Security
This chapter covers the fundamental principles and practices associated with system security, with a focus on the aspects that affect software architecture and the everyday life of engineers.
It begins by defining key concepts such as confidentiality, integrity, and availability (the CIA triad), which form the backbone of security strategies. The chapter outlines several types of threats, including malware, phishing, and insider attacks, highlighting the need for comprehensive risk assessment and management.
Next, it explores various aspects of authentication and how it affects the engineering design of software features, such as multi-factor authentication (MFA). Then, we will discuss how to use access control to ensure that only authorized users can access certain resources.
Additionally, the chapter addresses compliance with legal and regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability...