Unformatted text preview: per person) 1/2
day Outsourced Resources
Due to the lack of knowledge within VirtualWare, external resources were used to assist with the creation of content, and create/
deliver the training program to the developers.
(Security) 22 days Consultant
(Training) 5 days SAMM / Case Studies - v1.0 To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; 89 Phase 3 (Months 6 – 9) – Architecture & Infrastructure SAMM / Case Studies - v1.0 VirtualWare - Phase 3 The third phase of the assurance program implementation within VirtualWare builds on from the previous implementation phases and focuses on risk modeling, architecture, infrastructure and operational
enablement capabilities. 90 The key challenge in this phase was establishing a tighter integration between the application platforms
and operational side of the organization. In the previous phase VirtualWare teams were introduced to
vulnerability management and the operational side of application security. During this phase VirtualWare has adopted the next phase of these areas and introduced clear incident response processed and
detailed change control procedures.
VirtualWare has chosen to start two new areas for this implementation. Although VirtualWare is not
impacted by regulatory compliance, a number of their customers have started to ask about whether the
platforms can assist in passing regulatory compliance. A small team has been setup within VirtualWare
to identify the relevant compliance drivers and create a checklist of drivers.
In the previous phase VirtualWare introduced a number of new automated tools to assist with the review and identification of vulnerabilities. Although not focused on in this phase, the development teams
have adopted the new tools and have reported that they are starting to gain a benefit from using these
tools within their groups. Target Objectives
During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 1
PC A. Identify and monitor external compliance drivers
B. Build and maintain compliance guidelines
A. Build and maintain abuse-case models per project
B. Adopt a weighting system for measurement of threats
A. Build an access control matrix for resources and capabilities
B. Specify security requirements based on known risks
A. Maintain list of recommended software frameworks
B. Explicitly apply security principles to design
A. Inspect for complete provision of security mechanisms
B. Deploy design review service for project teams
A. Establish consistent incident response process
B. Adopt a security issue disclosure process
A. Create per-release change management procedures
B. Maintain formal operational security guides ✦Define and publish technical guidance on security requirements
and secure architecture for projects within the organization;
✦Identify and document compliance and regulatory requirements;
✦Identify and create guidelines for security
of application infrastructure;
✦Create a defined li...
View Full Document
This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.
- Spring '14