Elements and Performance Criteria
- Undertake risk assessment
- Identify functionality and features of the website and confirm with client
- Identify security threats with reference to functionality of the site and organisational security policy, legislation and standards
- Complete a risk analysis to prioritise security threats and identify system vulnerabilities
- Identify resource and budget constraints and validate with client as required
- Source appropriate products, security services and equipment according to enterprise purchasing policies
- Secure operating systems (OS)
- Secure site server
- Secure data transactions
- Monitor and document security framework
- Develop a program of selective independent audits and penetration tests
- Determine performance benchmarks
- Implement audit and test programs, and record, analyse and report results
- Make security framework changes based on test results
- Develop the site-security plan with reference to security policy and requirements
- Develop and distribute related policy and procedures to client