A Security Practices Evaluation Framework

Publish Operations Guide

Document security concerns applicable to administrators and users, supporting how they configure and operate the software.

Description

The software’s users and administrators need to understand the security risks of the software and how those risks change depending on how the software is configured. Document security concerns applicable to users and administrators, supporting how they operate and configure the software. The software’s security requirements and threat model are expressed in the vocabulary of the user (and administrator).

Practice Implementation Questions

  1. Are security-related aspects of installing and configuring the software documented where users can access them?
  2. Are security-related aspects of operating the software documented where users can access them?
  3. Are abuse cases and misuse cases used to support user documentation?
  4. Are expected security-related alerts, warnings and error messages documented for the user?

Keywords

administrator, alert, configuration, deployment, error message, guidance, installation guide, misuse case, operational security guide, operator, security documentation, user, warning

Links: OWASP Build operational security guide