Security Implementation Plans
No more impractical and irrelevant mitigation steps. Tailor-made Security Implementation Plans will provide you with detailed, step-by-step, and down-to-the-point instructions for your dev team. Get your own Security Implementation Plan free of charge with your Security Assessment.
What's This?
Information Security Implementation stands for "the set actions that should be taken in order to answer a set Information Security Requirements".
Information Security Requirements can be derived in several different contexts:
as a result of Security Assessment, for while mitigating known risks.
apart of a refactor or initial design of a project - for example in Product Requirements Document (PRD) and High-Level Design papers (HLD).
regulatory and standards compliance.
As you might have guessed - Security Implementation Plan is very much as it sounds -
it is a dedicated plan for security implementation.
Such a plan usually describes step-by-step technical instructions that may be provided to technically-oriented personnel.
All security requirements (that were set in the plan initiation), should be met once all steps in the plan are completed.
What You're Getting?
A robust, step-by-step, practical means for you to properly secure your solutions.
OwnSec treats Implementation Plans as dev-projects for all intents and purposes. Updates about plan progression are provided on a chosen time basis and access to the plan can be achieved at any time.
Extra hours for Implementation Consultancy or pair-programming - free of charge.
Important Note: Implementation Plans are free of charge as part of Security Assessments (As mentioned in the Security Assessment service page)
How It's Done?
Security Implementation Plan is a rather straightforward procedure:
Information Security Requirements are gathered and stated at the plan initiation. As mentioned, these requirements usually stem from Security Assessments compliance/regulation Gap Analysis, PRD/HLD (solution definition documents).
If there is no previous knowledge of the technical context of the requirements - the system and business factors are briefly reviewed.
Once everything is set, the plan development phase begins.
Plan Delivery - if required, plans can be delivered incrementally over time in order to meet time schedules, otherwise plan delivery is scheduled regularly, on a specified date.
