You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »



February, 2016

  

1.       Determine standards and frameworks to apply to TIER products and Services (Feb through March, 2016)

a.       Consider impact to regulated data (eg. HIPAA, PCI, etc.) and potential Audit exposure

b.      Consider best practice/industry standard practices (eg. OWASP, BSIMM, CSA, etc.)

c.       Consider industry common standards (eg. NIST, ISO, etc.)

d.      Create standards, framework, and policies review board

e.      Train software developers on approved tools, standards, frameworks, and policies

 

2.       How to ensure the TIER product set is developed securely (March through August, 2016):

a.       Based on standards and/or best practices, consider the following:

                i.      Software development lifecycle

1.       Software promotion process

2.       Software delivery process to customers

3.       Develop secure coding standards

                               ii.      Determine the necessary software development documentation

 

3.       How to ensure the TIER product set is tested securely (March through August, 2016):

a.       Based on standards and/or best practices, consider the following:

                 i.      Software testing

1.       Adequacy of testing environments

2.       Code testing, pen testing

4.       How to ensure the TIER product set is operated securely (March through August, 2016):

a.       Based on standards and/or best practices, consider the following:

                i.      Change Management

ii.      Incident/Breach response protocols

1.       Detection

2.       Notification

                              iii.      Audit evidence and trails

1.       Logging and reporting

2.       Notifications and exception reporting

 iv.      Data lifecycle management

1.       Creation, Storage and Retention of information

v. Vulnerability Management actions

1.       Scanning

2.       Remediation processes and timelines


 

5.       Best practices in engaging TIER products to improve campus Security (Sept 16 through June 17)

a.       Determine metrics and reporting available from/through TIER

                               i.      Set of KPIs to assure service is working effectively

ii.      KPIs to identify identity/access anomalies

b.      Logging

i.      How to enable log management to support campus security?

1.       Log configuration, dashboards, etc.

c.       Data Analytics

i.      How to leverage TIER data for campus security?

                               ii.      Data elements to mine

d.      Determine the security relevant documentation necessary to provide to campus contacts

  • No labels