Scribd
Upload
78 views4 pages

Secure Software Development Guide

This document discusses the importance of audit trails, security audits, and security monitoring for Atlassian, a company that provides software-as-a-service tools. It states that audit trails can track and log all actions on computers to mitigate attacks and security issues. Security audits assess network controls and data protection through penetration testing to identify vulnerabilities. Security monitoring provides real-time insight into network activity to potentially stop attacks before damage occurs. The document argues these are best practices that provide defensive assurance, and reduce costs from attacks while increasing revenue and profit.

Uploaded by

api-526409506
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
78 views4 pages

Secure Software Development Guide

This document discusses the importance of audit trails, security audits, and security monitoring for Atlassian, a company that provides software-as-a-service tools. It states that audit trails can track and log all actions on computers to mitigate attacks and security issues. Security audits assess network controls and data protection through penetration testing to identify vulnerabilities. Security monitoring provides real-time insight into network activity to potentially stop attacks before damage occurs. The document argues these are best practices that provide defensive assurance, and reduce costs from attacks while increasing revenue and profit.

Uploaded by

api-526409506
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Running head: Logical Security Architecture 1

SABSA-Based Logical Security Architecture

G. Logan Gombar

University of San Diego

Ms. Michelle Moore


Security Architecture Development Process 2

SABSA-Based Logical Security Architecture

Atlassian is a company that provides a number of software-as-a-service (SaaS) tools,

such as Jira and Trello (Atlassian, n.d.). These services are typically used to enable rapid

software development. This implies that many software engineers and computer savvy personnel

will be interacting with the software on a regular basis, therefore auditing and monitoring efforts

are a critical endeavor. This will make sure all actions are logged and can be retrieved as needed.

Monitoring provides active and real-time insight into network activity, providing the potential

opportunity to stop an attack prior to damage taking place, and security audits provide assurance

of the security stance of the enterprise before an attack takes place. These are best practice

defensive assurance strategy security per Sherwood in his enterprise security book (2005).

Assurance Security Strategy

Audit Trails

Every action in a computer can be written to a file, and this is the premise of an audit log.

This concept enables trailing and tracking actions, providing a play-by-play walkthrough of the

events. Taking on this concept to its obvious next logical step, auditing can clearly be used in a

security sense, and should be used for such purposes. Auditing actions on all computers enables

the mitigation of most nefarious actions, and greatly increases the ability to prevent the rate of

any future similar events by giving fantastic access to the step-by-step actions of adversaries and

how they did what they did. Therefore, auditing will help mitigate future attacks. Additionally,

auditing every action taken can show where problematic actions are being taken that aren’t

explicitly attacks, but are rather abuses of the systems – audit trails mitigate this.

This concept is obviously a benefit to business efforts, and so implementing this security

service will clearly be a help to business endeavors. This can be seen in the reduced and avoided
Security Architecture Development Process 3

costs when attacks are stopped or avoided, the cost of which is no longer spent. This is obviously

a benefit because business focus is all financially-driven.

Security Audit

Security audits intended to test the strength of a network and an enterprise. Taking stock

of the sensitive data on the network and controls in place to protect said data, and the

implementation accuracy, is the first step in the process of a security audit. Further audits can

include penetration testing, known as “red teaming”, of the network. This is a more active

approach to security auditing by searching for vulnerabilities in the network that could include

technical failures, software vulnerabilities, and configuration errors. Since these teams are hired

or assigned to do this testing, they will utilize the same tactics used by adversaries but without

the negative motivations and goals, instead producing a report of the vulnerabilities at the end.

The business benefit of security audits is exceptionally clear. Increased security audits

improve security through assurance of a given set of controls. Increased security results in more

secure data, less likelihood of theft of said data, and decreased chances of lawsuits due to stolen

data. All of this combines to increased revenue and profit.

Security Monitoring

Security monitoring has explicit and palpable benefits to the business. Actively

determining the safety and security of the network in real-time, with the added bonus of being

able to stop an attack in its tracks, has very clear benefits to a business – stopping an attack

before damage is done is the ideal response to any attack. While monitoring doesn’t guarantee

the ability to stop an attack, it provides the opportunity.


Security Architecture Development Process 4

References

Atlassian. (n.d.). Atlassian. [Link]

Sherwood, N. A. (2005). Enterprise security architecture: A business-driven approach. CRC Press.

You might also like