application , business , compliances , security

SDLC – Sample Software Development Initiatives Charter

August 7, 2012

Free sample download.

We are generally seeking to establish a minimum environment that enables applications to flourish using compatible standards and policies, where practical:

The infrastructure, then, provides the bridge between data and applications.

  • Goal is to improve security

Security is a cost/benefit proposition

  • Balance security objectives with operational realities

Internal threat is greater than external threat

  • Insider knowledge and understanding of  operational applications is far greater and more dangerous

Perimeter network is secure

  • Assume the Internal network is insecure

Assessment Critical Success Factors

Complete

  • The assessment must be broad and deep in order to review the entire technology stack and application

Accurate

  • All the information and recommendations must be precise and correct to allow for a rapid and thorough implementation of those recommendations

Applicable

  • With the multitude of versions, modules, and configurations of SAP, CRM and Oracle Applications, the assessment must focus not only on the current state of the application but also address future patches, upgrades, and configuration changes.

Effective

  • Changes to the configuration and installation must be supported and work with minimal effort and change.

Efficient

  • The recommendations must able to be implemented in a cost effective and timely manner.

Operational Security Assessment

Operational activities related to the SAP, CRM and Oracle Applications environment are assessed to determine if there are security or controls weaknesses

  • Security management, auditing, monitoring and troubleshooting, change management, patching, and development are assessed for the Oracle Applications, database, application servers, and operating system

Operations specific to Oracle Applications are categorized into 27 domains

  • Domains are individually assessed
  • Domains are mapped to ISO 17799 / 27002 and COBIT
  • Interview questions and tests/validations for each domain are defined in the assessment methodology

https://www.bestitdocuments.com/Samples