150- 250 words. Agree or disagree support your response
Architecture and design are very important in security and the fight against threats and vulnerabilities. V. Rafe and R. Hosseinpouri explain and describe the standards for security in service-oriented architecture (SOA) to develop software. The framework consists of Confidentiality, Availability, Authentication, Authorization (access control).
Confidentiality is for data to be readable only to members or people with the right permission.
Availability is data to be available whenever needed, only to those users who have been authenticated.
Authentication is the verification of the identity of the user.
Authorization is the permissions of a user over a resource.
The text gives an example of a case study of how the software should process the information over a client booking flight and hotel rooms. This prevents people that are sniffing from getting data that should be confidential. The user logins into the booking agency and provides all the booking details, when the payment has performed the software will use access control to prevent the sniffer from viewing payment or bank details. This keeps the information secure and confidential.
Increasing threats over the years have, and will continue to change the way software and hardware are developed. The design and architecture of such needs to meet a set of requirements to mitigate new threats. Following a set framework like the one discussed by V. Rafe and R. Hosseinpouri is important to meet the needs of the clients or the enterprise. Currently, at my position, I am involved in teams that with developers and engineers developing networks in the cloud. My role is to advise if there is any security implications or any security governance that needs to be taken into consideration based on the type of data.
Rafe, V. & Hosseinpouri, R. (2015). A security framework for developing service-oriented software architectures. Security and Communication Networks, 8, 2957-2972. Doi: 10.1002/sec.1222