Functional and Non-Functional Requirements of Information Security |
Fundamental principle in security design is to plan forfailure. Development projects are mainly focused on base flows of the systemsince these implement business valuable features. However from a securitystandpoint, exceptional and alternate flows highlight paths that often becomeattack vectors once the system is deployed. These flows are worth examinationby Information Security to ensure that the system is not likely to enter aninsecure state and to identify areas to deploy security mechanisms such asaudit logs and IDS tools to catch security exceptions when they occur.