Security specification

services

Security specifications are a vital component of all software project requirements. The specification needs to be based upon the agreed security policies.

Specification scope

The information security specification needs to address all the potential inputs, outputs and assets required for the operation of the web system. These can be identified through formalised security models and risk assessments, through analysis of other requirements and documentation and by reviewing legal and other compliance requirements.

Security specification requirements

The following types of issue should be addressed:

  • system availability
  • data identification and classification
  • session management schema, including log out mechanisms
  • authentication schema
  • authorisation schema
  • input validation functions
  • choice of encryption protocols and how these are to be applied
  • data exchange standards, and where appropriate, data exchange encryption
  • network, hardware and operating system
  • load balancing, failover, replication and standby systems
  • installation and configuration
  • operation controls including back-ups and recovery
  • monitoring, logging and auditing

Each area will be highly dependent upon the other application requirements, installation environment, sensitivity of data and types of users. For example, in considering the session management scheme, the user topography, data classifications, number of concurrent sessions, the inactivity timeout, the active timeout, fixing sessions to IP address, user experience level, single sign-on/automated sign-on and 'remember me' functions would be included in the types of issues to be considered.

Web security services from Watson Hall

Information security policies, standards and procedures, web site and web application security assessments and audit and web security design and review.

Contact Watson Hall

Contact Watson Hall to discuss how we can help develop a security specification for your web site or web application.

Act now

Contact Watson Hall to discuss how we can help develop a security specification for your web site or web application.

To discuss security matters in confidence and without obligation, telephone us on 020 7183 3710 or complete the enquiry form

© 2007-2014 Watson Hall Ltd, last reviewed 18 February 2009

These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified information security professional on any specific problem or matter.

© 2007-2014 Watson Hall Ltd, last reviewed 18 February 2009

Watson Hall Ltd is a company registered in England no 6004969 at North Bastle, Gatehouse, NE48 1NG, United Kingdom.

https://www.watsonhall.com/methodology/security-specification.pl
Watson Hall Ltd - Web security specification
Requested by: 174.129.80.166 on Friday, 25 April 2014 at 03:02 hrs