Checklist for Specifying Software Confidentiality and Availability Acceptance Criteria
The confidentiality acceptance criteria refer to the requirement that the data must be protected from unauthorized disclosure and the availability acceptance criteria to the requirement that the data must be protected from a “Denial Of Service” (DoS) to authorized users.
Different types of possible confidentiality and availability acceptance criteria are as follows:
|No unauthorized access to the system is permitted, that is, user authentication is performed.|
|2.||Files and other data are protected from unauthorized access.|
|3.||The system is protected against virus, worm, and bot attacks.|
|4.||Tools are available for detecting attacks.|
|5.||There is support against DoS attack.|
|6.||Privacy in communication is achieved by using encryption.|
|7.||All the customer data must be stored in a secure place in accordance with the policies of customer right, such as confidentiality.|
Understanding of Worms & Bots:
a) A worm is defined as a software component that is capable of, under its own means, infecting a computer system in an automated fashion. On the other hand, a virus spreads rapidly to a large number of computers. However, it cannot do so with its own capability; it spreads using the assistance of another program.
b) A bot is a software agent. A bot interacts with other network services intended for people as if it were a person. One typical use of bots is to gather information. Another more malicious use for bots is the coordination and operation of an automated attack on networked computers, such as a distributed DoS attack.