Software Engineering (10th Edition)
10th Edition
ISBN: 9780133943030
Author: Ian Sommerville
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.5E
Explanation of Solution
Use of layered approach for asset protection:
In system architecture, protection is one of the fundamental issues and layered architecture is used to provide protection.
In layered architecture, the critical protected assets are present at lowest level in lowest level and they have layers of protection around them.
For example, in a patient record system, the critical assets that need to be protected are records of each individual patient.
An attacker has to penetrate three system layers in order to access and modify patients’ records and as protection increases layered approach improves security...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solution
Students have asked these similar questions
Explain why a layered approach to asset protection should be employed using an analogy from a non-software engineering setting.
What are the similarities and differences between Microsoft's Security Development Lifecycle (SDL) and the SDLC? Do you think that the SDLC could be improved using some of the features of the SDL, and if so, which ones and why? The proponents of agile methodologies claim that the traditional SDLC suffers from a lack of predictability, or rather that development according to SDLC tries to predict a system's needs. How do agile methodologies approach this problem?
Explain, with the use of an illustration, why resistance to cyber assaults is such an important component of system dependability?
Knowledge Booster
Similar questions
- Information security program development and implementation is not a simple process, but it is an absolutely essential and on-going process; particularly if your organization is responsible for maintaining the integrity, availability, and confidentiality of customer information or business-critical data. Explain TWO approaches with the help of a valid diagram to Information Security Implementation in any organization.arrow_forwardTask 2 → design an information security poster for end usersarrow_forwardSecurity breaches in information systems are very commonplace these days even though some organizations have what they believe is good security controls. Because of their vulnerability to threats from hackers, internal personnel, and poor management of Hardware and software devices, security controls always need revisiting.From my perspective as manager of the Accounts and Finance department, every security breach affects this department even if it is just down time to be at meetings, to discuss strategies and costs to repair damages. When the breaches occur, unauthorized access is gained to either, do something malicious to the organization's resources to steal or sabotage data for financial gain.This usually results in the company's reputation/integrity being damaged, Loss of revenue during downtime, high costs to repair and restructure. legal ramifications are expected as well if guilty persons are found or if customers decide to sew for breach of contract and losses.Two Reasons…arrow_forward
- A. What conditions must be met to ensure that risk acceptance has been used properly? B. Discuss the concept of an organisation’s competitive advantage against competitors and how it has evolved over the years with the ongoing development of the IT industry. C. Explain why networking components need more examination from an information security perspective than from a systems development perspective. Why must this practice be periodically reviewed? D. With the aid of a diagram, discuss the contingency planning hierarchy. E. What is the DMZ? Discuss whether this is a good name for the function that this type of subnet performs.arrow_forward1) fundamental to cybersecurity. However, there are often trade-offs between them and prioritization of different components. The components in the CIA Triad – Confidentiality, Integrity, and Availability – are 1. For each component in the CIA Triad, provide a scenario where you feel that component should be prioritized over the other two. а. If you are having problems coming up with scenarios, consider things like emergency systems; financial, legal, or personal information; military systems; health care; digital currencies; etc. b.. on wny it should be prioritized over the other 2 components. For each of the scenarios in (a) provide 2-3 sentences with your reasoningarrow_forwardThe design of systems translates the specifications into componenents that will implement them. The design will satisfy the specifications if and only if under all relevant circumstances, the design will not permit the system to violate those specifications. In cybersecurity, there are specific design principles that can support security policies and usually the principle are build on the ideas for simplicity and restrictions. Identify three principles that you think are the most important in securing the design? Provide real life implementation example? Discuss and provide citation if needed?arrow_forward
- discuss why entity relationship model is important in software security.arrow_forwardHow likely are there to be security concerns throughout the process of outlining an approach and key milestones?arrow_forward1-The Common Criteria Portal is an excellent location to identify products and systems to implement and how they can integrate to create an overlapping security system. They use an EAL system (which includes a Target of Evaluation – the product to be tested. A Protection Profile – what the base product is supposed to do. A Security Target – the goal of what a security product of that type is supposed to do. And Security Functional Requirements – how functions are supposed to work). These together are used to evaluate products. How can you use this to improve your overall security posture? 2-Describe the EAL ratings and why they might be critical in determining whether a product might be appropriate for your environmentarrow_forward
- Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement security policy for an organization. Answer the following questions regarding SAMM: How do organizations generally deploy SAMM Model? Is SAMM a descriptive model or prescriptive model? Write the rationale behind your answer.arrow_forwardIn the area of Information systems security, there are a number of phases that a business will follow to conduct this security. Two of the phases are "Implement controls" and "Review & Update security process". What is the relationship between these two phases regarding their purposes? Do not just state or explain what each of these are, but regarding their overall purposes explain their relationship.arrow_forwardDeveloping an information security architecture involves other types ofarchitecture, such as the target architecture and reference architecture. Brieflydistinguish between these two types of architecturesarrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
Database System ConceptsComputer ScienceISBN:9780078022159Author:Abraham Silberschatz Professor, Henry F. Korth, S. SudarshanPublisher:McGraw-Hill Education
Starting Out with Python (4th Edition)Computer ScienceISBN:9780134444321Author:Tony GaddisPublisher:PEARSON
Digital Fundamentals (11th Edition)Computer ScienceISBN:9780132737968Author:Thomas L. FloydPublisher:PEARSON
C How to Program (8th Edition)Computer ScienceISBN:9780133976892Author:Paul J. Deitel, Harvey DeitelPublisher:PEARSON
Database Systems: Design, Implementation, & Manag...Computer ScienceISBN:9781337627900Author:Carlos Coronel, Steven MorrisPublisher:Cengage Learning
Programmable Logic ControllersComputer ScienceISBN:9780073373843Author:Frank D. PetruzellaPublisher:McGraw-Hill Education
Database System Concepts
Computer Science
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:McGraw-Hill Education
Starting Out with Python (4th Edition)
Computer Science
ISBN:9780134444321
Author:Tony Gaddis
Publisher:PEARSON
Digital Fundamentals (11th Edition)
Computer Science
ISBN:9780132737968
Author:Thomas L. Floyd
Publisher:PEARSON
C How to Program (8th Edition)
Computer Science
ISBN:9780133976892
Author:Paul J. Deitel, Harvey Deitel
Publisher:PEARSON
Database Systems: Design, Implementation, & Manag...
Computer Science
ISBN:9781337627900
Author:Carlos Coronel, Steven Morris
Publisher:Cengage Learning
Programmable Logic Controllers
Computer Science
ISBN:9780073373843
Author:Frank D. Petruzella
Publisher:McGraw-Hill Education