Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Subject

Target group

Laws & Regulations (privacy, data protection, export)

Systems management, users

Secure Software development

User, user coordinator, contractor

System hardening

System admin, network engineering

System operations

System admin, network engineering

Monitoring and logging

System admin, network engineering, response teams

Forensics

Response teams

Incident respons and analysis

Response teams

Contigency planning and disaster recovery

Management, governance, admin, user coordinator, response team

Organisation, roles, responsibilities (generic introduction)

All

AAI proces and procedures, FIM, SSO

System admin, user coordinator

Systems design

Architect, network engineer

General use and awareness

Users, user coordinator, all

Developing and maintaining policies and procedures

Management, governance

Applying policies and procedures

Architect, system admin, user coodinator

System acquisition

Acquistion

Decommissioning (data leakage prevention)

Admins, governance, user coordinator

Risk management

 

 

Laws & Regulations (privacy, data protection, export)

Secure Software development

Training withing this group should focus on all the aspects related to software programming from the security point of view. It should include integrating security practices into the software development lifecycle and verifying the security of internally developed applications before they are deployed. This will help to mitigate risk from internal and external sources. Security practices which should be included are: design, construction, testing, release, and response.

One of the important steps in secure development is integrating testing tools and services into the software development lifecycle. The training could describe or train on tools allowing developers to model an application, scan the code, check the quality and ensure that it meets regulations. Furthermore, automated secure development testing tools that find and fix security issues could be elaborated.

Additionally secure development trainings could be offered certifying experience in secure development.

See e.g.: http://www.sans.org/curricula/secure-software-development

System hardening

 

System operations

 Monitoring and logging

 Forensics

 Incident respons and analysis

 Contingency planning and disaster recovery

 Organisation, roles, responsibilities (generic introduction)

 AAI processes and procedures, FIM, SSO

 Systems design

 General use and awareness

 Developing and maintaining policies and procedures

 Applying policies and procedures

 System acquisition

 Decommissioning (data leakage prevention)

 Risk management