Child pages
  • TIER Security and Audit Working Group work priorities

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

2.       How to ensure the TIER product set is developed securely (March through August, 2016):

            a.       Based on standards and/or best practices, consider the following:

                                        i.      Software development lifecycle

...

3.       Develop secure coding standards

                                                         ii.      Determine the necessary software development documentation

...

3.       How to ensure the TIER product set is tested securely (March through August, 2016):

            a.       Based on standards and/or best practices, consider the following:

                                         i.      Software testing

1.       Adequacy of testing environments

...

4.       How to ensure the TIER product set is operated securely (March through August, 2016):

            a.       Based on standards and/or best practices, consider the following:

                                        i.      Change Management

            ii.      Incident/Breach response protocols

1.       Detection

2.       Notification

                                                      iii.      Audit evidence and trails

...

 iv.      Data lifecycle management

            1.       Creation, Storage and Retention of information

...

5.       Best practices in engaging TIER products to improve campus Security (Sept 16 through June 17)

            a.       Determine metrics and reporting available from/through TIER

                               i.      Set of KPIs to assure service is working effectively

                  ii.      KPIs to identify identity/access anomalies

            b.      Logging

                  i.      How to enable log management to support campus security?

            1.       Log configuration, dashboards, etc.

            c.       Data Analytics

                 i.      How to leverage TIER data for campus security?

                                                             ii.      Data elements to mine

            d.      Determine the security relevant documentation necessary to provide to campus contacts