Security experts have long said that internet-connected systems and software need security controls and features built in by design, in the same manner they’re built into physical infrastructure. The National Institute of Standards and Technology agrees and has issued guidance to help software engineers build secure products.

Titled “Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems,” the guideline emphasizes incorporating “well-defined engineering-based security design principles at every level, from the physical to the virtual,” NIST Fellow Ron Ross wrote on the Taking Measure blog. A holistic approach does more than make systems penetration-resistant; even after a compromise, they’re still capable enough to contain the damage and resilient enough to keep supporting critical missions and business functions.

To read this article in full or to leave a comment, please click here

Source: Security