513
edits
Changes
Jump to navigation
Jump to search
mLine 80:
Line 80: − + Line 159:
Line 159: − i. Prioritize ease of use in security design to make security simple for users; + − ii. Protected from common security vulnerabilities; + − iii. Expose and secure only the interfaces necessary to operate the service; + − iv. Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and + − v. Fail secure even if the system encounters an error or crashes. +
GC Enterprise Architecture/Framework (view source)
Revision as of 17:00, 31 July 2019
, 17:00, 31 July 2019no edit summary
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
* <i><u> Only handle data which is essential to your service. Do not store all data that you capture unless absolutely necessary</i></u>
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
* Ensure data is stored in a secure manner in accordance with <I><u>CSE approved cryptographic algorithms and protocols</I></u> and <I><u>legislation such as</I></u> the Privacy Act
* <I><u>Retain data fro the minimum time necessary.</u></I> Follow existing retention and disposition schedules
* <I><u>Retain data for the minimum time necessary.</u></I> Follow existing retention and disposition schedules
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
* Ensure data is stored in a way to facilitate easy data discoverability, accessibility and interoperability
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.
* Apply a defense in depth approach to reduce exposure to threats and minimize the degree of compromise.
* Design services that:
* Design services that:
** Prioritize ease of use in security design to make security simple for users;
** Protected from common security vulnerabilities;
** Expose and secure only the interfaces necessary to operate the service;
** Are resilient and can be rebuilt quickly to a known clean state in the event that a compromise is detected; and
** Fail secure even if the system encounters an error or crashes.
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment
* Integrate and automate security testing to validate code and address vulnerabilities prior to deployment
* Reduce human intervention and maximize automation of security tasks and processes.
* Reduce human intervention and maximize automation of security tasks and processes.
