This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP Video Game Security Framework"
From OWASP
m |
(→Prevention) |
||
Line 532: | Line 532: | ||
In the prevention phase begins the implementation of a security solution. | In the prevention phase begins the implementation of a security solution. | ||
This phase can have many sub tasks/levels depending on what you are implementing. | This phase can have many sub tasks/levels depending on what you are implementing. | ||
− | |||
− | |||
− | |||
+ | <br /> | ||
+ | '''Prevention Process''' | ||
+ | <br /> | ||
+ | :1. Plan | ||
+ | |||
+ | :2. Analyze | ||
+ | |||
+ | :3. Design | ||
+ | |||
+ | :4. Build | ||
+ | |||
+ | :5. Deploy | ||
+ | <br /> | ||
+ | '''1. Plan''' | ||
+ | |||
+ | <br /> | ||
+ | Some of the planning work could have been done in the strategy phase. | ||
+ | |||
+ | <br /> | ||
+ | '''''Example Questions to ask:''''' | ||
What do we need a security solution for? | What do we need a security solution for? | ||
1. Application | 1. Application | ||
Line 543: | Line 560: | ||
3. IT infrastructure | 3. IT infrastructure | ||
4. Identity & Access Management | 4. Identity & Access Management | ||
+ | <br /> | ||
+ | '''''What''''' do we need a security solution for? | ||
+ | <br /> | ||
+ | :1) Software Application | ||
+ | |||
+ | ::a) General Data Protection Regulation (GDPR) | ||
+ | ::b) Payment Card Industry Data Security Standard (PCI) | ||
+ | ::c) The National Institute for Standards and Technology (NIST) | ||
+ | |||
+ | :2) Data Protection | ||
+ | |||
+ | ::a) Open Web Application Security Project (OWASP) | ||
+ | ::b) Payment Card Industry Data Security Standard (PCI) | ||
+ | ::c) The National Institute for Standards and Technology (NIST) | ||
+ | |||
+ | :3) IT Infrastructure | ||
+ | |||
+ | ::a) Microsoft | ||
+ | ::b) Sony | ||
+ | |||
+ | |||
+ | |||
+ | :4) Identify & Access Management | ||
+ | <br /> | ||
+ | '''''Does''''' it align with our overall security & business strategy? | ||
+ | |||
+ | <br /> | ||
+ | '''''Does''''' it fit in our current architecture? | ||
+ | <br /> | ||
+ | '''''What''''' would the impact on this solution be? | ||
+ | <br /> | ||
+ | |||
+ | '''2. Analyze''' | ||
+ | <br /> | ||
+ | |||
+ | '''''What''''' capabilities do we need to assess? | ||
+ | :1) Application | ||
+ | :2) Architecture | ||
+ | :3) Processes & Flows | ||
+ | <br /> | ||
+ | |||
+ | '''''What''''' functions exist in the current security solutions vs future? | ||
+ | <br /> | ||
+ | |||
+ | '''3. Design''' | ||
+ | <br /> | ||
+ | '''''How''''' exactly do we want this solution to function? | ||
+ | :1) Configuration | ||
+ | |||
+ | '''4. Build''' | ||
+ | :1) Assigning work tasks and doing them | ||
+ | <br /> | ||
+ | |||
+ | |||
+ | '''5. Test''' | ||
+ | :1) What is our testing strategy? | ||
+ | |||
+ | :2) How do we shift when bugs are found? | ||
+ | |||
+ | <br /> | ||
+ | |||
+ | '''6. Deploy''' | ||
+ | :1) What is our "go-live" strategy for moving the solution from development to production? | ||
+ | |||
+ | <br /> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
{{Social Media Links}} | {{Social Media Links}} |
Revision as of 03:24, 2 May 2019