Because of ever increasing threats, AAS™ integrates security directly into the recommended development strategy for those organizations that are using AASF™ to develop software. Serious financial damage has been caused by security breaches so it is important to assess the risks their organization is likely to encounter when they release code into the world. The goal is to only have code available to the public if it was authorized by the organization.
In alignment with the Gordon-Loeb Model the amount a firm spends to protect information should be a fraction of the expected loss resulting from a security breach. Unfortunately the reliability of cost estimates for security breaches is not always accurate. Because the way that the source for the information loss information is anecdotal. It does however provide a ballpark estimates about the cost of security breaches so that organizations at least have a starting point to base investment decisions.
Security by design is architecting the system from the ground up to be secure with controls that serve the purpose of: confidentiality, integrity, availability, accountability and assurance. Attainment is provided by the use of three processes: threat prevention, detection, and response.
Some of the types of security include:
- Intrusion Detection System (IDS) products detect network attacks in-progress.
- User account access controls can protect systems files and data.
- Firewalls can shield access and block attacks to internal networks and can be implemented as software running on the machine, or as a separate machine.
Agilest® AASE™ - Adaptive-Agile™ Security Engineer