Security engineering steps

Security engineering must start early in the application deployment process. In fact, each step in the application deployment should be started early - security planning, securing the system, developing the system with security, and testing the system with security.

As the security architect, we propose you consider the following steps:
  1. Work with the project's implementation team to understand the solution or system architecture.
  2. Identify your security requirements including determining all security standards, laws, and/or regulations with which your system has to comply.
  3. Implement your system with security features and controls enabled.
  4. Ensure that all software components are integrated.
  5. Develop and run end-to-end tests.
  6. Based on your experience with the baseline system, develop your network deployment strategy.
  7. Re-implement the system on the appropriate network zones.
  8. Rerun your test cases.

These actions begin with reading, understanding, and applying the recommendations found in this documentation. These recommendations are specific to the Sterling Selling and Fulfillment Suite applications. Your responsibility, however, does not end here. Your system has to fit within your overall corporate operational environment. You may have very specific security requirements. As a result, YOU have the responsibility to ensure that YOUR system is secure.

Consider the following steps at a minimum:
  • Understand Your System Architecture
  • Build Out Your System
  • Build End-to-End Test Cases
  • Harden the Infrastructure and the Sterling Selling and Fulfillment Suite
  • Design Your Deployment Strategy