Who Does What?


Designing and building secure applications is a collaborative effort involving multiple roles. This guide is structured to address each role and the relevant security factors to be considered by each role. The categorization and the issues addressed are outlined below.

RACI Chart

RACI stands for:

  • R esponsible (the role responsible for performing the task)

  • A ccountable (the role with overall responsibility for the task)

  • C onsulted (people who provide input to help perform the task)

  • Keep I nformed (people with a vested interest who should be kept informed)

You can use a RACI chart at the beginning of your project to identify the key security related tasks together with the roles that should execute each task.

Table 4 illustrates a simple RACI chart for this guide. (The heading row lists the roles; the first column lists tasks, and the remaining columns delineate levels of accountability for each task according to role.)

Table 4: RACIChart

Tasks

Architect

System Administrator

Developer

Tester

Security Professional

Security Policies

 

R

 

I

A

Threat Modeling

A

 

I

I

R

Security Design Principles

A

I

I

 

C

Security Architecture

A

C

   

R

Architecture and Design Review

R

     

A

Code Development

   

A

 

R

Technology Specific Threats

   

A

 

R

Code Review

   

R

I

A

Security Testing

C

 

I

A

C

Network Security

C

R

   

A

Host Security

C

A

I

 

R

Application Security

C

I

A

 

R

Deployment Review

C

R

I

I

A




Improving Web Application Security. Threats and Countermeasures
Improving Web Application Security: Threats and Countermeasures
ISBN: 0735618429
EAN: 2147483647
Year: 2003
Pages: 613

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net