CNES security development process. 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must.

Slides:



Advertisements
Similar presentations
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Advertisements

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
SIEP HSE Management System
Draft Operational procedures for registry systems 09 November 2004 Bonn, Germany Technical Breakout Group.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Quality evaluation and improvement for Internal Audit
First Practice - Information Security Management System Implementation and ISO Certification.
Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.
© The Association of Independent Schools of NSW Preparing for the ASQA Audit.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
7/16/20151 Quality Assurance Overview. 7/16/20152 Quality Assurance System Overview FY 04/05- new Quality Assurance tools implemented  included CMS Quality.
Internal Control and Internal Audit
Internal Audit Practices MINISTRY OF FINANCE OF REPUBLIC OF TURKEY Twinning Project - Kick-off Meeting Dedeman Hotel
Session No. 4 Implementing Service Providers SMS Implementing the State’s Safety Programme SMS Senior Management Workshop Rome, 21 May 2007.
Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.
Module 1, Part 1: Introduction and The VMP Slide 1 of 22 © WHO – EDM Validation Supplementary Training Modules on Good Manufacturing Practices.
Internal Auditing and Outsourcing
1 Configuration Management 101 ITS Professional Capacity Building Program T3 Webinar February 21, 2008.
Introduction to Software Quality Assurance (SQA)
INTERNAL AUDIT IN UKRAINE State Financial Inspection of Ukraine
Outline Validation Objectives Why an IA-CMM? Validation Results
Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.
Organize to improve Data Quality Data Quality?. © 2012 GS1 To fully exploit and utilize the data available, a strategic approach to data governance at.
System of Governance Articles 41 to 49 of Directive 2009/138/EC 11 th May 2010 Eamonn Henry.
NMS Certification and Accreditation (C&A) Removal of Material Weakness for NMS Security and Access Controls Jim Craft USAID ISSO.
Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
UNCLASSIFIED DITSCAP Primer. UNCLASSIFIED 1/18/01DITSCAP Primer.PPT 2 DITSCAP* Authority ASD/C3I Memo, 19 Aug 92 –Develop Standardized C&A Process DODI.
5/26/20161 AUDIT SERVICES PRIVATE/CORPORATE Captain Iain Tulloch tel /
BSBPMG406A Apply Communications Management Techniques Apply Communications Management Techniques Unit Guide C ertificate IV in Project Management
Regulation and Sustainability A set of tasks and responses – varying by structure and stage Dennis Volk Programme Officer.
Slide 1 Internal Controls 101 June 23, Slide 2 Introductions Tim Waterman – General Dynamics Advanced Information Systems (GDAIS) Keith Rivers –
Environmental Management System Definitions
N O T E “CLICK” TO CONTINUE… If the slide show is not launched, click on View  Slide Show in the menu bar at the top of the Power Point window. When the.
Chapter 6 Internal Control in a Financial Statement Audit Copyright © 2014 McGraw-Hill Education. All rights reserved. No reproduction or distribution.
Certification and Accreditation CS Syllabus Ms Jocelyne Farah Mr Clinton Campbell.
Compliance Audit Subcommittee Reporting Work Plan Copenhagen, Denmark 6th of May 2010.
The Revised Kyoto Convention Seminar on the Harmonization Convention Moscow October 2006.
EFQM Levels of Excellence
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
ISMS Implementation Workshop Adaptive Processes Consulting Pvt. Ltd.
Learning Objectives LO5 Document an accounting system to identify key controls and weaknesses in order to assess control risk. LO6 Write key control tests.
Module 2Slide 1 of 26 WHO - EDM Quality Management Basic Principles of GMP Part One.
ESSRT Status Report as of July 31, 2013
IFS310: Module 2 1/18/2007 Systems Planning and SDLC.
Homework #1a Lifecycle Paper For each stage of the life cycle provide a list of items you think should be there. There should be at a minimum of five items.
Response to Reports by Deloitte & Touche and Ernst & Young.
Steps in the Transition to an Impact- Focused Audit Function Modifying Procedures, Audit Practices, and Reports to Address Risk Gert van der Linde, World.
1 CHAPTER 5 - b INTERNAL CONTROL OVER FINANCIAL REPORTING.
Marianne M. Elliott Office of Research Integrity and Ethics Bureau of Medicine and Surgery U. S Navy.
Lecturer: Lina Vladimirovna Zhornyak, associated professor.
Training for organisations participating in Peer Review of Paediatric Diabetes.
Engagement Timeline Identify Partners Build and Test Publish Toolkit Review Saurin Nanavati Director of Global Partnerships Building sustainable supply.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
AUDIT Accompany an Audit Mission LAF TRAINING 2009.
Chapter 6 Internal Control in a Financial Statement Audit McGraw-Hill/IrwinCopyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Haleh Kootval, Samuel Muchemi Public Weather Services Programme
Software Requirements
Air Carrier Continuing Analysis and Surveillance System (CASS)
ROADMAP TO ISO/TS REGISTRATION
بعض النقاط التي تؤخذ في الحسبان عند تقييم الاستثمارات الزراعية
Data Validation in the ESS Context
Importance of Law and Policies in the Environmental Management System
ACCREDITATION PROCESS
12 Safe Maintenance Rules
IDI-CAS collaboration for supporting ISSAI implementation
Management of Change GROUP HSE RULE (CR-GR-HSE-302)
Presentation transcript:

CNES security development process

2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must be approved on relevant functional/hierarchical level. ■For each project, ISS must be integrated in the project management. ■Each project must integrate CNES security requirements. ■CNES ISS authorities (independent of project team) must be involved in each key event of the project. ■Security requirements must be function of functional sensitivity and security risks.

3 ISS approach 1/6 ■ISS approach for project development must be integrated in the global approach of the project. ■The following slides describe the main stages (V cycle) of a project and, for each of them, what are the relevant security items. ■Two security activities are dealt with:  security of target IS to be developed,  security of development environment.

4 ISS approach 2/6 PhaseISS actionsDocuments involved in ISS identification of IS functional sensitivity Expressions of the needs Expression of functional needs Expression of security needs and objectives (EBIOS method – Expression of Security Needs and Identification of Security Objectives) MoU MoA

5 ISS approach 3/6 PhaseISS actionsDocuments involved in ISS development of security requirements to be included in system requirements document RequirementsSystem requirements document development of requirements for securing development environment Environment security requirements MoU, MoA

6 ISS approach 4/6 PhaseISS actionsDocuments involved in ISS Project specific ISS trainingManagement plan Design / Development Testing plan ISS follow-up (auditing, validation of documents, validation of project milestones) Design document Security directory Audit report

7 ISS approach 5/6 PhaseISS actionsDocuments involved in ISS testing results Testingtesting compliance between security requirement and IS implementation ISS assessment Maintenance, operation and support manuals Audit report

8 ISS approach 6/6 PhaseISS actionsDocuments involved in ISS Operation / Maintenance ISS follow-up, Survey (auditing, ISS advisories management, …) Reporting document

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.