Lab Objectives: This lab is designed to give students the opportunity to discuss security requirements including CIA and design principles interactively and to explore the topics covered in greater detail. CIA Confidentiality, integrity, and availability, also known as the CIA Triad. The CIA Triad is a security model that has been developed to help people think about various parts of IT security. Confidentialityis roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts. Integrityinvolves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people Availabilitymeans information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information. Task 1 : CIA The CIA triangle (confidentiality, integrity and availability) can be used to frame many problems in security. Develop a summary of the security needs of a model entity (such as a business, a hospital or university) and explain how each of the elements of the CIA triangle applies to your chosen entity Design Principles The security design principles are considered while designing any security mechanism for a system. These principles are review to develop a secure system which prevents the security flaws and also prevents unwanted access to the system. · Isolation · Complete Mediation · Least Privilege · Defense-In-depth Design · Compartmentalization · Access control pattern and System security levels · Separation of duties · Fail safe default and fail secure · Component's integration · Least Astonishment (Psychological Acceptability) · Open design · Minimize trust surface · Simplicity of Design · Usability · Abstraction · Generic design Task 2: Design Principles Choose at least three of the design principles presented in the lecture (see slide 7 of the Week 2 Lecture Slides). Please present what you believe to be the costs and benefits of the chosen principle with respect to your entity and where this might be difficult to implement in modern computer systems or networks. Lab deliverable: First you need to identify your selected entity (system) and give a brief description of that system. Then you have to submit a report that includes two parts. Part 1: Determine security requirements applicable to your system, you need to document these requirements. (task 1) Part 2: Identify the appropriate security design principles in your application, you need to list the used principles and justify the need for these principles in the application context. (task 2)
Lab Objectives:
This lab is designed to give students the opportunity to discuss security requirements including CIA and design principles interactively and to explore the topics covered in greater detail.
- CIA
Confidentiality, integrity, and availability, also known as the CIA Triad. The CIA Triad is a security model that has been developed to help people think about various parts of IT security.
- Confidentialityis roughly equivalent to Confidentiality measures are designed to prevent sensitive information from unauthorized access attempts.
- Integrityinvolves maintaining the consistency, accuracy and trustworthiness of data over its entire lifecycle. Data must not be changed in transit, and steps must be taken to ensure data cannot be altered by unauthorized people
- Availabilitymeans information should be consistently and readily accessible for authorized parties. This involves properly maintaining hardware and technical infrastructure and systems that hold and display the information.
Task 1 : CIA
The CIA triangle (confidentiality, integrity and availability) can be used to frame many problems in security. Develop a summary of the security needs of a model entity (such as a business, a hospital or university) and explain how each of the elements of the CIA triangle applies to your chosen entity
- Design Principles
The security design principles are considered while designing any security
|
· Isolation |
· Complete Mediation |
|
· Least Privilege |
· Defense-In-depth Design |
|
· Compartmentalization |
· Access control pattern and System security levels |
|
· Separation of duties |
· Fail safe default and fail secure |
|
· Component's integration |
· Least Astonishment (Psychological Acceptability) |
|
· Open design |
· Minimize trust surface |
|
· Simplicity of Design |
· Usability |
|
· Abstraction |
|
|
· Generic design |
|
Task 2: Design Principles
Choose at least three of the design principles presented in the lecture (see slide 7 of the Week 2 Lecture Slides). Please present what you believe to be the costs and benefits of the chosen principle with respect to your entity and where this might be difficult to implement in modern computer systems or networks.
Lab deliverable:
First you need to identify your selected entity (system) and give a brief description of that system. Then you have to submit a report that includes two parts.
Part 1: Determine security requirements applicable to your system, you need to document these requirements. (task 1)
Part 2: Identify the appropriate security design principles in your application, you need to list the used principles and justify the need for these principles in the application context. (task 2)
Trending now
This is a popular solution!
Step by step
Solved in 3 steps
