Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Réseau Métier SSI

advertisement 
CNES security development process
Basic rules
High level principles for ISS activities on projects are:
■ Decisions dealing with security risks must be approved on relevant
functional/hierarchical level.
■ For each project, ISS must be integrated in the project management.
■ Each project must integrate CNES security requirements.
■ CNES ISS authorities (independent of project team) must be
involved in each key event of the project.
■ Security requirements must be function of functional sensitivity and
security risks.
2
ISS approach 1/6
■ ISS approach for project development must be integrated in the
global approach of the project.
■ The following slides describe the main stages (V cycle) of a project
and, for each of them, what are the relevant security items.
■ Two security activities are dealt with:
 security of target IS to be developed,
 security of development environment.
3
ISS approach 2/6
Phase
ISS actions
Documents involved in ISS
identification of IS functional sensitivity
Expressions of the
needs
Expression of functional needs
Expression of security needs and objectives
(EBIOS method – Expression of Security
Needs and Identification of Security
Objectives)
MoU
MoA
4
ISS approach 3/6
Phase
ISS actions
Documents involved in ISS
development of security requirements to be
included in system requirements document
Requirements
System requirements document
development of requirements for securing
development environment
Environment security requirements
MoU, MoA
5
ISS approach 4/6
Phase
ISS actions
Documents involved in ISS
Project specific ISS training
Management plan
Design /
Development
Testing plan
ISS follow-up (auditing, validation of
documents, validation of project milestones)
Design document
Security directory
Audit report
6
ISS approach 5/6
Phase
ISS actions
Documents involved in ISS
testing results
Testing
testing compliance between security
requirement and IS implementation
ISS assessment
Maintenance, operation and support
manuals
Audit report
7
ISS approach 6/6
Phase
ISS actions
Documents involved in ISS
Operation /
Maintenance
ISS follow-up, Survey (auditing, ISS
advisories management, …)
Reporting document
8
Related documents
Photos from ISS - Space Exploration
Photos from ISS - Space Exploration
Document
Document
JCDA-7 - Cobb County School District
JCDA-7 - Cobb County School District
Full Schedule to be found here
Full Schedule to be found here
LRV journey ppt 2 - Inchcape Shipping Services
LRV journey ppt 2 - Inchcape Shipping Services
Submission DR677 - Bestchance Child Family Care
Submission DR677 - Bestchance Child Family Care
scenarios - Humboldt High School
scenarios - Humboldt High School
Workforce Investment Act Individual Service Strategy
Workforce Investment Act Individual Service Strategy
Lecture 30
Lecture 30
Download
advertisement