SI Secure
SI Secure
IndustriesServicesProductsCompanyLibrary
SI Services


Architecting Secure Solutions

Download our Security Education Curriculum Guide

COURSE OVERVIEW

This course discusses the four basic tenets of software security: Integrity, Availability, Privacy and Confidentiality. It highlights the need for them in the development process and sets the stage for specific techniques and technologies that enable secure software development.

COURSE OUTLINE

I. Security Principles
The fundamental principals of secure development are outlined. The content is sprinkled with examples not just in code but also with live demonstrations of the critical issues and failures.
  • Defense in depth
  • Policy compliance and implications (HIPAA, GLBA, BASLE II, SOX …)
  • Least privilege
  • Separation of duties
  • Input validation
  • Fail secure
  • Security and usability
  • Auditing and logging
  • Prevent, detect and react
  • Testing for security
  • Evaluation and accreditation
  • Designing ‘tunable’ security levels weakest link
  • Change control, change/configuration management
  • Least exposure (only exposing what is needed)
  • Secure initial configuration (security out of the box)
  • Use available, well-tested security technologies…don’t invent your own
  • Disclosing security capabilities and limitations
II. The Business Context
The role that security concerns and technologies play in product business decisions is discussed. Some of the tradeoffs are highlighted and also topics such as security estimation and metrics along with quantifiable risk assessment are touched on.
  • Business requirements and security functionality
  • How to make design decisions based on your business demands
III.  Methodologies and Techniques
This section broadly discusses fundamental principals of secure design. This section will also provide background information to better frame the technologies section.
  • Security management and administration
  • Secure remote admin
  • Inter-agent secure communication
  • Identity Management
  • Data in transit security
  • Security design patterns
  • HA and Recovery techniques
IV. Technologies
This section is designed to educate developers and testers on the technologies available to create more secure systems. The thrust of this section is to impart knowledge on constituent technologies that can essentially be “plugged in” to obtain a particular level of assurance.
  • VPN
  • Firewalls and proxies
  • IDS
  • Crypto
  • PKI
  • Hardening and lockdown tools
  • Security patch currency analysis and update tools
  • Vulnerability Assessment tools
  • Anti virus
  • Access control
  • Smart cards
  • Biometrics

For more information, please contact Sales at +1.978.694.1008 x24 or email

back to the top of the page