Changes

m
no edit summary
Line 80: Line 80:  
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
 
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
 
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
 
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
* <I><u>Retain data fro the minimum time necessary.</u></I> Follow existing retention and disposition schedules
+
* <I><u>Retain data for the minimum time necessary.</u></I> Follow existing retention and disposition schedules
 
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
 
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
   Line 159: Line 159:  
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.  
 
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.  
 
* Design services that:
 
* Design services that:
i. Prioritize ease of use in security design to make security simple for users;  
+
** Prioritize ease of use in security design to make security simple for users;  
ii. Protected from common security vulnerabilities;  
+
** Protected from common security vulnerabilities;  
iii. Expose and secure only the interfaces necessary to operate the service;  
+
** Expose and secure only the interfaces necessary to operate the service;  
iv. Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and  
+
** Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and  
v. Fail secure even if the system encounters an error or crashes.  
+
** Fail secure even if the system encounters an error or crashes.  
 
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment  
 
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment  
 
* Reduce human intervention and maximize automation of security tasks and processes.
 
* Reduce human intervention and maximize automation of security tasks and processes.
514

edits