Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNES security development process. 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must.

Published byMelissa Wade Modified over 9 years ago

Similar presentations

Presentation on theme: "CNES security development process. 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must."— Presentation transcript:

1 CNES security development process

2 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must be approved on relevant functional/hierarchical level. ■For each project, ISS must be integrated in the project management. ■Each project must integrate CNES security requirements. ■CNES ISS authorities (independent of project team) must be involved in each key event of the project. ■Security requirements must be function of functional sensitivity and security risks.

3 3 ISS approach 1/6 ■ISS approach for project development must be integrated in the global approach of the project. ■The following slides describe the main stages (V cycle) of a project and, for each of them, what are the relevant security items. ■Two security activities are dealt with:  security of target IS to be developed,  security of development environment.

4 4 ISS approach 2/6 PhaseISS actionsDocuments involved in ISS identification of IS functional sensitivity Expressions of the needs Expression of functional needs Expression of security needs and objectives (EBIOS method – Expression of Security Needs and Identification of Security Objectives) MoU MoA

5 5 ISS approach 3/6 PhaseISS actionsDocuments involved in ISS development of security requirements to be included in system requirements document RequirementsSystem requirements document development of requirements for securing development environment Environment security requirements MoU, MoA

6 6 ISS approach 4/6 PhaseISS actionsDocuments involved in ISS Project specific ISS trainingManagement plan Design / Development Testing plan ISS follow-up (auditing, validation of documents, validation of project milestones) Design document Security directory Audit report

7 7 ISS approach 5/6 PhaseISS actionsDocuments involved in ISS testing results Testingtesting compliance between security requirement and IS implementation ISS assessment Maintenance, operation and support manuals Audit report

8 8 ISS approach 6/6 PhaseISS actionsDocuments involved in ISS Operation / Maintenance ISS follow-up, Survey (auditing, ISS advisories management, …) Reporting document

Download ppt "CNES security development process. 2 Basic rules High level principles for ISS activities on projects are: ■Decisions dealing with security risks must."

Similar presentations

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS 1 1 1.

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.

Chapter 7: Key Process Areas for Level 2: Repeatable - Arvind Kabir Yateesh.
SIEP HSE Management System

SIEP HSE Management System
Draft Operational procedures for registry systems 09 November 2004 Bonn, Germany Technical Breakout Group.

Draft Operational procedures for registry systems 09 November 2004 Bonn, Germany Technical Breakout Group.
INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.

INTERNATIONAL BEST PRACTICES IN ON-SITE INSPECTIONS OF INSURERS Thomas E Power Senior Manager, Emerging Market Practice Bearing Point.
Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.

Christopher P. Cabuzzi CS 591 DEFENSE INFORMATION ASSURANCE CERTIFICATION & ACCREDITATION PROCESS (DIACAP) Chris Cabuzzi, DIACAP, 12/8/10 1.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.

Doğancan USTACAN Hasan KÜTÜKÜT Abdullah Cihan Küçük Sevil KUGU.
© The Association of Independent Schools of NSW Preparing for the ASQA Audit.

© The Association of Independent Schools of NSW Preparing for the ASQA Audit.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
7/16/20151 Quality Assurance Overview. 7/16/20152 Quality Assurance System Overview FY 04/05- new Quality Assurance tools implemented  included CMS Quality.

7/16/20151 Quality Assurance Overview. 7/16/20152 Quality Assurance System Overview FY 04/05- new Quality Assurance tools implemented  included CMS Quality.
Internal Control and Internal Audit

Internal Control and Internal Audit
Internal Audit Practices MINISTRY OF FINANCE OF REPUBLIC OF TURKEY Twinning Project - Kick-off Meeting Dedeman Hotel 30.3.2005.

Internal Audit Practices MINISTRY OF FINANCE OF REPUBLIC OF TURKEY Twinning Project - Kick-off Meeting Dedeman Hotel
Session No. 4 Implementing Service Providers SMS Implementing the State’s Safety Programme SMS Senior Management Workshop Rome, 21 May 2007.

Session No. 4 Implementing Service Providers SMS Implementing the State’s Safety Programme SMS Senior Management Workshop Rome, 21 May 2007.
Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.

Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.
Module 1, Part 1: Introduction and The VMP Slide 1 of 22 © WHO – EDM Validation Supplementary Training Modules on Good Manufacturing Practices.

Module 1, Part 1: Introduction and The VMP Slide 1 of 22 © WHO – EDM Validation Supplementary Training Modules on Good Manufacturing Practices.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
1 Configuration Management 101 ITS Professional Capacity Building Program T3 Webinar February 21, 2008.

1 Configuration Management 101 ITS Professional Capacity Building Program T3 Webinar February 21, 2008.
Introduction to Software Quality Assurance (SQA)

Introduction to Software Quality Assurance (SQA)

Similar presentations

Ads by Google