This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Video Game Security Framework"
From OWASP
m |
m (→Quick Download) (Tag: Visual edit) |
||
Line 325: | Line 325: | ||
'''Governance & Compliance Process''' | '''Governance & Compliance Process''' | ||
<br /> | <br /> | ||
− | :1. Regulation | + | :1. Regulation |
− | :2. Audit | + | :2. Audit |
− | :3. Monitor | + | :3. Monitor |
− | :4. Control | + | :4. Control |
<br /> | <br /> | ||
− | '''1. Regulation | + | '''1. Regulation''' |
<br /> | <br /> | ||
− | There are many regulations that attribute to organizational compliance and understanding policies that | + | There are many regulations that attribute to organizational compliance and understanding policies that align to the business model and future security strategy is the first step. |
<br /> | <br /> | ||
Line 363: | Line 363: | ||
::d) Google | ::d) Google | ||
::e) Amazon | ::e) Amazon | ||
− | ::f) | + | ::f) Apple |
::g) Steam | ::g) Steam | ||
Line 371: | Line 371: | ||
<br /> | <br /> | ||
− | 2. '''Audit | + | 2. '''Audit''' |
<br /> | <br /> | ||
− | The best way to ensure an organization is maintaining the | + | The best way to ensure an organization is maintaining the proper level of compliance is to audit. |
Auditing involves performing routine internal checks to ensure policies are being followed by all. | Auditing involves performing routine internal checks to ensure policies are being followed by all. | ||
Line 415: | Line 415: | ||
<br /> | <br /> | ||
− | Monitoring involves watching an existing | + | Monitoring involves watching an existing business environment for changes related to the overall compliance status. The goal is to detect anomalies and watch organizational trends from a compliance point of view. This valuable information will aid in quickly remedying non-compliance and developing new strategies by pinpointing areas of improvements. |
<br /> | <br /> | ||
Line 433: | Line 433: | ||
::b) Is the Incident Response plan being implemented and tracked at each stage | ::b) Is the Incident Response plan being implemented and tracked at each stage | ||
+ | <nowiki>**</nowiki>''Overall if anything goes wrong, will you be able to pinpoint where non-compliance is.'' | ||
− | + | '''''How ''''' do we want to view information on what is being monitored? | |
− | ''''' | ||
:1) Reports | :1) Reports | ||
:2) Dashboards/Charts | :2) Dashboards/Charts | ||
Line 457: | Line 457: | ||
<br /> | <br /> | ||
− | During this phase an org must implement controls in place to | + | During this phase an org must implement controls in place to structure compliance in daily operations. The goal should not only be to set up a compliance framework but to use as much automation as possible. This will in turn reduce overhead and will make compliance easier to manage and modify in the future. |
<br /> | <br /> | ||
Line 466: | Line 466: | ||
:1) People | :1) People | ||
+ | |||
+ | :a) Work Requirements | ||
:2) Process | :2) Process | ||
+ | |||
+ | :a) Change management | ||
:3) Technology | :3) Technology | ||
+ | :a) Identity Access Management (IAM) Software | ||
<br /> | <br /> | ||
'''''What''''' can be done to automate future compliance controls? | '''''What''''' can be done to automate future compliance controls? |
Revision as of 20:00, 1 May 2019