Practitioner Certificate in Information Assurance Architecture Security across the Lifecycle Model Answer The following is a possible list of activities month by month: April Mobilisation: • Brief project team and development staff on importance of security and go through OWASP top 10 risks. May Requirements: • Establish requirements: o Legal/regulatory: e.g. DPA and health regulations. o IA requirements: e.g. ISO 27001. June Design • Produce threat model and establish security controls. • Produce security architecture documentation and feed into HLD and LLDs as necessary. • Produce development standards – including hardening standards, coding standards and development processes. • Assist in designing and setting up the various environments. July Implementation • Support development teams. • Assist in setting up change management board and processes and ensure a security architect has representation. August Implementation • Support development teams. September Implementation • Support development teams. October Implementation: • Define pen test scope • Select and contract with pen test company November Verification: • Perform pen tests • Address issues found in pen tests December System Live: • Obtain approval to go live from board, “accreditor” or internal audit • Enter support and management phase with change management. © InfoSec Skills Limited 2014. All rights reserved.
