This type of assessment on the architecture of software projects is applicable in every type of organization and, for the identification of the requirements to be met, it relies not only on key principles - such as Redundancy and Robustness, Simplicity, Self-protection, Defense in depth - but also on the reference standards: Security job description duties
essential norms and standards, interpreted with the experience and understanding of the business, such as the control model of the Cobit © 5 framework;
international standards, such as the ISO 27000 family;
specific reference architecture, requested by the supplier.
The objectives of a software architecture security analysis with respect to the best practices
Among the main objectives of the software architecture verification activity with respect to the Security Best Practices are:
third-party review of possible software architecture flaws in addressing vulnerabilities;
verification of the software architecture's ability to support the business needs required in terms of security without weighing down performance;
verification of any flaws in the security of the software architecture.
The assessment may also consider the verification downstream of the actual realization of the architecture proposed in the software projects.
At the beginning of the assessment program, DNV GL analyzes the architecture based on the Best Security Practices applicable to the fields of Product Software Architecture, System Architecture, Network Architecture and highlights the gaps to be filled with respect to the following requirements:
security integrated into software architecture;
robustness of the proposed solutions;
components that are part of the software architecture.
The advantages of a software architecture security analysis compared to best practices
The benefits obtainable from organizations are:
balancing of functional, quality and safety requirements;
the communication of the solutions identified between the various interested parties;
an abstract and third-party analysis of the system, culminating in the drafting of a Report with the possible weaknesses found.
essential norms and standards, interpreted with the experience and understanding of the business, such as the control model of the Cobit © 5 framework;
international standards, such as the ISO 27000 family;
specific reference architecture, requested by the supplier.
The objectives of a software architecture security analysis with respect to the best practices
Among the main objectives of the software architecture verification activity with respect to the Security Best Practices are:
third-party review of possible software architecture flaws in addressing vulnerabilities;
verification of the software architecture's ability to support the business needs required in terms of security without weighing down performance;
verification of any flaws in the security of the software architecture.
The assessment may also consider the verification downstream of the actual realization of the architecture proposed in the software projects.
At the beginning of the assessment program, DNV GL analyzes the architecture based on the Best Security Practices applicable to the fields of Product Software Architecture, System Architecture, Network Architecture and highlights the gaps to be filled with respect to the following requirements:
security integrated into software architecture;
robustness of the proposed solutions;
components that are part of the software architecture.
The advantages of a software architecture security analysis compared to best practices
The benefits obtainable from organizations are:
balancing of functional, quality and safety requirements;
the communication of the solutions identified between the various interested parties;
an abstract and third-party analysis of the system, culminating in the drafting of a Report with the possible weaknesses found.
No comments:
Post a Comment