Information Technology Reference
In-Depth Information
In order to protect the business, the IT systems have to be up-to-date. Besides
well-known mechanisms such as virus scanners, firewalls, and demilita-
rized zones, modern software architectures contain their own security lay-
ers. In Java, for instance, a Security Manager enforces policies to limit the
rights to a distinct part of the source code. Even if an attacker manages to
breach or compromise a certain part of the code, he or she only acquires the
minimal subset of rights the code was granted to that part of the code in
order to fulfill its tasks.
This helps to minimize the impact of vulnerabilities. In spite of all the
efforts, data breaches are bound to occur. Depending on the domain a com-
pany is working in, the company may be even obliged to comply with rules
and regulations and may face noncompliance charges for not following the
regulations such as the Payment Card Industry Data Security Standard, Visa
Member rules, or the Health Insurance Portability and Accountability Act.
Hence, companies must adopt solutions to protect their data and provide
forensic evidence of attacks that can be used in courtrooms. To minimize the
risks, a plan has to be developed to detect security breaches by monitoring
IT systems for unusual behavior. The system must respond to such anom-
alies. Once a breach has been detected, a previously established response
plan has to be invoked to respond and handle the incident appropriately.
The response plan has to be comprehensive and should not only cover steps
to be taken in order to fix the breach in security, but also define notification
agency and the nature of the forensic evidence to be gathered and recorded
for admissibility as evidence in a court of law.
4.1.1.6 Reliability
Reliability is defined as the ability to perform and maintain distinct func-
tionalities within predefined parameters for a specified period of time. The
importance of this nonfunctional requirement may vary drastically depend-
ing on the usage scenario. An intranet portal will most likely have different
availability requirements than a stock-trading portal during business hours.
Reliability can be differentiated into a data-centric part and a service-
centric part. Data-centric reliability concerns the data the application is
working with. Service-centric reliability focuses on the guaranteed avail-
ability of services. In online shopping, credit card validation is a vital service
for the business, whereas a service to verify zip codes for the order address
has a noticeably lower priority. A service to provide currency exchange rates
have to be as accurate as possible and its data reliability is essential. Service
reliability is characterized by the number, date, time, and time span of sched-
uled downtimes, what is or what is not considered force majeure, and how
much latency is acceptable. Some of the questions to be asked before the
actual software is developed or chosen concern its latency, tolerance to fail-
ure, and the fallback mechanisms available in case of a failure.
Search WWH ::
Custom Search