Slide 1
Topics covered
Security engineering
Security dimensions
Security levels
System layers where security may be compromised
Application/infrastructure security
System security management
Operational security
Security and dependability
Security
Fundamental security
Security terminology
Examples of security terminology (Mentcare)
Threat types
Threat types
Security assurance
Security and dependability
Security and dependability
Security and organizations
Security is a business issue
Organizational security policies
Security policies
Security policies
Security risk assessment and management
Preliminary risk assessment
Design risk assessment
Operational risk assessment
Security requirements
Security specification
Types of security requirement
Security requirement classification
Slide 33
Security risk assessment
Security risk assessment
Slide 36
Slide 37
Security requirements for the Mentcare system
Misuse cases
Misuse cases
Mentcare use case – Transfer data
Mentcare misuse case: Intercept transfer
Misuse case: Intercept transfer
Secure systems design
Secure systems design
Design compromises
Design risk assessment
Design and risk assessment
Protection requirements
Design risk assessment
Design decisions from use of COTS
Vulnerabilities associated with technology choices
Security requirements
Architectural design
Protection
A layered protection architecture
Distribution
Distributed assets in an equity trading system
Design guidelines for security engineering
Design guidelines for secure systems engineering
Design guidelines 1-3
Design guidelines 4-6
Design guidelines 7-10
Secure systems programming
Aspects of secure systems programming
Dependable programming guidelines
Security testing and assurance
Security testing
Security validation
Examples of entries in a security checklist
Key points
Key points