SECURELINK OPERATIONAL SECURITY

SECURITY ARCHITECTURE AND DESIGN

The System Development Life Cycle (SDLC) essentially consists of initiation, acquisition and development, implementation and assessment, operational and maintenance, and disposal of ICT systems, depending on which methodology is adopted in your organisation or agency.

Information security should be considered at the point where the need for a system has been identified and prior to any acquisition or procurement. Security considerations do not finish after the initiation phase and must continue through-out the entire SDLC.

SecureLink will assist to define requirements and purpose and document the high-level requirements for any new system and provide consultancy services, including risk assessments, control development, system tests and evaluations, certification and accreditation, configuration management, monitoring and sanitisation and disposal for systems at any stage of the SDLC methodology within your organisation/agency to ensure that all security requirements are met.

OPERATIONAL SECURITY MANAGEMENT

Operational security focuses on the controls implemented and executed within your organisation. Management of operational security should involve the review and continual monitoring of all current or planned protective security controls.

Reviews and audits encompass your organisation’s strategic mission, budgets and costs, system and site architecture, damages to reputation or image, core competencies, personnel and physical security and policies and processes.

SecureLink can provide employees with the technical and specialised expertise to effectively audit and evidence systems and premises.

SECURITY DOCUMENTATION

High-level security documentation, such as Security Policies (CEO Guidelines or Directions and ICT Security Plans) allows management to provide direction and show commitment to security. They are developed to cover all agency assets including ICT systems, physical and personnel security and may exist as a single document or as a set of related documents.

Risk Management Plans (RMPs) identify risks and provide appropriate treatments and should be written to cover every asset and/or system within the organisation. It is an important document throughout the lifecycle of an ICT System.

A System Security Plan (SSP) outlines the actions to be taken for implementing the Risk Management Plan controls and again should be defined for every system within the organisation.

A Physical Site Security Plan outlines the actions to be taken for implementing the Risk Management Plan controls and should be written for every physical site within the organisation.