In: Computer Science
Q4. Out of three levels of security I.e. Infrastructure security, Application security and Operational security, we can only deal with application security. Although it is the area we work on, but overall security of even our application depends upon the organizational security policies. Do you agree? Comment using an example.
Q5. There are 4 types of security threats namely, Interception, interruption, modification and fabrication. As a software programmer, what threat is the one you may work to avoid and how?
Q6. There are 10 Design guidelines for security engineering given in the book. Which you think is the most important and should be used in your everyday software development practices.
Firstly we understand what is infrastructure,operational,Application security.firstly we know about operational security,Operational security another name is procedural security,
Then next is Application
level security refers to security services that are
invoked at the interface between an application and a queue
manager.Application security may include hardware, software, and
procedures that identify or minimize security
vulnerabilities.Application level security is also known as
end-to-end security/ message level security.just example of A
message can be encrypted when it is put on a queue by an
application .
message is decrypted when it is retrieved by the receiving
application. This is an example of a application level
confidentiality service.when application and queue manager are
connected .it is prevent data or code within the app from being
stolen or hijacked.
Network infrastructure
security applied to IT industry,it protecting the
underlying networking infrastructure.infrastructure by installing
preventative measures to deny unauthorized access, modification,
deletion.
These security measures can include access control, application
security, firewalls, virtual private networks (VPN), and wireless
security.
An organizational security policy is a set of rules or procedures .it is produced by an organization on its operations to protect its sensitive data.Organizational security policies are,
fig:Security policy life cycle
Application depends upon the organizational security policies.for example the majority of your staff have little understanding of security issues, and there is no reason to expect that to change unless the organization does its part to correct the situation. the part of the organization to adequately prepare staff for making security policy a part of the work environment protect a system from threats .protect from unauthorized access.for example social media webiste the application changed based ob the organizational policy. Company ABCD must protect restricted, confidential or sensitive data from loss to avoid reputation damage .protect data of the companey.provide security.This policy outlines the requirements for data leakage prevention, a focus for the policy and a rationale. The protection of data in scope is a critical business requirement, flexibility .It’s primary objective is user awareness and to avoid accidental loss scenarios. overall security of even our application depends upon the organizational security policies. i agree this statements.