Is it a solution suggestion to a problem?
Nowadays, information security is getting more and more attention due to the large number of breaches and discovered vulnerabilities in various applications and systems. It is impossible to build an application with no bugs, nevertheless, organizations cannot give up improving development processes and adapting them to the current technological and threat landscape.
During the development process, it is more cost-effective and efficient to fix bugs and apply security requirements/controls in earlier stages rather than later ones. The cost of fixing an issue increases exponentially as the software moves forward in the SDLC.
Describe the feature you would like to be implemented
A considerable amount of applications and systems have been faced serious security threats due to the large number of new technologies and the lack of security principles.
Confidentiality: preserve the access control and disclosure of information
Integrity: avoid unauthorized information modification or destruction
Availability: the information or service must be available, accessible and used only by authorized users
When those principles are affected, the concept of information security risk is introduced.
Information Security Risk = Impact x Probability of realization of an attack
Low: generate a limited adverse effect;
Moderate: generate a serious or critical adverse effect;
High: generate a severe or catastrophic adverse effect.
As a result a list of initial security principles needs to be created in order to assure that minimum security controls are in place and the level of the various risk is minimum and manageable.
Which module? Information Security Requirements
Is it a solution suggestion to a problem? Nowadays, information security is getting more and more attention due to the large number of breaches and discovered vulnerabilities in various applications and systems. It is impossible to build an application with no bugs, nevertheless, organizations cannot give up improving development processes and adapting them to the current technological and threat landscape.
During the development process, it is more cost-effective and efficient to fix bugs and apply security requirements/controls in earlier stages rather than later ones. The cost of fixing an issue increases exponentially as the software moves forward in the SDLC.
Describe the feature you would like to be implemented A considerable amount of applications and systems have been faced serious security threats due to the large number of new technologies and the lack of security principles.
Confidentiality: preserve the access control and disclosure of information Integrity: avoid unauthorized information modification or destruction Availability: the information or service must be available, accessible and used only by authorized users
When those principles are affected, the concept of information security risk is introduced.
Information Security Risk = Impact x Probability of realization of an attack
Low: generate a limited adverse effect; Moderate: generate a serious or critical adverse effect; High: generate a severe or catastrophic adverse effect.
As a result a list of initial security principles needs to be created in order to assure that minimum security controls are in place and the level of the various risk is minimum and manageable.
Additional context https://www.nist.gov/ https://www.enisa.europa.eu/publications/smart-cars https://www.cpni.gov.uk/