri kavandamisest
 
Digital evolution of Estonia
Digital evolution of EstoniaDigital evolution of Estonia
Digital evolution of Estonia
 
Cryptography and trust
Cryptography and trustCryptography and trust
Cryptography and trust
 
Turvalisest pilvest
Turvalisest pilvestTurvalisest pilvest
Turvalisest pilvest
 
Building government e-services in Estonia
Building government e-services in EstoniaBuilding government e-services in Estonia
Building government e-services in Estonia
 
Mis toond on meid siia
Mis toond on meid siiaMis toond on meid siia
Mis toond on meid siia
 
Why agile works
Why agile worksWhy agile works
Why agile works
 
E-residency, data embassy and the Cloud
E-residency, data embassy and the CloudE-residency, data embassy and the Cloud
E-residency, data embassy and the Cloud
 
Country without borders
Country without bordersCountry without borders
Country without borders
 
Praktilised Avaandmed
Praktilised AvaandmedPraktilised Avaandmed
Praktilised Avaandmed
 
Architecting a country: how Estonia built its e-government success
Architecting a country: how Estonia built its e-government successArchitecting a country: how Estonia built its e-government success
Architecting a country: how Estonia built its e-government success
 
Mõistlikud nõuded
Mõistlikud nõudedMõistlikud nõuded
Mõistlikud nõuded
 
Riigi infosüsteemi arhitektuuri juhtimine
Riigi infosüsteemi arhitektuuri juhtimineRiigi infosüsteemi arhitektuuri juhtimine
Riigi infosüsteemi arhitektuuri juhtimine
 
System architecture in public service context
System architecture in public service contextSystem architecture in public service context
System architecture in public service context
 
E-riigist. ERAH loeng TTÜs
E-riigist. ERAH loeng TTÜsE-riigist. ERAH loeng TTÜs
E-riigist. ERAH loeng TTÜs
 

Dernier

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 

Dernier (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 

Data security in practice

  • 1. Information security in practice
 Why do you really need it Andres Kütt Information System Authority / Information System Architect ! 07. March 2014
  • 2. Agenda today " " " Information security from the architects perspective Implications of security on system design Approaching information security in a standardised fashion It must be emphasised, this is not a security centric view. The speech will not go into specific security details but will rather cover designing systems with security considerations in mind.
  • 3. So what does an architect do anyway? " " " He or she designs systems What are systems? What does it mean to “design” something To understand what system architecture is and why it is vital, it is important to understand, what does an architect do. ! So an architect designs systems. What do the two elements of that definition actually mean?
  • 4. What are systems? " " In an abstract sense, collections of things relating to each other " The things might be software, hardware, people, activities etc. So where exactly does my system end? Systems are collections of things (including other systems) relating to each other in a way. It sounds abstract but is a rather important realization as this means people, hardware, processes and software form equally important elements of any system. ! Since this definition is rather abstract, it raises a question about what things are included in the system. Since everything is realted to everything else, don’t we have the entire universe as a single system? While this is, stricktly speaking, true, it is impractical to design the entire universe every time we want to build a website. Thus, there must be an explicit decision about what is included in this particular system and what is not.
  • 5. On system boundaries In case of information system security, determining the boundaries of the system in question is of paramount importance Information security is about protecting the information in the system against unauthorized use. Therefore, it is absolutely paramount, that all elements of the system are considered when thinking of how to protect the information. ! Typically, for example, people are left out of the system, they are considered just “users”. However, how many of you will happily connect to any open wifi hotspot during this event as long as it is called “somethingsomething FREE Swissotel”? Unfortunately experience shows, the answer is “many” and that people are often the weakest security element of all the systems. The same is true for processes. It is rather pointless to encrypt a database when there is no process in place to ensure the application software does not write a debug log with all database input and outputs in the production environment.
  • 6. Inputs to the design process " " Functionality or value to deliver Known constraints: " NFR " Execution constraints (competences, time, money) " Information security requirements " Operational constraints The first, but not the only, input to the system design process is the functionality to be delivered. Regardless of whether the customer can express this, there is a structure to the functional requirements that can be referred to as “functional architecture”. The better and more explicit that structure is, the easier the work of the architect is. Level of detail is not necessarily a good indicator but the structure is. ! The second class of input are the NFR (essentially an agreement between technical parties about what constitutes a “good” system), execution constraints (i.e. whom do we have available to build the system using what tools, how long to we have to do this and what are the manufacturing tolerances to be expected) and information security requirements. ! It is important to realize that this is usually where the boundary between the customer and service provider lies (again we are dealing with system boundaries). Unless there are explicit security requirements, they will not be taken into consideration and the system will be insecure. It is not enough to state that “the system must be secure”. It is the responsibility of the customer to procure a secure system exactly as it is the responsibility of the customer to procure a system that performs the necessary business function.
  • 7. Concept is developed Based on this input, a concept of the system is developed, that embodies basic metaphores, thought patterns and values that form the foundation of the design An architect takes the input described previously and develops some sort of a mental model of the system to be built. This is not necessarily a conscious or explicit process but every architect does this nevertheless. Basically, a concept is about how people think about the system.
  • 8. System is designed The functions are mapped to elements of the system using the concept within the boundaries of the known constraints At this point the architect takes the functional elements and map them to technical components based on the concept and within the boundaries of known constraints. How exactly this happens, is part of the art of an architect but at this point already it is becoming late to start talking about security.
  • 9. The described process has a major impact on information security It is almost impossible to retro-fit security to a system that is already designed and/or implemented If one looks at the steps that have been taken in system design up to this point, it becomes clear that retro-fitting security to a system that is already built is neigh to impossible. In the following, lets review in more detail, why this is.
  • 10. Fundamentally, it is about the concept " " " All design decisions, big and small are based on the concept Unless the concept already contains the notion of security, the decisions down the line will not consider it It is also impossible to tell, which ones do and which ones do not If the concept forms the basic mental model about the system and that model does not involve security, the system will not be secure. The main reason for this is that, either consciously or subconsciously, all design decisions made during the design and build process of the system, are based on that basic mental model. And unless the foundation includes some premise of security, there is no way to tell, if any of the subsequent decisions are taking security into account or not. Even worse, it is impossible to tell, where security is thought of and where it is simply forgotten or bypassed as a project-induced shortcut.
  • 11. Level of detail in the design " " " Rule of thumb: the more secure the system, the more detailed the design The less freedom the developer has Or, we could choose to trust the developer As a rule of thumb, a more secure system requires a more detailed and thoughtful design process. Whether that process is undertaken explicitly or is offloaded to the heads of good developers, matters little. The point is that both the choice of the level of detail in system design and the selection of developers can only be made once. Re-iterating these decisions basically means re-engineering the entire system and building it from scratch.
  • 12. Security domains across layers Security domain A Security domain B Security domain C Functionality Implementation Infrastructure Security domain is defined as a system area with similar security requirements. The boundaries of the security domains of the system must be clearly defined and protected through functionality, implementation and infrastructure layers. As the uncertainty about the details of the system decreases while the system is built, it becomes more and more difficult to draw boundaries between the security domains and thus, it is very hard to retro-fit security domains to an already built system.
  • 13. Security domains " " " If the system contains multiple security domains, they should be aligned There should be clear boundaries with access control and logging between the domains External boundaries of the system are also security domain boundaries! To have the security domains aligned across layers means, that the boundaries of components on the layers must not cross the boundaries of the security domain. If there is one functional piece (i.e. data warehouse, self-service etc), it must not belong to two separate security domains. If there are two functional pieces belonging to separate security domains (internal application administrator interface and external end-user interface, for example) they must not be deployed into the same virtual box. ! Clear boundaries with access control and security monitoring must be in place between the domains. By the way, the external boundary of the system is also a security domain boundary and thus needs to be considered carefully. Usually, only user interfaces are considered but technical interfaces need as careful consideration. It is perfectly possible to have an SQL injection attack vector through a machine-machine interface that is nicely encrypted and authenticated.
  • 14. Holistic security of the whole system " " " " It makes no sense to protect one part and neglect others What were our system boundaries again? It is very easy to over-react It is also easy to under-react and forget things It is important to have the same level of security across a security domain. It makes no sense to invest into protecting one part of the system while neglecting others. Again, the question of system boundaries appears as often things on the vague edges of the systems are where security breaks down. For example, is a data warehouse part of your system? If you choose to encrypt your database but do not protect the results of functions that, by definition, are meant to increase the value of the information, there is a problem. ! It is easy to err on both sides by either over-spending on security or under-spending. You do not want to build a cast iron gate to a simple wooden garden fence, neither do you want to have a latch-and-hook in a stone wall.
  • 15. Holistic security built in Information security has to be built into the entire system up front, retro-fitting is expensive and likely to leave gaps
  • 16. Approaching security: baseline " " " " Use a baseline security standard to validate the measures in place Cheap to impelement, easy to under/overshoot In Estonia, ISKE is obligatory for the public sector, OWASP ASVS becoming more prominent This does not relieve anybody of the burden of thinking! The idea of baseline security is to take a hypothetical, standardized, system and perform a risk analysis on it under typical conditions. The results should then, to an extent, be applicable to all similar systems under similar conditions. While it is relatively cheap to implement, it is easy to over/under shoot as it is not necessarily clear how your system or risks deviate from the standard. Therefore, baseline security is exactly what the name says: a good baseline. Nothing more and nothing less. There is still a need to think about what you are doing in terms of security.
  • 17. Approaching security: risk analysis " " " Conduct a tailored risk analysis of the systems at hand and the processes surrounding them How often are you really willing to do this? How to respond to both of risks and the systems changing continuously? As an alternative, one can choose to perform a thorough risk analysis of the systems including processes around software. While, when done properly, this produces very good results, the choice between the approaches is not trivial as it is not about a one-time effort. Security needs to be holistic over space and time, thus one needs to be ready and willing to spend resources of repeating the analysis frequently.
  • 18. Summary " " " " Security has to be built in. There is no other way Think before spending money Think after spending money Pick a sustainable approach to security and stick to it