Research Paper About Security by Design Principles

Security by Design Principles
Name:
Institution:
Course:
Date:
Security by Design Principles
When designing software, security is no longer considered a privilege, rather this is a necessity that has to be included in the design. Software engineers have to establish the right set of tools to enhance the security of the program to ensure the users are secure from any form of attacks. The security measures and controls in place will depend on the data to be protected. The level of protection controls offered to data on a blog and banking system are very different. It is also important to understand and classify the likely attackers on a system such as, drive-by-attackers, disgruntled workers or developers, script kiddies, organized crime or even defacers (Merritt, 2017).
When designing the system, developers have to consider the core pillars of information security. These include confidentiality, where users only access information that they have been permitted alone. Integrity on the other hand refers to blocking out unauthorized users to tamper with any data, while availability allows the authorized users to access data in the system whenever they need it (McGraw, 2017).
There are several principles that guide the developers on the designs of the software. It important to minimize the surface of attack, making sure that added features do not bring about any form of compromise. This calls for secure defaults out of the box (Merritt, 2017). At the same time, least-privilege should be invoked by way making sure, there are restrictive administrative rights. The developers should also use more controls to make it harder for the attackers to compromise the systems. Where the systems fail, they should not do so in a way to compromise data and processes (McGraw, 2017). In the same light different duties should be separate to enhance the level of accountability. While the...