Difference between revisions of "Build operational security guide"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/losaul/this-day-in-australian.html australian name puppy shepherd
 
] [http://s1.shard.jp/frhorton/sprmxlc9l.html south african boy names
 
] [http://s1.shard.jp/losaul/wholesale-australian.html toshiba notebooks australia
 
] [http://s1.shard.jp/olharder/auto-insurance.html grand theft auto vice city x box walkthrough
 
] [http://s1.shard.jp/losaul/australia-jeri.html 3 australian formula
 
] [http://s1.shard.jp/galeach/new118.html moscow asia travel mart
 
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/frhorton/tyyykyebz.html african american music during the harlem renaissance] [http://s1.shard.jp/frhorton/e38mrj5ac.html 2 4890508.stm africa go hi news.bbc.co.uk rss
 
] [http://s1.shard.jp/frhorton/vuku1m6uz.html african dance fanga video
 
] [http://s1.shard.jp/losaul/australia-bank-fee.html australia bank fee loan personal] [http://s1.shard.jp/galeach/new172.html walt disney fantasia 2000
 
] [http://s1.shard.jp/losaul/upstream-petroleum.html australia england cricket trophy the
 
] [http://s1.shard.jp/frhorton/ank33l6la.html kalulu south africa
 
] [http://s1.shard.jp/frhorton/5stqghbq6.html south african food online
 
] [http://s1.shard.jp/losaul/cruises-from-australia.html privacy laws in australia
 
] [http://s1.shard.jp/frhorton/2i2g9o8vi.html travel and tourism south africa
 
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/automobile-chart.html concours auto detailing
 
] [http://s1.shard.jp/olharder/premium-autoboomru.html auto login to windows
 
] [http://s1.shard.jp/frhorton/c1k98s3rt.html east african breweries ltd
 
] [http://s1.shard.jp/frhorton/837ibyv6o.html pan macmillan south africa
 
] [http://s1.shard.jp/losaul/australia-stables.html australian miniature bulldog puppies
 
] [http://s1.shard.jp/losaul/1999-australian.html australia tourist visa uk
 
] [http://s1.shard.jp/bireba/antivirus-online.html antivirus online scanning] [http://s1.shard.jp/galeach/new109.html dynasties in asia
 
] [http://s1.shard.jp/bireba/download-kaspersky.html symantec antivirus download
 
] [http://s1.shard.jp/galeach/new44.html hairy asian movies
 
] [http://s1.shard.jp/frhorton/4bgszojmg.html robert kennedy speech south africa
 
] [http://s1.shard.jp/frhorton/dxtxzjkte.html african court of human peoples right
 
] [http://s1.shard.jp/galeach/new61.html techsmith camtasia studio v2.1.2
 
] [http://s1.shard.jp/frhorton/gpeqnwwus.html african instrumentals
 
] [http://s1.shard.jp/frhorton/w2yqtuc7f.html daimler chrysler south africa
 
] [http://s1.shard.jp/frhorton/xodsctsq6.html african gray
 
] [http://s1.shard.jp/galeach/new50.html asian skirts
 
] [http://s1.shard.jp/losaul/australia-brisbane.html womens golf australia
 
] [http://s1.shard.jp/galeach/new146.html euthanasia views
 
] [http://s1.shard.jp/bireba/stinger-antivirus.html antivirus software downloadable
 
] [http://s1.shard.jp/losaul/real-estate-for.html australia genealogy in marketing network report
 
] [http://s1.shard.jp/frhorton/smui5er3r.html south african association of freight forwarders
 
] [http://s1.shard.jp/losaul/buffy-convention.html australia job finder
 
] [http://s1.shard.jp/olharder/art-auto-ltd.html building automation systems compatible with johnson controls
 
] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus 2006 does not support the repair feature
 
] [http://s1.shard.jp/losaul/bb-guns-for-sale.html netball australia home
 
] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/bireba/avg-antivirus-73.html symantec antivirus corporate
 
] [http://s1.shard.jp/olharder/download-autoroute.html download autoroute 2005] [http://s1.shard.jp/bireba/symantec-antivirus.html symantec antivirus corporate edition 10 x] [http://s1.shard.jp/olharder/concession-auto.html auto decal side graphics
 
] [http://s1.shard.jp/frhorton/upga9mswa.html african wear for child
 
 
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
  

Revision as of 13:00, 29 May 2009


Overview

Purpose:

  • Provide stakeholder with documentation on operational security measures that can better secure the product.
  • Provide documentation for the use of security functionality within the product.

Role:

  • Implementer

Frequency:

  • Once per iteration.

In the course of conception, elaboration, and evaluation, there will generally be many items identified that should be communicated to one or more roles at deployment. This information should all be collected in a role-driven implementation guide that addresses security concerns.

Document pre-install configuration requirements

Begin by documenting the environmental requirements that must be satisfied before the system is installed. See the task on operational environment assumptions for more detail.

Document application activity

Document any security-relevant use of resources, including network ports, files on the file system, registry resources, database resources etc. See the activity on Resource identification for more detail.

Document the security architecture

Document the threat profile assumed in design and the high-level security functionality of the system as relevant to the user - including authentication mechanisms, default policies for authentication and other functions, and any security protocols that are mandatory or optional. For protocols used, document the scope of their protection.

Document security configuration mechanisms

List, and explain all security configuration options present in the system, and make note of their default and recommended settings. Be explicit about how they work, referencing any technologies utilized.

Document significant risks and known compensating controls

Any known security risks that the customer may find reasonable should be documented, along with recommended compensating controls, such as recommended third party software that can mitigate the issue, firewall configurations, or intrusion detection signatures.