{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Additionally project teams should document any

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: y-related events, but also may include critical errors and alerts related to software health and configuration status. For each event, actionable advice should be captured to inform users and operators of required next steps and potential root causes of the event. These procedures must be reviewed by the project team and updated at every major product release, every 6 months, but can be done more frequently, e.g. with each release. Results ✦✦Ad hoc improvements to software security posture through better understanding of correct operations ✦✦Operators and users aware of their role in ensuring secure deployment ✦✦Improved communications between software developers and users for security-critical information Success Metrics ✦✦>50% of projects with updated deployment security information in past 6 months ✦✦>50% of projects with operational procedures for events updated in past 6 months Costs ✦✦Ongoing project overhead from maintenance of deployment security information ✦✦Ongoing project overhead from maintenance of critical operating procedures Personnel ✦✦Developers (1-2 days/yr) ✦✦Architects (1-2 days/yr) ✦✦Managers (1 days/yr) ✦✦Support/Operators (1 days/yr) Related Levels ✦✦ SAMM / The Security Practices - v1.0 Activities 79 OE 2 Operational Enablement Improve expectations for continuous secure operations through provision of detailed procedures Results ✦✦Detailed guidance for security-relevant changes delivered with software releases ✦✦Updated information repository on secure operating procedures per application ✦✦Alignment of operations expectations among developers, operators, and users. Add’l Success Metrics ✦✦>50% of projects with updated change management procedures in past 6 months ✦✦>80% of stakeholders briefed on status of operational security guides in past 6 months Add’l Costs ✦✦Ongoing project overhead from maintenance of change management procedures ✦✦Ongoing project overhead from maintenance of operational security guides Add’l Personnel ✦✦Developers (1-2 days/yr) ✦✦Architects (1-2 days/yr) ✦✦Managers (1 days/yr) ✦✦Support/Operators (1 days/yr) Related Levels SAMM / The Security Practices - v1.0 ✦✦Environment Hardening - 1 80 Activities A. Create per-release change management procedures To more formally update users and operators on relevant changes in the software, each release must include change management procedures relevant to upgrade and first-time installation. Overall, the goal is to capture the expected accompanying steps that ensure the deployment will be successful and not incur excessive downtime or degradation of security posture. To build these procedures during development, the project teams should setup a lightweight internal process for capturing relevant items that would impact deployments. It is effective to have this process in place early in the development cycle so that this information can be retained as soon as it is identified while in the requirements, design, and implementation phases. Before each release, the project team should review the list as a whole for completeness and feasibility. For some projects, extensive change procedures accompanying a given release may warrant special handling, such as building automa...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online