4.2 Overview of considerations in the design of a secure system
A system is expected to encounter various security threats. Such threats might come in the course of its configuration and operation in the hands of the users who manage or operate it. They might also come in the course of end-users' use of the services the system provides. To protect the system against such threats, it is necessary to implement countermeasures such as designing a physically secure system and establishing operation rules for workers.
Recent years have seen an increase in the importance of internal control within organizations, from the perspectives of ensuring healthy organizational operations and safely configuring and operating increasingly complicated and diverse IT systems. Internal control requires an organization to prove to Auditors that it maintains the security of its systems. To achieve this, it is necessary to log the operations performed on the system, including who performed the operations and when, and to provide an auditing mechanism to verify that the operations were properly performed by employees who are duly authorized to use the system.
To implement such a secure system, it is necessary to clarify expected threats during system design and consider a system in which appropriate countermeasures against the threats can be implemented.
This chapter describes the points that must be considered during system design. It clarifies expected system threats and then describes how to approach the design of the system and what procedures are necessary in order to configure and operate a secure system.
Considering the design of a secure system involves the steps shown in the following flowchart.
|
|
![[Figure]](GRAPHICS/ZU041200.GIF)
This figure shows a work flow for ensuring the security of a system that is used within a company. For details about countermeasures against external threats, see 4.11 Considering the security of systems that use external networks.