IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Threats Catalogue Deliberate Acts Remarks<br />

____________________________________________________________________ .........................................<br />

T 2.29 Software testing with production data<br />

Frequently it happens that software tests are being performed with production<br />

data. <strong>The</strong> main reasons given for this are that the only way to make a<br />

definitive assessment of the functions and performance of the product is to<br />

compare it directly with existing, operating data. Additional reasons for doing<br />

this are inadequate security awareness, exaggerated confidence in the software<br />

under test, and ignorance of potential damage.<br />

Testing with production data may result in the following problems:<br />

- Software is tested with copies of production data in an isolated test<br />

environment:<br />

If new software is tested with data which has not been made anonymous,<br />

unauthorised employees or third parties who have been put in charge of<br />

testing the software may gain access to files carrying information which<br />

are confidential.<br />

- Software is tested with production data in actual operation:<br />

Software which malfunctions under test may, as in the before-mentioned<br />

case, lead not only to impaired confidentiality but also to a loss of integrity<br />

and availability of production data.<br />

Because different programs may be incompatible, side effects can arise<br />

which may lead to significant impairments in other system components. In<br />

the case of networks this may range from loss of performance through to a<br />

crashing of the network.<br />

If software under test performs incorrectly or operating errors are made,<br />

production data may be inadvertently modified. It is possible that such a<br />

modification may not be able to be identified. To avoid redundancy,<br />

databases are increasingly shared by different programs, so that these<br />

errors potentially have an effect on other <strong>IT</strong> applications as well. When<br />

damage occurs there are not only costs involved in reconstructing the data<br />

but, existing working data must also be checked for integrity.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!