A formal incident response plan and change management

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: per person) 1/2 day 1/2 day Outsourced Resources Due to the lack of knowledge within VirtualWare, external resources were used to assist with the creation of content, and create/ deliver the training program to the developers. Consultant (Security) 22 days Consultant (Training) 5 days SAMM / Case Studies - v1.0 To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; 89 Phase 3 (Months 6 – 9) – Architecture & Infrastructure SAMM / Case Studies - v1.0 VirtualWare - Phase 3 The third phase of the assurance program implementation within VirtualWare builds on from the previous implementation phases and focuses on risk modeling, architecture, infrastructure and operational enablement capabilities. 90 The key challenge in this phase was establishing a tighter integration between the application platforms and operational side of the organization. In the previous phase VirtualWare teams were introduced to vulnerability management and the operational side of application security. During this phase VirtualWare has adopted the next phase of these areas and introduced clear incident response processed and detailed change control procedures. VirtualWare has chosen to start two new areas for this implementation. Although VirtualWare is not impacted by regulatory compliance, a number of their customers have started to ask about whether the platforms can assist in passing regulatory compliance. A small team has been setup within VirtualWare to identify the relevant compliance drivers and create a checklist of drivers. In the previous phase VirtualWare introduced a number of new automated tools to assist with the review and identification of vulnerabilities. Although not focused on in this phase, the development teams have adopted the new tools and have reported that they are starting to gain a benefit from using these tools within their groups. Target Objectives During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 1 TA 2 SR 2 SA 1 DR 2 VM 2 OE 2 PC A. Identify and monitor external compliance drivers B. Build and maintain compliance guidelines A. Build and maintain abuse-case models per project B. Adopt a weighting system for measurement of threats A. Build an access control matrix for resources and capabilities B. Specify security requirements based on known risks A. Maintain list of recommended software frameworks B. Explicitly apply security principles to design A. Inspect for complete provision of security mechanisms B. Deploy design review service for project teams A. Establish consistent incident response process B. Adopt a security issue disclosure process A. Create per-release change management procedures B. Maintain formal operational security guides ✦Define and publish technical guidance on security requirements ✦ and secure architecture for projects within the organization; ✦Identify and document compliance and regulatory requirements; ✦ ✦Identify and create guidelines for security ✦ of application infrastructure; ✦Create a defined li...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online