514
edits
Changes
GC Enterprise Architecture/Framework (view source)
Revision as of 17:00, 31 July 2019
, 17:00, 31 July 2019no edit summary
Line 80:
Line 80:
i. Prioritize ease of use in security design to make security simple for users; +ii. Protected from common security vulnerabilities; +iii. Expose and secure only the interfaces necessary to operate the service; +iv. Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and +v. Fail secure even if the system encounters an error or crashes. +
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
−* <I><u>Retain data fro the minimum time necessary.</u></I> Follow existing retention and disposition schedules
+* <I><u>Retain data for the minimum time necessary.</u></I> Follow existing retention and disposition schedules
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
Line 159:
Line 159:
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.
* Design services that:
* Design services that:
−** Prioritize ease of use in security design to make security simple for users;
−** Protected from common security vulnerabilities;
−** Expose and secure only the interfaces necessary to operate the service;
−** Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and
−** Fail secure even if the system encounters an error or crashes.
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment
* Reduce human intervention and maximize automation of security tasks and processes.
* Reduce human intervention and maximize automation of security tasks and processes.