Chapter 4. Information System Security Principles
IN THIS CHAPTER
Reviewing the principles of network security
Understanding the systems engineering and Information Systems Security Engineering process
Summarizing the System Development Life Cycle (SDLC)
Relating information systems security and the SDLC
A number of organizations have defined terminology and methodologies for applying systems engineering (SE) principles to large tasks and undertakings. When information systems and networks are involved, companion Information System Security Engineering (ISSE) processes should be practiced concurrently with SE at project initiation.
This chapter defines the fundamental principles of network security and explains the SE and ISSE processes. It also describes the steps in the systems development life cycle (SDLC) and reviews how network and information technology (IT) security practices can be incorporated into the SDLC activities.
The chapter concludes with coverage of risk management techniques and the application of risk management in the SDLC.
Key Principles of Network Security
Network security revolves around the three key principles of confidentiality, integrity, and availability (C-I-A). Depending upon the application and context, one of these principles might be more important than the others. For example, a government agency would encrypt an electronically transmitted classified document to prevent an unauthorized person from reading its contents. Thus, confidentiality ...