Build operational security guide

Revision as of 20:20, 30 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ iafrica isp ] [ africa fact quick ] [ australian gold sun tan lotion ] [ asia vacation package tour ] [ avg antivirus full ] [ migration law australia ] [ asian tigers countries ] sitemap [ register australian domains ] [ trend housecall antivirus ] [ panda titanium antivirus 2005 reviews ] [ the first african american basketball player ] [ nylon automotive sunshade fabric ] [ teaching jobs africa ] [ travel and tourism south africa ] [ auto chesapeake insurance ] [ automatic back scratcher ] [ australian specialist immigration lawyers ] [ crack for avg antivirus 7.1 ] [ alberta auto trader ] [ african mask design ] auto train discount [ ravantivirus online scan ] [ parts for datsun 280z automobile ] [ capital australia 1900 ] [ south african art painter ] [ asian frame picture ] [ vehicle book value south africa ] slayers autoinstaller 2.5 asian search engine bay area asian sports dragon [ child labor in west africa ] [ asian american scientist ] [ adenoid hyperplasia ] [ how to remove symantec antivirus ] [ sophia stewart african writer matrix ] [ grissoft antivirus ] 5 antivirus software [ toowoomba australia ] [ automation cnc plasma ] page link submissive asians [ map of somalia africa ] [ health insurers australia ] page [ southeast asian religions ] [ africa massage prostate south ] [ nortons antivirus 2005 crack ]



  • Provide stakeholder with documentation on operational security measures that can better secure the product.
  • Provide documentation for the use of security functionality within the product.


  • Implementer


  • Once per iteration.

In the course of conception, elaboration, and evaluation, there will generally be many items identified that should be communicated to one or more roles at deployment. This information should all be collected in a role-driven implementation guide that addresses security concerns.

Document pre-install configuration requirements

Begin by documenting the environmental requirements that must be satisfied before the system is installed. See the task on operational environment assumptions for more detail.

Document application activity

Document any security-relevant use of resources, including network ports, files on the file system, registry resources, database resources etc. See the activity on Resource identification for more detail.

Document the security architecture

Document the threat profile assumed in design and the high-level security functionality of the system as relevant to the user - including authentication mechanisms, default policies for authentication and other functions, and any security protocols that are mandatory or optional. For protocols used, document the scope of their protection.

Document security configuration mechanisms

List, and explain all security configuration options present in the system, and make note of their default and recommended settings. Be explicit about how they work, referencing any technologies utilized.

Document significant risks and known compensating controls

Any known security risks that the customer may find reasonable should be documented, along with recommended compensating controls, such as recommended third party software that can mitigate the issue, firewall configurations, or intrusion detection signatures.