Building blocks of secure design
Any discussion about the requisite tools in your design toolbox wouldn’t be complete without some discussion of the actual security mechanisms that you’ll employ as part of your design. These represent specific measures you might use – and specific objectives that you might target – as part of a broader, overarching security design.
It’s important to understand what these controls are and what they are not. They are not implementations. Any given control can be implemented in a myriad of different ways. For example, you might have a control objective specifying that any administrative access to production systems (and system components) must be logged and recorded. However, this in itself doesn’t outline how you’d do that. Instead, context, circumstances, and the organization itself will dictate how you accomplish the result and how you implement that control within your organizational context. For...