|
|
The issue of ensuring the information security of the company's internal resources arose immediately after the permanent connection of corporate networks to the Global Network. This led to the creation of a protected perimeter around information systems and the delimitation of access rights within the protected circuit.
The first step in the classic approach to software development is to analyze market demands to formulate requirements and describe new product features. Then comes the design of the project architecture and design – defining the components that are subject to revision or development from scratch, and the interaction between the product components.
The third step is when development itself content writing service begins – the program code is written, the product is assembled. Then comes testing – unit tests are conducted, quality is assessed. Finally, the fifth stage is release into the production environment, when integration, operation, technical support and performance monitoring take place.
This approach allows us to achieve high product quality and ensure fast delivery of its updates to the market.
However, the classic method does not take into account the risks of vulnerabilities that can be exploited by attackers. This, in turn, can lead to legal and financial consequences and, of course, reputational damage to the company.
For example, at the turn of 2020–2021, attackers found a vulnerability in the system of software manufacturer SolarWinds and introduced a malicious update. This attack affected 18 thousand companies. The list of victims included Microsoft, the information security company FireEye, the US State Department, and the US Treasury Department. Attackers penetrated the organizations' infrastructure and gained access to corporate accounts and documents.
The implementation of secure software development practices (SSDP) will reduce risks and the likelihood of vulnerabilities appearing in the product. Let's consider the key information security measures that are applied at each stage of the classical approach.
The first stage involves assessing potential threats and vulnerabilities that may appear in the product, as well as risks associated with ensuring confidentiality, integrity and availability.
At the second stage, requirements and restrictions on information security are formed, based on the security by design approach. They are included in the technical specification and define restrictions depending on the threats. For example, restrictions for programming language versions: outdated, unsupported and vulnerable.
|
|
發表於 17:16:47