Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Correctness of Processing

Another important characteristic every application has to ensure and every software developer has to ensure is that the processing of the information is accurate. If this is not taken care of by the applications, again integrity of the data becomes questionable and data may become useless or not reliable.

What if your airplane calculates the distance to the next mountain wrongly? Imagine if it calculates the distance as 100 miles instead of the actual distance of 50 miles? What if you are travelling on such an airplane? What if the medical device pumping a medicine into the patient's body calculates the quantum of medicine wrongly? What if the banking application calculates the interest on your loan account wrongly at 109% whereas it was supposed to calculate the same at 9%?

The above type of mistakes in processing may happen because of the mistake in logic employed or may be on account of mistakes in an algorithm used or may be on account of wrong master data used, wrong application component used, or wrong menu used.

Correctness (i.e., accuracy) of processing has to be checked by every critical application for every critical processing and confirmed. If the processing is wrong, then the defects in the application have to be fixed appropriately.

Application weaknesses like SQL injection, Command Injection, Buffer Overflows, and Cross Site Scripting Attacks can severely impact the application data integrity if these are not taken care of while designing and developing the applications.

Completeness of the Updates

Like the completeness of the inputs, the completeness of the updates also has to be ensured by the applications. Updates are typically to the master data. Suppose the rates of interest on the fixed deposits have been reduced w.e.f. 1st of January 2014 but the same is not updated on the master data, the interest to the depositors will be paid at a higher rate of interest and consequently the bank will lose a substantial amount of money. Imagine that a patient was operated upon yesterday but his record was not updated with the fact of this operation, think of a possibility of his being taken again to the operation theatre for another operation. Of course, the operation may not happen as the wound and sutures are already there but think of the time and effort spent on scheduling, prepping, and so on.

Verification of all critical updates has to be provided through the application to ensure that no critical update is left out and the critical updates are complete in all respects and not partially.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science