System security considerations to prevent cyber attacks
High-level security requirements in trusted computing systems can flown down to the system from several sources, such as a request for proposal (RFP) or from reference documents that provide system design guidance. The best approach for dealing with security requirements is to follow a framework that determines the design process, based on the necessary security levels.
This framework not only will specify how to implement necessary security, but also will lead the designer through the thought process. For example, the Committee on National Security Systems (CNSS) at Fort Meade, Md., provides direction on the controls that designers should consider for system confidentiality, integrity, and availability.
Similarly, the CNSS provides a path for designing-in authorization capabilities or message integrity into system security. Although some security guidance documents for U.S. military systems are classified, there are similar sorts of documents that tell the system security designer what he needs to think about as he goes through the architecture and design process. ..Read More..