Difference between revisions of "Build operational security guide"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
Line 1: Line 1:
[http://s1.shard.jp/frhorton/q8nii8ad3.html iafrica isp
 
] [http://s1.shard.jp/frhorton/2beniqaav.html africa fact quick
 
] [http://s1.shard.jp/losaul/atlas-of-australian.html australian gold sun tan lotion
 
] [http://s1.shard.jp/galeach/new110.html asia vacation package tour
 
] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus full
 
] [http://s1.shard.jp/losaul/australia-physiotherapy.html migration law australia
 
] [http://s1.shard.jp/galeach/new188.html asian tigers countries
 
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/losaul/save-the-children.html register australian domains
 
] [http://s1.shard.jp/bireba/norton-antivirus.html trend housecall antivirus
 
] [http://s1.shard.jp/bireba/ca-etrust-antivirus.html panda titanium antivirus 2005 reviews
 
] [http://s1.shard.jp/frhorton/v8af479gm.html the first african american basketball player
 
] [http://s1.shard.jp/olharder/dealer-de-auto.html nylon automotive sunshade fabric
 
] [http://s1.shard.jp/frhorton/3o7l9jema.html teaching jobs africa
 
] [http://s1.shard.jp/frhorton/2i2g9o8vi.html travel and tourism south africa
 
] [http://s1.shard.jp/olharder/morrey-auto-group.html auto chesapeake insurance
 
] [http://s1.shard.jp/olharder/buy-and-sell-autos.html automatic back scratcher
 
] [http://s1.shard.jp/losaul/the-association.html australian specialist immigration lawyers
 
] [http://s1.shard.jp/bireba/avg-antivirus-7.html crack for avg antivirus 7.1
 
] [http://s1.shard.jp/olharder/autoritatea-nationala.html alberta auto trader
 
] [http://s1.shard.jp/frhorton/837ibyv6o.html african mask design
 
] [http://s1.shard.jp/olharder/auto-train-discount.html auto train discount] [http://s1.shard.jp/bireba/clam-win-antivirus.html ravantivirus online scan
 
] [http://s1.shard.jp/olharder/collective-unconscious.html parts for datsun 280z automobile
 
] [http://s1.shard.jp/losaul/australian-laws.html capital australia 1900
 
] [http://s1.shard.jp/frhorton/uf3em2dk5.html south african art painter
 
] [http://s1.shard.jp/galeach/new181.html asian frame picture
 
] [http://s1.shard.jp/frhorton/1aql7wt5f.html vehicle book value south africa
 
] [http://s1.shard.jp/olharder/slayers-autoinstaller.html slayers autoinstaller 2.5] [http://s1.shard.jp/galeach/new178.html asian search engine] [http://s1.shard.jp/galeach/new34.html bay area asian sports dragon] [http://s1.shard.jp/frhorton/h4xwn2n8q.html child labor in west africa
 
] [http://s1.shard.jp/galeach/new91.html asian american scientist
 
] [http://s1.shard.jp/galeach/new180.html adenoid hyperplasia
 
] [http://s1.shard.jp/bireba/extendia-antivirus.html how to remove symantec antivirus
 
] [http://s1.shard.jp/frhorton/41nbv47ei.html sophia stewart african writer matrix
 
] [http://s1.shard.jp/bireba/avast-free-antivirus.html grissoft antivirus
 
] [http://s1.shard.jp/bireba/5-antivirus.html 5 antivirus software] [http://s1.shard.jp/losaul/import-vehicles.html toowoomba australia
 
] [http://s1.shard.jp/olharder/long-term-auto.html automation cnc plasma
 
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/galeach/new17.html submissive asians] [http://s1.shard.jp/frhorton/64klk5ggy.html map of somalia africa
 
] [http://s1.shard.jp/losaul/australia-from.html health insurers australia
 
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/galeach/new20.html southeast asian religions
 
] [http://s1.shard.jp/frhorton/lmi1tnyfh.html africa massage prostate south
 
] [http://s1.shard.jp/bireba/antivirus-software.html nortons antivirus 2005 crack
 
 
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
  

Latest revision as of 07:49, 3 June 2009


Overview

Purpose:

  • Provide stakeholder with documentation on operational security measures that can better secure the product.
  • Provide documentation for the use of security functionality within the product.

Role:

  • Implementer

Frequency:

  • Once per iteration.

In the course of conception, elaboration, and evaluation, there will generally be many items identified that should be communicated to one or more roles at deployment. This information should all be collected in a role-driven implementation guide that addresses security concerns.

Document pre-install configuration requirements

Begin by documenting the environmental requirements that must be satisfied before the system is installed. See the task on operational environment assumptions for more detail.

Document application activity

Document any security-relevant use of resources, including network ports, files on the file system, registry resources, database resources etc. See the activity on Resource identification for more detail.

Document the security architecture

Document the threat profile assumed in design and the high-level security functionality of the system as relevant to the user - including authentication mechanisms, default policies for authentication and other functions, and any security protocols that are mandatory or optional. For protocols used, document the scope of their protection.

Document security configuration mechanisms

List, and explain all security configuration options present in the system, and make note of their default and recommended settings. Be explicit about how they work, referencing any technologies utilized.

Document significant risks and known compensating controls

Any known security risks that the customer may find reasonable should be documented, along with recommended compensating controls, such as recommended third party software that can mitigate the issue, firewall configurations, or intrusion detection signatures.