IT policy
Section 1
Traditionally the term assurance is mainly anchored on two properties: quality and reliability. Recently the term has undergone a radical shift to adopt an approach of assured security bringing on board “information assurance” as part and parcel of its definition. The term of assurance can be defined in various ways (IATAC and DACS, 2009). However, the different definitions often complement each other but may differ in procedures, emphasis and application. Therefore, assurance can be defined the “confidence that software or hardware will continually perform and exhibit properties that will ensure that’s its operations will function despite the presence of self imposed faults” (IATAC and DACS, 2009). On the hand, security functionality refers to the” security related functions that encompass an information system or its infrastructure” (IATAC and DACS, 2009).
The first article titled “Software Security Assurance” by State of the Art Repot gives a detail account on issues touching software security assurance issues(IATAC and DACS, 2009).. The report encompasses various aspects of software assurance that include definition of terms, background, scope, software risk, secure system engineering practices, SDLC processes and methods and lastly initiatives and activities within an organization. The State of the Art Repot takes a position which looking on the modern approach in Software Security Assurance (IATAC and DACS, 2009).The report is tailored to software practitioners, researches, system engineers and integrators, information assurance Cyber Security and Network Security Practitioners, Acquisition Personnel, and Managers and Executives in Software Development Organizations and Software User Organizations. Therefore, the report it tailored for the software engineering professional (IATAC and DACS, 2009)..
The scope of the article presents two security assurances aspects. First; it openly discusses how an organizations can secure its software product and on the other hand how to procure software that is secure (either open source, commercial and custom made software). The article presents an approach of embedding security feature during the various phases of the software development lifecycle. Moreover, it identifies security limitation in various software developmental approaches and the best practices to overcome this limitation in each.
Software assurance is essential in securing software. However, it does not guarantee secure software. This so since; software assurance is targeted at functionality, quality and reliability. In conclusion, software assurance in its eternity can be argued to be dependant software assurance and functionality but other host of issue plays major part in securing software.
The second article titled Safe Code driving Security and Integrity discusses software assurance. It gives a detailed overview of the best industry practices. The article discusses security concerns that have become sophisticated with the dynamic IT environment. Therefore, users of information systems are generally concerned with integrity, security and the reliability of software (Safe Code, 2008). The white paper has developed an approach of the best practices for software developers to develop strong controls and ensure reliability of software security.
Vendors who have implemented these best practices have witnessed incredible results in their products as regards to security issues (Safe Code, 2008). Therefore; it is necessary for every software developers and vendors to adopt these measures. This will ensure that the clients have confidence in their product or services.
Lastly, the last article titled Information Technology Security Evaluation Criteria
(ITSEC) gives a glimpse of the functionality. It takes a Target of Evaluation (TOC) approach that offers security. This approach looks at security features held by each component of the device. Therefore, it is imperative for the features of the product to be stated and determine the desired evaluation at each level (Department of Trade and Industry, 1991).
In this approach the security features are viewed in three levels. That include: security objectives, security enforcing and security mechanisms (Department of Trade and Industry, 1991). By coming up with three criteria the security features that are desired designed.
The approach of security functionality plays an important role in securing software. However, the approach used can compromise the software functionality. Examples the approach used will depend on the nature of application being developed. Development of business critical application will require a more rigorous approach to secure its functionality as compared with a basic application. In conclusion; the security functionality is basically determined by the nature and use of the application being developed.
Section 2
Attacker goals, behavior and resources (threat model)
Since they are small, compared to for example laptops and notebook computers, they can be stolen or misplace with ease. In cases where the wrong people may steal them, they could become an easy avenue to gain entry into sensitive information. The Smartphone can be used as a medium of distributing malware to various handheld devices masqueraded several forms such as games; after installation, they can cause widespread damage on other appliances. The Smartphone can be an avenue of electronically spying by bugging, thus a threat to the privacy of an individual.
Basic user security practices
The owners of Smartphone are have the sole task of ensuring that they are safe and no vital data is either lost or lost in any way whatsoever. In cases where it has been accidentally lost, compromised or abused in any way, they should report to the Information Technologies & Services. To prevent the loss of data in case of misp0lacement of the Smartphone, their owners should ensure that they protect them by a pin, pin timeout that can be at least half an hour, minimal pin entry trials of a minimum of ten times after which it is unlocked using “factory settings”. The Smartphone owner should encrypt the vital data, account and password which are transmitted over any network that is wireless to ensure that they are not abused. The Smartphone owner should also occasionally change the password.
Safeguards
The user should ignore all suspicious actions mainly because such Smartphone may become recipients of malicious programs. The owner should also reduce the amount of exposed sensitive data by limiting the amount kept on such devices. In addition, there is merit in turning off wireless interfaces such as Bluetooth, Infrared as a precautionary against malicious malware. Other forms that connect one to data services such as GPRS, as a precautionary, the user may have advantage if turned off when not being used. The owner should reduce the features and other functions of the phone to for security matters.
References
Department of Trade and Industry, (June 1991).Information Technology Security Evaluation Criteria.Harmonised Criteria of Department of Trade and Industry: London.
Safe Code, (2008). Software Assurance: An Overview of Current Industry Best Practices. Software Assurance Forum for Excellence in Code.
IATAC and DACS. (July 31, 2007). Software Security Assurance State-of-the-Art Report (SOAR). Information Assurance Technology Analysis Center (IATAC) and Data and Analysis Center for Software (DACS)
Order Management
Premium Service
- 100% Custom papers
- Any delivery date
- 100% Confidentiality
- 24/7 Customer support
- The finest writers & editors
- No hidden charges
- No resale promise
Format and Features
- Approx. 275 words / page
- All paper formats (APA, MLA, Harvard, Chicago/Turabian)
- Font: 12 point Arial/Times New Roman
- Double and single spacing
- FREE bibliography page
- FREE title page
0% Plagiarism
We take all due measures in order to avoid plagiarisms in papers. We have strict fines policy towards those writers who use plagiarisms and members of QAD make sure that papers are original.