written 3.1 years ago by |
Network security is continually becoming an area of immense focus for companies of all sizes. There are a excess of network security threats that businesses should be familiar with to ensure the continuous protection of their systems, software, and data. Safe-guarding an organization's data from unauthorized access or modification to ensure its availability, confidentiality, and integrity. If a developer includes security features as a design criterion, system errors can be avoided from the very beginning. Information security ensures good data management. It involves the use of technologies, protocols, systems and administrative measures to protect the confidentiality, integrity and availability of information. Information is the most valuable asset of an organization, and any breach can destroy its reputation and continuity. The security of information systems is a serious issue because computer abuse is increasing. It is important, therefore, that systems analysts and designers develop expertise in methods for specifying information systems security. The characteristics found in three generations of general information system design methods provide a framework for comparing and understanding current security design methods. These methods include approaches that use checklists of controls, divide functional requirements into engineering partitions, and create abstract models of both the problem and the solution. Comparisons and contrasts reveal that advances in security methods lag behind advances in general systems development methods. This analysis also reveals that more general methods fail to consider security specifications rigorously. Following is the information system’s security design methods for implication of development.
Based on the security consideration there are following categories mentioned to partition the risk management and consideration according to the system design.
The above categories tell us that security consideration requires steps that needs to be followed in order to practise information security. We follow these polices not only t avoid breach but also ensure fluent functioning of extraction of data and keeping it secure for further use. 1) Initiation: This is the first phase where security categorization is practiced. It ensure authenticity from preliminary risk assessment done post breach. 2) Acquisition/Development: The acquisition / development phase can begin only after an organization has determined that a need exists. A need may have been determined during strategic or tactical planning. The needs determination phase is at a very high level in terms of functionality. 3) Implementation: During this phase, the system will be installed and evaluated in the operational environment of the organization. 4) Operation and Maintenance: . In this phase, systems are in place and operating, enhancements and/or modifications to the system are developed and tested, and hardware and/or software is added or replaced. The system is monitored for continued performance in accordance with user requirements, and needed system modifications are incorporated. The operational system is periodically assessed to determine how the system can be made more efficient and effective. Operations continue as long as the system can be effectively adapted to respond to an organization’s needs. Managing the configuration of the system and providing for a process of continuous monitoring are two key information security steps of this phase. 5) Disposition: The disposition activities ensure the orderly termination of the system and preserve the vital information about the system so that some or all of the information may be reactivated in the future if necessary. Particular emphasis is given to proper preservation of the data processed by the system, so that the data is effectively migrated to another system or archived in accordance with applicable records management regulations and policies, for potential future access.
The Information security consideration in system design is based on the need to ensure the information security to avoid malware activities and threats related to the stored information. That is achieved when the organization understands the importance of security in the system design. Security can be considered based on following reasons: 1) To avoid Data Breaches 2) To check for compromised credentials and broken authentication 3) To avoid account hijacking 4) To mitigate cyber threat from malicious insiders