- Changes detected by integrity monitoring with tripwire or similar can feed into change management processes to help identify security incidents to further investigate and non-compliance with change management procedures. Administrators making unauthorised changes to production is a high risk and can easily result in extended outages.
- Security patterns should be part of enterprise architecture, so that solution architects can copy them and tailor for the solution to maximise re-use of infrastructure and reduce complexity.
- Provide templates and instructions for risk assessments, security test plans and security reports so that project managers and test managers can be empowered to perform security tasks on a "trust but verify" basis with security to assist .
1 comments:
I am a big fan of this. It's one of those things I think most security practitioners think "That is a really good idea - IF ONLY I HAD THE TIME!"
In knowing that, sadly, it is probably one of the largest value adds security can bring to the table yet most neglected.
You can potentially bring assurance and accoutability to multiple business services, which help ensure they are effective.
At the same time you help define meaningful metrics which can be used to demonstrate the value of security.
Post a Comment