Question

Information security principles provide the basis for security standards. There are several entities and governing bodies that create standards and regulations for use with information security.

Explain the design methodology, implementation approach, and the person who involves in designing a good information security system for an organization.                            (20 marks)   

Learning Outcome:

Explain the basic principles and techniques in designing a secure system

Answer 1

Please upvote if you are able to understand this and if there is any query do mention it in the comment section.

Design methadology - This refers to the development of some kind of system for some unique web design or information design. The design methadology aims at finding the best solution for a given design solution.

Implementation approach - This approach describes exactly how the actions are required to be performed and how the decisions are required to be taken so that organization can move from ideas to achieving them in reality. Implementation approach also describes how all the strategies that were made will be getting executed in reality.

Within an organization, everyone like employees, managers can be responsible for designing a good information security system. The organization has to ensure that any individual who will be representing the organization is enough trained in information security. The implementation approaches are: Bottom-up approach and top-down approach.

Bottom-up approach - In this approach, the entire organization has to show their participation in the process which will lead the organization to success. Bottom up approach allows every employee of the organization to accomplish their goals and also whatever the objective that has been set. Example - There are organizations in which only seniors are allowed to participate in decision making process. But the organizations, in which bottom-up approach is followed there everyone is participates in the decision making process.

Top-down approach - In this approach, the seniors like CEO or chairman of the organization takes decision for the entire organization. The action that has been declared to be taken by the seniors are required to be carried out by the entire organization as first the action is executed by middle management then by the management at the bottom. Example - Organizations follows this approach as following this approach sets a execution ladder in structural way.

Basic principles in a designing a secure system are:

Integrity - The data that is being transferred or share is not supposed to be tampered or modified by any unauthenticated users or any third party.

Confidentiality - Only users who are authenticated are allowed to have access to data and anyone else is not permitted to have access to the data.

Availability - The should be available only to the authenticated users whenever the they will be need exactly on time neither too late nor too late.

Techniques for designing a secure system can be:

• Separating the individuals according to their duties will make sure that no individual can perform any act of deception that can cause harm to the system.
• Avoiding the security controls to be very complex or sophisticated as such an architecture can lead to large number of errors in the future in the security systems.