Understanding Security tips should be everybody’s goal including both private and public organization.
Understanding
basic concepts of security will help you create a solid foundation in security.
Confidentiality, integrity, and availability together form
the CIA security triad,
a model used to guide security principles within an organization. Each element
is important to address in any security program.
Security brings Confidentiality,
Integrity, availability, authentication, obfuscation, and non-repudiation.
In order to have
a good software development, pseudo code, flowchart and some other important
modeling tools like Use case diagram has to be considered.
WHAT IS A USE
CASE
A use
case describes a goal that an organization wants to achieve. Engineers use
it in systems analysis and software development to identify and clarify requirements
to achieve the goal. A common naming strategy for a use case is in the
verb-noun format .As an example, consider a use case named“ Place Order.”Different
departments within an organization might use it differently, but it can still retain
the same name.
Developers can
use the steps in the use case to create software to support the goal. The Use
Case can help marketing personnel understand where they need to focus their efforts
to motivate the buyer to start the process of placing an order. Billing and
Shipping departments use it to understand their responsibilities after the
customer places the order.
Imagine that
Lisa wants to place an order via an online e-commerce system.
The Place Order
use case for this might include the following elements:
• Actors. Lisa
is one of the actors. She might have an account and be a registered user with
her shipping and billing information in an existing database. Or, she might be
a brand-new customer and her information needs to be collected. Other actors
include the billing system that bills her for the order and a fulfillment
system that processes and ships the order.
• Precondition.
A precondition must occur before the process can start. For example, Lisa needs
to select an item to purchase before she can place the order.
• Trigger. A
trigger starts the use case. In this case, it could be when Lisa clicks on the
shopping cart to begin the purchase process.
• Post condition.
Post conditions occur after the actor triggers the process. In this case,
Lisa’s order will be put into the system after she completes the purchase.
She’ll receive an acknowledgment for her order, the Billing department may take
additional steps to bill her (if she wasn’t billed during the purchase
process), and the Shipping department will take steps to ship the product.
• Normal flow. A
use case will typically list each of the steps in a specific order. In this example,
you might see a dozen steps that start when Lisa picks an item to order and end
when she completes the order and exits the purchase system.
• Alternate
flow. All purchases won’t be the same. For example, instead of using existing
billing and shipping information, Lisa might want to use a different credit
card or a different shipping address. It’s also possible for Lisa to change her
mind and abandon the process before completing the purchase or even cancel the
purchase after she completes the process.
Some common usecases related to supporting Confidentiality,
Integrity, availability, authentication, obfuscation, and non-repudiation.
Some
security tips are:
1.
ENSURE
CONFIDENTIALITY
A common use
case that any organization has is to support confidentiality. Confidentiality
prevents the unauthorized disclosure of data.
In other words,
authorized personnel can access the data, but unauthorized personnel cannot
access the data. You can ensure confidentiality using several different methods
discussed in the following sections.
2.
ENCRYPTION
Encryption
scrambles data to make it unreadable by unauthorized personnel. Authorized
personnel can decrypt the data to access it, but encryption techniques make it
extremely difficult for unauthorized personnel to access encrypted data.
As
an example, imagine you need to transmit Personally Identifiable Information
(PII), such as medical information or credit card data via email.
You wouldn’t
want any unauthorized personnel to access this data, but once you click Send,
you’re no longer in control of the data. However, if you encrypt the email
before you send it, you protect the confidentiality of the data.
3.
ACCESS CONTROLS
(IAA)
Identification,
authentication, and authorization combined provide access controls and help
ensure that only authorized personnel can access data. Imagine that you want to
grant Maggie access to some data, but you don’t want Homer to be able to access
the same data. You use access controls to grant and restrict access. The
following bullets introduce key elements of access controls:
•
Identification. Users claim an identity with a unique username.
For example,
both Maggie and Homer have separate user accounts identified with unique
usernames. When Maggie uses her account, she is claiming the identity of her
account.
•
Authentication. Users prove their identity with authentication, such as with a
password. For example, Maggie knows her password, but no one else should know
it. When she logs on to her account with her username and password, she is claiming
the identity of her account and proving her identity with the password.
• Authorization.
Next, you can grant or restrict access to resources using an authorization
method, such as permissions. For example, you can grant Maggie’s account full
access to some files and folders. Similarly, you can ensure that Homer doesn’t
have any permission to access the data.