4. Considerations in the Design of a Secure System

In order to ensure that a business system is running safely and that the data it handles is protected, it is necessary to consider security thoroughly during the system design phase. This chapter describes how to approach the design of the system and what procedures and audit methods are necessary and appropriate in order to configure and operate a secure system.

It also describes how to clarify the security threats to be expected when the system uses an external network and how to use hardware and software to protect against such threats.

Refer to this chapter when the system is executing J2EE applications. This chapter does not apply to systems that execute batch applications.

Organization of this chapter

4.1 Organization of this chapter
4.2 Overview of considerations in the design of a secure system
4.3 Considering the configuration of a secure system
4.4 Considering the users of the system
4.5 Considering the resources handled by the system
4.6 Checking the preconditions for a secure system
4.7 Analyzing expected threats
4.8 Considering countermeasures
4.9 Considering work procedures
4.10 Checking how to audit the system
4.11 Considering the security of systems that use external networks

To Page Top