An alternative approach is to develop systems that are Secure by Design. It involves the design of cybersystems in which security measures are built into and are part of the architecture and program code. In this case, security aspects are taken into account from the earliest stages of development – security requirements are equated with functional requirements and influence the choice of solution architecture and hardware base.
This approach is used in traditionally critical application areas, for example, in the aerospace industry the Integrated Modular Avionics (IMA) architecture concept is fully compliant with the principles of Security by Design. However, this approach has not yet been widely adopted for several reasons:
Therefore, a simple and cost-effective method is needed to implement security not as a result of the individual talents of the developers, but as a result of planned activities. Kaspersky’s Cyber Immune approach to development aims to solve this problem.
The Cyber Immune approach is an evolutionary development of security technologies based on the theoretical foundations and global practices of building secure systems in industry, transportation and governance. The approach combines a cost-effective methodology for the development of cybersystems with architectural requirements, meaning it can be applied in multiple domains.
The goal of the Cyber Immune approach is to create a Cyber Immune system – a cybersystem whose declared assets are protected from undesirable events under any conditions, even under attack, subject to specified constraints.
The Cyber Immune approach consists of two parts that aim to provide methodological support for the Secure by Design approach:
The first of these components of the Cyber Immune approach is discussed in detail in the next part – “Process requirements: Security objectives and threat modeling”.
An alternative approach is to develop systems that are Secure by Design. It involves the design of cybersystems in which security measures are built into and are part of the architecture and program code. In this case, security aspects are taken into account from the earliest stages of development – security requirements are equated with functional requirements and influence the choice of solution architecture and hardware base.
This approach is used in traditionally critical application areas, for example, in the aerospace industry the Integrated Modular Avionics (IMA) architecture concept is fully compliant with the principles of Security by Design. However, this approach has not yet been widely adopted for several reasons:
Therefore, a simple and cost-effective method is needed to implement security not as a result of the individual talents of the developers, but as a result of planned activities. Kaspersky’s Cyber Immune approach to development aims to solve this problem.
The Cyber Immune approach is an evolutionary development of security technologies based on the theoretical foundations and global practices of building secure systems in industry, transportation and governance. The approach combines a cost-effective methodology for the development of cybersystems with architectural requirements, meaning it can be applied in multiple domains.
The goal of the Cyber Immune approach is to create a Cyber Immune system – a cybersystem whose declared assets are protected from undesirable events under any conditions, even under attack, subject to specified constraints.
The Cyber Immune approach consists of two parts that aim to provide methodological support for the Secure by Design approach:
The first of these components of the Cyber Immune approach is discussed in detail in the next part – “Process requirements: Security objectives and threat modeling”.