Upon identification of a critical upgrade or patch

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 2 EH 3 Objective Understand baseline operational environment for applications and software components Improve confidence in application operations by hardening the operating environment Validate application health and status of operational environment against known best practices Activities A. Maintain operational environment specification B. Identify and install critical security upgrades and patches A. Establish routine patch management process B. Monitor baseline environment configuration status A. Identify and deploy relevant operations protection tools B. Expand audit program for environment configuration ✦✦Do the majority of projects document some requirements for the operational environment? ✦✦Do most projects check for security updates to thirdparty software components? ✦✦Is a consistent process used to apply upgrades and patches to critical dependencies? ✦✦Do most project leverage automation to check application and environment health? ✦✦Are stakeholders aware of options for additional tools to protect software while running in operations? ✦✦Does routine audit check most projects for baseline environment health? ✦✦Clear understanding of operational expectations within the development team ✦✦High-priority risks from underlying infrastructure mitigated on a wellunderstood timeline ✦✦Software operators with a highlevel plan for security-critical maintenance of infrastructure ✦✦Granular verification of security characteristics of systems in operations ✦✦Formal expectations on timelines for infrastructure risk mitigation ✦✦Stakeholders consistently aware of current operations status of software projects ✦✦Reinforced operational environment with layered checks for security ✦✦Established and measured goals for operational maintenance and performance ✦✦Reduced likelihood of successful attack via flaws in external dependencies Assessment SAMM / The Security Practices - v1.0 Results 74 Environment Hardening EH 1 Understand baseline operational environment for applications and software components Activities A. Maintain operational environment specification For each project, a concrete definition of the expected operating platforms should be created and maintained. Depending on the organization, this specification should be jointly created with development staff, stakeholders, support and operations groups, etc. Begin this specification should by capturing all details that must be true about the operating environment based upon the business function of the software. These can include factors such as processor architecture, operating system versions, prerequisite software, conflicting software, etc. Further, note any known user or operator configurable options about the operating environment that affect the way in which the software will behave. Additionally, identify any relevant assumptions about the operating environment that were made in design and implementation of the project and capture those assumptions in the specification. This speci...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online