Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review Security Control checklist and SOAR document #1495

Open
6 tasks
webgismd opened this issue Oct 18, 2023 · 6 comments
Open
6 tasks

Review Security Control checklist and SOAR document #1495

webgismd opened this issue Oct 18, 2023 · 6 comments
Labels
documentation Improvements or additions to documentation

Comments

@webgismd
Copy link

As a (User Type/Persona) I want (Feature/enhancement) So That (Value, why is this wanted, what is the user trying to accomplish)

As a director, I want to know and tell the story about how DevOps can cover off items listed in the SOAR and Security control checklist.. two documents that can be used to get a signed STRA... this can also feed into the latest condos or SDLC standards.

Additional Context

  • enter text here
  • enter text here

Acceptance Criteria

  • Given (Context), When (action carried out), Then (expected outcome)
  • Given (Context), When (action carried out), Then (expected outcome)
    Given the completion of documentation. Then directors and newbs can understand the benefits of devops.

Definition of Done

  • [x ] Ready to Demo in Sprint Review
  • Does what I have made have appropriate test coverage?
  • Documentation and/or scientific documentation exists and can be found
  • [x ] Peer Reviewed by 2 people on the team
  • Manual testing of all PRs in Dev and Prod
  • Merged
@webgismd webgismd added the documentation Improvements or additions to documentation label Oct 18, 2023
@webgismd
Copy link
Author

Might need two tickets for this dunno

@DerekRoberts
Copy link
Member

@webgismd Could you please point me to the relevant docs? No worries about tickets. :)

@webgismd
Copy link
Author

BC IDIM Key STRA Controls and an example

@webgismd
Copy link
Author

there could be other things to peruse here and child pages -- https://apps.nrs.gov.bc.ca/int/confluence/display/FSAST1/Security+and+Privacy

@DerekRoberts
Copy link
Member

https://www2.gov.bc.ca/assets/gov/government/services-for-government-and-broader-public-sector/information-technology-services/standards-files/imit_611_security_threat_risk_assessment_standard.pdf

https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/im-it-standards/find-a-guideline-policy

https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/security-threat-and-risk-assessment/concepts

https://intranet.gov.bc.ca/thehub/ocio/ocio-enterprise-services/information-security-branch/vulnerability-and-risk-management/security-threat-and-risk-assessment

https://intranet.gov.bc.ca/thehub/ocio/ocio-enterprise-services/information-security-branch/vulnerability-and-risk-management/web-app-scanning

https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/professional-development

@DerekRoberts
Copy link
Member

https://owasp.org/www-project-top-ten/

https://www.cisecurity.org/benchmark/postgresql

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
DevOps (NR)
Status: Sprint
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DerekRoberts @webgismd