24. Security

It is useful to consider three main aspects to security in the product definition. First, physical security which relates to the ability to protect an object by means of physical barriers. The second area is logical security in which information objects may be protected by means of logical barriers. The third area is security management in which the means of administering and managing the security of the product are implemented

Physical Security

Physical barriers that may be identified within a product definition can range from locks and keys to buttons and screws. It is not always necessary within a security system to prevent egress or entry from or to the secure area. In many cases it is simply a matter of slowing down the security violator sufficiently so that the violator and/or fact of violation may be trapped.

The main advantage of a physical barrier to implement a security system is that such barriers can only normally be bypassed by means of physical actions. If detection of a security violation is the major objective, then the best form of barrier is one in which destructive force is required to achieve the violation. Alternatively if the objective is simply to delay an intrusion, then a mechanism should be considered which minimises collateral damage when a violation occurs.

Logical Security

The security associated with many information using, conveying or processing products is a vital feature requiring specific attention in the product definition. Security is typically a very emotive issue, particularly when there may be high stakes associated with the product use.

Logical security systems are best thought of in terms of layers of security. The access control layer protects privacy within elements of the product. The capabilities layer protects the integrity of the product.

Access Control Layer

Access controls typically comprise two main aspects, authentication of the parties that are to bypass the security barrier and the provision of authorisation to bypass. The provision of authorisation to bypass a security barrier is typically a user domain issue. The product definition needs to consider how authority to bypass security barriers is represented by a product feature and controlled by or via the product. Such controls may range from simple keys and locks to knowledge based personal identification codes.