Information Security Architecture Design
Key considerations for information system security design: system security assurance system, information security architecture
System security assurance system:
- Determination of the security zone strategy, according to the division of the security zone, the competent department should formulate a targeted security strategy
- Unified configuration and management of anti-virus systems, the competent department should establish an overall defense strategy to achieve unified configuration and management
- Network security management, strengthen network security management, formulate relevant rules and regulations
Database Integrity Design
Database integrity design principles:
- Determine the system level and method of its implementation according to the type of database integrity constraints, and consider the impact on system performance in advance. Generally, static constraints should be included in the database schema as much as possible, and dynamic constraints should be implemented by applications.
- Entity integrity constraints and referential integrity constraints are the most important integrity constraints of relational databases, and should be applied as much as possible without affecting the key performance of the system
- The trigger function supported by the current mainstream DBMS should be used with caution. On the one hand, due to the high performance overhead of triggers, on the other hand, the multi-level triggering of triggers is difficult to control and prone to errors.
- In the requirements analysis stage, it is necessary to formulate naming conventions for integrity constraints, and try to use meaningful combinations of English words, abbreviations, table names, column names, and underscores
- The integrity of the database should be carefully tested according to business rules to eliminate the conflicts between implicit integrity constraints and the impact on performance as soon as possible
- There must be a full-time database design team responsible for the analysis, design, testing, implementation and early maintenance of the database from beginning to end
- Appropriate CASE tools should be used to reduce the workload of each phase of database design
software vulnerability
Four aspects of software vulnerability include:
- Vulnerability is a hidden weakness in a software system, which does not cause harm by itself, but will have serious security consequences after being exploited
- In the software development process, logical errors introduced consciously or unconsciously are the root source of most vulnerabilities
- It is closely related to the specific system environment, and any difference in the system environment may lead to different vulnerability issues
- Colleagues who have old vulnerabilities patched or corrected may introduce new ones, so vulnerability problems perpetuate
Typical taxonomy: ISOS taxonomy, PA taxonomy, Landwehr taxonomy, Aslam taxonomy, Bishop taxonomy, IBM taxonomy
ISOS taxonomy: Classification of security and privacy aspects of information systems, the purpose is to help information system managers understand security issues and improve system security Provide corresponding information PA taxonomy: Mainly study the defects related to security inclusion in operating systems
Landwehr
classification Method: Classification based on the three dimensions of defect cause, introduction time and distribution location. For each dimension, multi-level classification and description can be made in more detail
. From the perspective of cycles, it is divided into two categories: coding failure and sudden failure.
Bishop taxonomy: a classification method for the field of information security, describing a classification method for Unix and network-related vulnerabilities
IBM taxonomy: based on Landwehr taxonomy serve as the basis for the taxonomy framework, augment and adapt it with emerging security flaws to accommodate changes in today's vulnerabilities
Soft test-system architect knowledge points extraction-system architect tutorial (2nd edition)
- Chapter One Introduction
- Chapter 2 - Basic knowledge of computer systems (1)
- Chapter 2 - Basic knowledge of computer systems (2)
- Chapter 3 - Basic knowledge of information systems
- Chapter 4 - Basic Knowledge of Information Security Technology
- Chapter 5 - Basic knowledge of software engineering (1)
- Chapter 5 - Basic knowledge of software engineering (requirements engineering and system analysis and design)
- Chapter 5 - Basic knowledge of software engineering (software testing, clean room software engineering, component-based software engineering, software project management)
- Chapter 6 - Basic knowledge of database design (basic concepts of database, relational database)
- Chapter 6 - Database Design Basics (Database Design)
- Chapter 7 - Basic knowledge of system architecture design (architecture-based software development method)
- Chapter 7 - Basic knowledge of system architecture design (architecture style, reuse)
- Chapter 8 - System Quality Attributes and Architecture Evaluation
- Chapter 9 - Software Reliability Fundamentals
- Chapter 10 - Evolution and Maintenance of Software Architecture
- Chapter Eleven - Future Information Technology
- Chapter 12 - Information System Architecture Design Theory and Practice
- Chapter 13 - Hierarchical Architecture Design Theory and Practice
- Chapter Fourteen - Cloud Native Architecture Design Theory and Practice
- Chapter 15 - Service-Oriented Architecture Design Theory and Practice
- Chapter 16 - Embedded System Architecture Design Theory and Practice
- Chapter 17 - Communication System Architecture Design Theory and Practice