Jump to content

Software security assurance

Edit links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Manionc (talk | contribs) at 17:32, 21 June 2006. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Intro Software is itself a resource and thus must be afforded appropriate security. Software also contains and controls data and other resources. Therefore, it must be designed and implemented to protect those resources.

What is Software Security Assurance? Software Security Assurance (SSA) is the process of ensuring that software is designed to operate at a level of security that is consistent with the potential harm that could result from the loss, inaccuracy, alteration, unavailability, or misuse of the data and resources that it uses, controls, and protects.

The SSA process begins by identifying and categorizing the information that is to be contained in, or used by, the software. The information should be categorized according to its sensitivity. For example, in the lowest category, the impact of a security violation is minimal (i.e. the impact on the software owner's mission, functions, or reputation is negligible). For a top category, however, the impact may pose a threat to human life; may have an irreparable impact on software owner's missions, functions, image, or reputation; or may result in the loss of significant assets or resources.

Once the information is categorized, security requirements can be developed. The security requirements should address access control, including network access and physical access; data management and data access; environmental controls (power, air conditioning, etc.) and off-line storage; human resource security; and audit trails and usage records.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Software_security_assurance&oldid=59843908"