CyberSecurity Validation Standards

Like this? Share it with your network

Share

CyberSecurity Validation Standards

  • 1,662 views
Uploaded on

CyberSecurity Validation Standards

CyberSecurity Validation Standards

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,662
On Slideshare
1,657
From Embeds
5
Number of Embeds
3

Actions

Shares
Downloads
29
Comments
0
Likes
2

Embeds 5

https://twitter.com 3
https://www.linkedin.com 1
http://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Overview CyberSecurity requires documented Security Standards. These security standards need to be effective and must be validated following any changes to processes, software or infrastructure. Security standards are also validated annually during internal audits. The process of validation requires meticulous details defined within Design qualifications (DQ), Installation qualifications (IQ), Operational qualifications (OQ), and Performance qualifications (PQ). These qualification specifications have been described below in greater detail. The validation of CyberSecurity standard must take into consideration the following three characteristics: • Multidisciplinary approach: A specific characteristic of CyberSecurity work when it requires the collaboration of several experts from different disciplines such as Business Analysts, Product Specialists, Technical Specialists, Application Specialists, Technical Architects, Security Specialists, Service Continuity Specialists, engineers, experts on Q.A. • Time constraints: Generally CyberSecurity work is submitted to rigorous time schedules. These validations are normally executed during the prototyping or UAT stage of the SDLC or prior to changes being deployed into production operations. • Budget: CyberSecurity validation requires the time of professionals, which has a cost associated with it thus the appropriate authorizations and budgeting maybe necessary to make it happen. CyberSecurity Validation activities must be included within the Master CyberSecurity Validation Program (MCVP). This includes qualification of security standards for custom software and COTS (commercial off the shelf) software and technical infrastructure equipment like servers, routers, switches, firewalls, desktops, tablets, laptops, and smart phones. The MCVP will be comprised of current state and future state CyberSecurity Architecture for the initial validation before deployment and re-validation during changes. For large projects the MCVP will become a project deliverable. Security Standard Specification Content: • Design qualification (DQ) – are the specifications used to establish a CyberSecurity Architecture Design that will be used by management for decision making purposes such as to develop or purchase a process, software or infrastructure device. These requirements detail the acceptance criteria which is mandatory requirement before development or procurement can commence. • Installation qualification (IQ) – is a set of specifications used to asses the installation of a process, software or infrastructure device and to provide assurance that it has been correctly installed and maintained based on manufacturers recommendations. • Operational qualification (OQ) is a set of specifications used to measure the functionality of a process, software or infrastructure device to provide assurance that it is operating as planned. • Performance qualification (PQ) is a set of specifications used to measure the performance of a process, software or infrastructure device to provide assurance that it is performing as intended. This specification can be used to detect misuse. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com Page 1 of 1