Best Practices

Service Oriented Architecture (SOA) Design Checklist:
- Are the service interfaces using message formats from the canonical model?

- Have initial service contracts been defined between all known service consumers?

- Has the project established service contracts with services being provided by other teams, third-party packages, or external providers?

- Do the service contracts include release schedules for milestone builds that are synchronized with the schedule for service consumer development?

- Have service types been identified for all services, and appropriate service implementation platforms chosen based on those types?

Information Security Assessment Methodology

1. Planning
Critical to a successful security assessment, the planning phase is used to gather information needed for assessment execution—such as the assets to be assessed, the threats of interest against the assets, and the security controls to be used to mitigate those threats—and to develop the assessment approach. A security assessment should be treated as any other project, with a project management plan to address goals and objectives, scope, requirements, team roles and responsibilities, limitations, success factors, assumptions, resources, timeline, and deliverables.

2. Execution
Primary goals for the execution phase are to identify vulnerabilities and validate them when appropriate. This phase should address activities associated with the intended assessment method and technique. Although specific activities for this phase differ by assessment type, upon completion of this phase assessors will have identified system, network, and organizational process vulnerabilities.

Security Professionals Skills Matrix - Comparison between Security Specialists, Architects and Professional. The skill set for Security Specialists, Architects and Professionals is slightly different. Below typical task of each career path.

Typical Tasks for Security Specialists:
- Respond to security incidents
- Report on security threats, conduct investigations
- Maintain security infrastructure, including risk and vulnerability assessments
- Research trends and issues related to security threats and control technologies

Typical Tasks for Security Architects:
- Scope and manage projects involving network security resources

Objectives
- The organization manages information system accounts, including authorizing, establishing, activating, modifying, reviewing, disabling, and removing accounts;
- The organization defines in the security plan, explicitly or by reference, the frequency of information system account reviews and the frequency is at least annually;
- The organization reviews information system accounts in accordance with organization-defined frequency; and
- The organization initiates required actions on information system accounts based on the review.

Download free IT Contingency Plan for Business Continuity Plan Template, this simple template is could be used for your refferrence during IT Business Continuity Plan process. This template covers basic process in the BCP process such as: