Security inspection

Inspection vs. testing and evaluation
By security inspection we mean the process of closely examining a system's or product's security-relevant components and features.

• Security inspection is more than testing, because we do not only observe the behaviour of components but also study and examine their structure and design principles
  
  
• Security inspection is different from evaluation (according to criteria such as ITSEC, CC or FIPS-140), because it is not limited to fixed schemes. It relies more heavily on the reviewers' experience, ingenuity and inspiration.

Throughout the life cycle
Successful system engineering includes continuous reviews and feed-back loops at any stage of the process. The same is true for the more specific aspects of security engineering.

• Inspection of a security concept considers its completeness with respect to the relevant risks, the soundness of its logic and the appropriateness of the selected security mechanisms.
  
  
• During security inspection of a specification, it is checked whether the requirements set out in the security concept are maintained and the security mechanisms are correctly designed and parameterised. If deviations from the original security concept are necessary, changes are checked for consistency.
  
  
• Security inspection of source code supplements testing to check the correct implementation of security-relevant components. Source code may also be inspected with the aim of identifying the presence of unspecified functions (e.g. back doors).
  
  
• User and system manuals are inspected to make sure that they adequately describe the necessary dos and don'ts, without which security cannot be attained.
  
  
• In addition to the inspection of the documentation, security-relevant procedures that are already in use can be examined in a security audit. This is done to determine the actual practice and to assesses the degree of conformance with the established rules.

Benefits
Security inspection provides a practical and economic way of considerably improving the level of security of a system.

• Security flaws, weaknesses and errors are discovered during the development process which would be otherwise unlikely to be found by testing alone.
  
  
• Errors and flaws are found early in the development process. This provides the opportunity to get to the root of the problems and to correct them in the most proper and efficient way.

Requirements
Reliable security inspection requires the employment of well-trained, experienced and trusted staff. The internal or external inspection team must be independent of the entity that is in charge for the development and running of the system. The organisation or company that is charged with a security inspection must be neutral with respect to suppliers and integrators that are or may become involved in the project.