This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Video Game Security Framework"
(→Licensing) (Tag: Visual edit) |
(→Classifications) (Tag: Visual edit) |
||
| Line 111: | Line 111: | ||
== Business Strategy & Risk == | == Business Strategy & Risk == | ||
| − | The | + | The purpose of Strategy & Risk in the framework is to layout a guiding path to creating and completing security related initiatives in gaming. |
| + | |||
| + | Strategy & Risk Process | ||
| + | # Establish Purpose | ||
| + | # Triage Capabilities | ||
| + | # Define Vision | ||
| + | # Plan Next steps | ||
| + | |||
| + | '''Establish Purpose''' | ||
| + | |||
| + | Its important to understand in detail the goal of the overall security strategy and how can you capture requirements to ensure this phase is properly completed. | ||
| + | |||
| + | '''What''' do we want our security posture to look like in the future? | ||
| + | # Better alignment with the business Budget planning, security is apart of future business decisions | ||
| + | # Improve financials decisions (Decrease spending, smarter spending) | ||
| + | # Return on Investment (ROI) (competitive advantage, increase market share, consumer trust) | ||
| + | # | ||
| + | '''Which''' resource provider and type is this policy targeting? Example: Microsoft.Network/networkInterfaces | ||
| + | |||
| + | '''What''' is the use case for the policy? Example: Block all Public IPs within the Dow tenant | ||
| + | |||
| + | '''Which''' scope, such as management group, subscription, or resource group, should the policy target? ''Example:'' CloudAll | ||
| + | |||
| + | '''Which''' policy effect? Example: Deny | ||
| + | |||
| + | 1. Disabled – Useful for testing situations or for when the policy definition has parameterized the effect. This flexibility makes it possible to disable a single assignment instead of disabling all of that policy's assignments. | ||
| + | |||
| + | 2. Append – Add additional fields to the requested resource during creation or update. Common example is adding tags on resources such as costCenter or specifying allowed IPs for a storage resource | ||
| + | |||
| + | 3. Deny – Prevent a resource request that doesn't match defined standards through a policy definition and fails the request. | ||
| + | |||
| + | 4. Audit – Create a warning event in the activity log when evaluating a non-compliant resource, but it doesn't stop the request. Can then use Azure Monitor to trigger serverless compute and automate more complex remediations. | ||
| + | |||
| + | 5. AuditIfNotExists – Enables auditing on resources that match the if condition, but doesn't have the components specified in the details of the then condition. | ||
| + | |||
| + | 6. DeployIfNotExists – Executes a template deployment for resources that match the if condition, but doesn't have the components specified in the details of the then condition. | ||
| + | |||
| + | What is the name of the policy definition? Development environments should be Prefixed with (Dev). | ||
| + | |||
| + | Examples: Restrict Public IP; (Dev) Deny SQL database TDE disablement | ||
| + | |||
| + | Naming convention: | ||
| + | |||
| + | • Allow = “Deny” with whitelist | ||
| + | |||
| + | • Deny = “Deny” with blacklist | ||
| + | |||
| + | • Limit = "Deny" if not in specific set | ||
| + | |||
| + | • Enforce = "Deny" with specific expected value | ||
| + | |||
| + | • Restrict = "Deny” with specific unexpected value | ||
| + | |||
| + | • Apply = “Append” | ||
| + | |||
| + | • Deploy = "DeployIfNotExist” | ||
| + | |||
| + | • Audit = “Audit” or “AuditIfNotExists” | ||
| + | |||
| + | • Require = "Deploy", “Deny”, or “DeployIfNotExists” | ||
{| class="wikitable" style="text-align: left" border="1" | {| class="wikitable" style="text-align: left" border="1" | ||
Revision as of 17:57, 26 April 2019
OWASP Video Game Security Framework (VGSF)OWASP Video Game Security Framework (VGSF) defines an approach to discovering solutions for strategy, development, operations, and management surrounding security for video game industry business models
Most organizations that operate in the digital landscape approach security as a last afterthought when compared to the overall business strategy and operations. In the recent years it has become more apparent the consequences of such behavior with increasingly amounts of data breaches happening. The cost associated with an organization’s loss of intellectual property and other digital assets has reached the millions.
This will be one of the largest sections as it is comprised of many different aspects of overall cyber security
LicensingThe OWASP Video Game Security Framework is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|
What is the OWASP Video Game Security Framework?The goal of the OWASP Video Game Security Framework is to provide an adaptable blueprint to guide the development and deployment of cyber resiliency within a video game enterprise operation. The target audience for the project includes:
Project Leaders
Contributors
Related Projects |
CollaborationJoin the discord channel: [1] Quick DownloadCOMING SOON News and Events
Classifications
| |||||||
