Page 1392 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1392

or superclass) are inherited by another subclass (child).

               Delegation Delegation is the forwarding of a request by an object to
               another object or delegate. An object delegates if it does not have a

               method to handle the message.

               Polymorphism A polymorphism is the characteristic of an object
               that allows it to respond with different behaviors to the same message
               or method because of changes in external conditions.

               Cohesion Cohesion describes the strength of the relationship
               between the purposes of the methods within the same class.

               Coupling Coupling is the level of interaction between objects. Lower

               coupling means less interaction. Lower coupling provides better
               software design because objects are more independent. Lower
               coupling is easier to troubleshoot and update. Objects that have low
               cohesion require lots of assistance from other objects to perform tasks
               and have high coupling.


               Assurance

               To ensure that the security control mechanisms built into a new
               application properly implement the security policy throughout the

               lifecycle of the system, administrators use assurance procedures.
               Assurance procedures are simply formalized processes by which trust
               is built into the lifecycle of a system. The Common Criteria provides a
               standardized approach to assurance used in government settings.


               Avoiding and Mitigating System Failure

               No matter how advanced your development team, your systems will
               likely fail at some point in time. You should plan for this type of failure
               when you put the software and hardware controls in place, ensuring

               that the system will respond appropriately. You can employ many
               methods to avoid failure, including using input validation and creating
               fail-safe or fail-open procedures. Let’s talk about these in more detail.

               Input Validation As users interact with software, they often provide
               information to the application in the form of input. This may include
               typing in values that are later used by a program. Developers often
   1387   1388   1389   1390   1391   1392   1393   1394   1395   1396   1397