 Overview
Based on the list of controls needed to be implemented. The list is presented to the Business and recommend the remediation or mitigation strategies in applying the needed controls in the architecture. The agreed strategy will be cascaded to the Development Teams and do necessary actions.
Remediation/Mitigation Strategy
Since the list is sorted by risk scores. The preparation of strategic recommendation must be based on the ‘must have’ items paired with highest risks. Basically, those having highest value and non-negotiable at the moment. To determine the it from the list, the process is divided below:
Identify non-negotiable controls. The goal is to provide the business the items that they cant say no. The aim is to have them understood the necessity of security in the requirement.
Identify which have the highest value. The goal is to make the business realize the value of security control. The aim is to have them understood the benefits of implementing it.
Organize the implementation plan. The goal is to provide the business recommended strategy to roll out the development of each controls. The aim is to provide them inputs for their decision, giving idea to prioritize the roll out.
Track the development. The goal is to manage every controls needed to be placed. The aim is to ensure the gaps, threats, and were addressed properly. Collaboration with development team on the fix release.
Implementation Review
First step in monitoring the implementation is to check the code. Implemented code will be cross checked to meet the desired level of security as planned with the business requirement, design, and security baseline – Secure Coding Guideline, Hardening Guideline, Crypto Guideline, and Deployment Guideline.
Attachments:
Screen Shot 2022-09-08 at 5.42.36 PM.png (image/png)
Screen Shot 2022-09-08 at 2.50.37 PM.png (image/png)
Screen Shot 2022-09-08 at 2.54.03 PM.png (image/png)
