Subject | Target group |
Laws & Regulations (privacy, data protection, export) | Systems management, users |
Secure Software development | User, user coordinator, contractor |
System hardening | System admin, network engineering |
System operations | System admin, network engineering |
Monitoring and logging | System admin, network engineering, response teams |
Forensics | Response teams |
Incident respons and analysis | Response teams |
Contigency planning and disaster recovery | Management, governance, admin, user coordinator, response team |
Organisation, roles, responsibilities (generic introduction) | All |
AAI proces and procedures, FIM, SSO | System admin, user coordinator |
Systems design | Architect, network engineer |
General use and awareness | Users, user coordinator, all |
Developing and maintaining policies and procedures | Management, governance |
Applying policies and procedures | Architect, system admin, user coodinator |
System acquisition | Acquistion |
Decommissioning (data leakage prevention) | Admins, governance, user coordinator |
Risk management |
Laws & Regulations (privacy, data protection, export)
Secure Software development
Training withing this group should focus on all the aspects related to software programming from the security point of view. It should include integrating security practices into the software development lifecycle and verifying the security of internally developed applications before they are deployed. This will help to mitigate risk from internal and external sources. Security practices which should be included are: design, construction, testing, release, and response.
One of the important steps in secure development is integrating testing tools and services into the software development lifecycle. The training could describe or train on tools allowing developers to model an application, scan the code, check the quality and ensure that it meets regulations. Furthermore, automated secure development testing tools that find and fix security issues could be elaborated.
Additionally secure development trainings could be offered certifying experience in secure development.
See e.g.: http://www.sans.org/curricula/secure-software-development
System hardening