10 Commandments of Secure Engineering | eWeek

10 Commandments of Secure Engineering

10 Commandments of Secure Engineering
Verfasst von
Darryl K. Taft
Darryl K. Taft
Aug 11, 2014
3 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren


10 Commandments of Secure Engineering

10 Commandments of Secure Engineering

By Darryl K. Taft


Separation of Data

Separation of Data

When engineering secure systems, you must follow the fundamental principles of data separation and separate data by mission, objective and trust level so that only approved individuals have access to different types of data as well as different parts of your system.


Defense in Depth

Defense in Depth

When designing systems, sometimes we focus so much on perimeter security that we forget to pay the same attention to building an in-depth defense posture. It is important to build sensible gates or privilege barriers throughout your systems—not just along the perimeter.


Create Flood Barriers

Create Flood Barriers

The saying “You’re only as secure as your weakest link” is absolutely true, which is why it’s important to isolate each part of the system, or mission, from failures and compromises in others. If one part of the system goes down, you don’t want this to affect other parts of your system, eventually taking down your entire IT infrastructure.


Advertisement

Build a Kill Switch

Build a Kill Switch

Engineer a secure way to shut down parts of your system that may be under compromise. This ensures that if a hacker does infiltrate one particular part of your system, you are able to stop him or her in their tracks before the consequences become widespread.


Plan for Functionality

Plan for Functionality

Oftentimes, security requirements can become a barrier to system functionality—but they don’t have to be. Find new, creative ways to create functional systems that are also secure.


Ubiquitous Data Acquisition

Ubiquitous Data Acquisition

The work for creating trustworthy, resilient systems isn’t done once a system is engineered. It is equally as important to maintain a strong defense posture over time, which heavily relies on continuously monitoring as many aspects of your system as feasible and storing this data for possible forensic analysis. You must monitor multiple points within your system, and keep the data around for weeks or even months, in the event that you need to investigate historical patterns as part of a larger security analysis further down the road.


Accessibility of Telemetry

Accessibility of Telemetry

Often it is difficult to obtain or understand the internal state of a system, so it’s important to make it easy to get to the telemetry and make it intuitive to understand. Only then will an operator be able to quickly understand the difference between a failure and a compromise.


Track Baselines, Detect Anomalies

Track Baselines, Detect Anomalies

Develop a set of baselines within your systems so that you can uncover deviations from normal patterns in volumes, identities, timestamps and messages within your data analysis. The ability to detect suspicious data movement is key to uncovering threats and vulnerabilities before they affect your system, and this is only accomplished when building into your system a sense of what is normal and what is abnormal.


Advertisement

Prioritize Messages

Prioritize Messages

Assign priorities to alerts, anomalies and telemetry data and align these with possible impact on your systems. For example, if you have set up alerts to show when a particular part of your system is accessed at an irregular hour by an unauthorized user three days in a row, this should trigger a high-priority alert indicating a possible breach.


Alternate Perspectives

Alternate Perspectives

Create multiple views of the same system or component, allowing a multi-perspective view. This adds an extra layer of visibility in systems or system components to improve security analysis and help you develop the proactive measures you need to ensure a fully secured system.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.