« CI Sécurité Agile/en » : différence entre les versions

De Wiki Campus Cyber
Aller à :navigation, rechercher
(Page créée avec « '''On 05/30/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:''' * ''Stream Gouvernance'': Finalization of the SSDLC draft, which will continue to be completed. At the same time, 4 major themes were addressed: ** Scoping: definition and control of risks and impacts (linked to Threat Modeling) ** Vulnerability prioritization & finding: definition of criteria and means to facilitate tool apprehension. ** Training awaren... »)
Balise : translate-translation-pages
(Page créée avec « Please note that the date of the next WG is still to be determined. »)
Balise : translate-translation-pages
 
(24 versions intermédiaires par le même utilisateur non affichées)
Ligne 28 : Ligne 28 :
** Ramp up: facilitating SSDLC deployment practices.
** Ramp up: facilitating SSDLC deployment practices.


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Security Champions & SME: Review of questionnaire. Discussion on a potential intermediate deliverable that will synthesize the questionnaire responses.
* ''Stream Security Champions & SME'' : Révision du questionnaire. Discussion sur un potentiel livrable intermédiaire qui synthétisera les réponses du questionnaire.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Technologies: Technology mapping is being finalized, with the first deliverable due by summer.
* ''Stream Technologies'' : Cartographie de technologies en cours de finalisation pour le premier livrable d'ici l'été.
* Stream Threat Modeling: In view of the low number of participants, this stream will be postponed until the autumn, or merged with the Governance stream.
* ''Stream Threat Modeling'' : Au regard du peu de participants, report du stream à la rentrée ou fusion avec le stream Gouvernance.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 16/05/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:'''
'''Le 16/05/23, le GT Cybersécurité Agile s'est réuni en plénière pour faire l'état d'avancement des différents streams :'''
* ''Stream Gouvernance'' : Finalization of the 1st draft of the SSDLC milestones deliverable.
* ''Stream Gouvernance'' : Finalisation en cours du 1er draft du livrable sur les étapes du SSDLC
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Security Champions & SME: Questionnaire to be revised by June 6 and sent to all members of the Agile Security community of interest.
* ''Stream Security Champions & SME'' : Révision du questionnaire d'ici le 6 juin pour envoi à l'ensemble des membres de la communauté d'intérêt Sécurité Agile
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Technologies": Technology mapping being finalized for first deliverable by summer.
* ''Stream Technologies'' : Cartographie de technologies en cours de finalisation pour le premier livrable d'ici l'été.
Drafting of an umbrella text for all WG deliverables.
Rédaction d'un texte chapeau pour l'ensemble des livrables du GT.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 02/05/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:'''
'''Le 02/05/23, le GT Cybersécurité Agile s'est réuni en plénière pour faire l'état d'avancement des différents streams :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Governance: Difficult to set up a SSDLC because of framing difficulties. Change of format with small group discussions on the direction to take, then proposal to the larger group. Set up a task force.
* ''Stream Gouvernance'' : Compliqué d’établir un SSDLC car difficulté à cadrer. Changement de format avec des réflexions en groupe restreint sur la direction à donner puis proposition au groupe élargi. Etablir une task force.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Security Champions & SME: Questionnaire revised, shortened and simplified. To be finalized June 06 in plenary.
* ''Stream Security Champions & SME'' : Révision du questionnaire qui a été raccourci et simplifié. A finaliser le 06 juin en plénière.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Technologies: Mapping in progress. RETEX in writing.
* ''Stream Technologies'' : Cartographie en cours de rédaction. Mise à l'écrit des RETEX.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 18/04/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:'''
'''Le 18/04/23, le GT Cybersécurité Agile s'est réuni en plénière pour faire l'état d'avancement des différents streams :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* ''Stream Gouvernance'': Definition of the various stages of the SSDLC with its security and input prerequisites. These steps will then be prioritized. The aim is to first produce a v1 of the SSDLC to present it to WG members and obtain feedback.
* ''Stream Gouvernance'' : Définition des différentes étapes du SSDLC avec ses prérequis de sécurité et input. Priorisation de ces étapes par la suite. L'objectif est, dans un premier temps, de faire une v1 du SSDLC pour le présenter aux membres du GT et avoir du feedback.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Security Champions & SME": Drafting of a questionnaire to be sent to the community of interest to obtain RETEX and identify common practices.
* ''Stream Security Champions & SME'' : Rédaction d'un questionnaire à adresser à la communauté d'intérêt pour obtenir des RETEX et dégager des pratiques communes.
* Stream Threat Modeling: RETEX collection. Deliverables under discussion.
* ''Stream Threat Modeling'' : Récolte de RETEX. Livrables en cours de discussion.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Technologies": Gathering RETEX on each company's experience of technological deployment. The aim is to establish a technological ramp-up strategy. To do this, it is necessary to list all the technologies to be considered.
* ''Stream Technologies'' : Récolte de RETEX sur les expériences de chacun en termes de déploiement technologique. L'objectif est d'établir une stratégie de ramp up sur l'axe technologique. Pour ce faire, il est nécessaire de lister toutes les technologies à considérer.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 04/04/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:'''
'''Le 04/04/23, le GT Cybersécurité Agile s'est réuni en plénière pour faire l'état d'avancement des différents streams :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* ''Stream Gouvernance'': Kick off to define the frequency of meetings and the expectations of the various members. Umbrella document to be drawn up, with the various processes and prerequisites. No deliverables defined for the moment. The SSDLC will be a central element of governance.
* ''Stream Gouvernance'' : Kick off pour définir la fréquence des réunions et connaître les attendus des différents membres. Document chapeau à rédiger, avec les différents process et les prérequis. Pas de livrables définis pour le moment. Le SSDLC va être un élément central de la gouvernance.
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* ''Stream Security Champions & SME'': Several questions to guide a retex on the Security Champions approach are being written. Send a communication to the community of interest --> Stream Co-leader send the content of the message to the Cyber Campus to relay the message and obtain a wider retex that will benefit all.
* ''Stream Security Champions & SME'' : Plusieurs questions pour guider un retex sur l'approche Security Champions sont en cours d'écriture. Faire passer une communication à la communauté d’intérêt --> Co-leader du stream envoient le contenu du message au Campus Cyber pour relai message et obtenir un retex plus large qui bénéficiera à tous.
* Stream Threat Modeling --> potential deliverables:
* ''Stream Threat Modeling'' --> livrables potentiels :
** Threat Modeling process within SSDLC on 3 maturity levels with RACI
** Process de Threat Modeling au sein du SSDLC sur 3 niveaux de maturité avec RACI
** Attack modeling -> exchange format for information relevant to TM activities.
** Modélisation d’attaques —> format d’échanges sur les infos pertinentes pour les activités de TM.
** Criteria and pitfalls to avoid in TM tools. Threat pooling
** Critères et pièges à éviter dans les outils de TM. Mutualisation de menaces
** Training modules (identify targets, skill families) and mapping.
** Modules de formation (identifier cibles, famille de compétences) et mapping
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream Technologies": Production of a technology maturity matrix (where to start for which tools). Next session: mapping technologies and axes to be considered for the matrix, such as risk management, implementation complexity, cost...
* ''Stream Technologies'' : Production d’une matrice de maturité technologique (par où commencer pour quels outils). Prochaine session : cartographier les technologies et les axes à considérer pour la matrice tels que la maîtrise du risque, la complexité de mise en oeuvre, le coût...
</div>






<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 21/03/23, the Agile Cybersecurity WG worked on:'''
'''Le 21/03/23, le GT Cybersécurité Agile a travaillé sur :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Progress and next steps for each stream
* Les avancées et les prochaines étapes pour chaque stream
* Potential stream deliverables
* Les potentiels livrables des streams
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
''He made the decisions to:''
''Il a pris les décisions de :''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Keep the recurrence of bi-weekly plenary meetings.
* Garder la récurrence de se retrouver toutes les deux semaines en plénière
* Set recurrence for each stream
* Fixer la récurrence de chaque stream
* Prepare workshops for stream
* Préparer les ateliers pour stream
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
Please note that the Tooling stream has been renamed "Technology".
Il est à noter que le stream Outillage a été renommé "Technologie"
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 21/02/23, the Agile Cybersecurity WG worked on:'''
'''Le 21/02/23, le GT Cybersécurité Agile a travaillé sur :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Stream framing
* Le cadrage des streams
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
''He made the decisions to:''
''Il a pris les décisions de :''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Set up two workshops before the next WG. One with the coordinators and leaders of each stream and between stream members.  
* Mettre en place deux ateliers avant le prochain GT. Un avec les coordinateurs et les leaders de chaque stream et entre membres de streams.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
Note that the stream Specificities and regulatory constraints has been replaced by Tooling.
Il est à noter que le stream Spécificités et contraintes règlementaires a été remplacé par Outillage.
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 07/02/23, the Agile Cybersecurity WG worked on:'''
'''Le 07/02/23, le GT Cybersécurité Agile a travaillé sur :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Validation of streams: Governance, Security Champions and EMS, Threat modeling, Regulatory specificities and constraints.
* La validation des streams : Gouvernance, Security Champions et SME, Threat modeling, Spécificités et contraintes règlementaires
* The allocation of WG members to each stream as leaders/contributors/reviewers.
* La répartition des membres du GT sur chaque stream en tant que leaders/contributeurs/relecteurs
</div>






<div lang="fr" dir="ltr" class="mw-content-ltr">
'''On 24/01/23, the Agile Cybersecurity WG worked on:'''
'''Le 24/01/23, le GT Cybersécurité Agile a travaillé sur :'''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Presentation of members
* Présentation des membres​
* WG objectives
* Les objectifs du GT ​
* Deliverables
* Les livrables ​
* Timetable
* Le calendrier ​
</div>




<div lang="fr" dir="ltr" class="mw-content-ltr">
''He made the decisions to:''
''Il a pris les décisions de :''
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
* Meet every 15 days in plenary session.
* Se réunir tous les 15 jours en plénière ​
* Organize into sub-streams based on proposed themes, completed by the WG at the next session.
* S’organiser sous forme de sous streams à partir des propositions de thématiques, complétées par le GT lors de la prochaine session​
* Agree on stream content and roles.
* S’accorder sur les contenus des streams et les rôles de chacun​
</div>


<div lang="fr" dir="ltr" class="mw-content-ltr">
Please note that the date of the next WG is still to be determined.
Il est à noter que la date du prochain GT est à définir.
</div>
{{PageSubHeader Communauté d'intérêt}}
{{PageSubHeader Communauté d'intérêt}}

Dernière version du 27 novembre 2023 à 16:13

Accélérer ou permettre l'implémentation de la Sécurité dans des contextes agiles.

Catégorie : Communauté d'intérêt


Diary of the Agile Security WG

On 05/09/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Gouvernance: New stages proposed for the SDLC, closer to the DevOps philosophy than the traditional scheme. Drafting of V2 document, call for comments.
  • Stream Security Champions & SME": Document outline and positioning of each section. Progress is fairly patchy, but some have started writing.
  • Stream Technology": Evaluation of each technology at each session, recurring once a week. Call on the community of interest to request RETEX on certain technologies.

The overall objective is to agree on a road map to finalize the various deliverables by the end of the year.

On 06/27/23, the Agile Cybersecurity WG met in plenary to review progress on the various streams:

  • Stream Gouvernance : A first draft of the SSLDC deliverable will be finalized in September.
  • Stream Security Champions & EMS: Progress on EMS structure. The form of the deliverable will be defined next week. The various sections will be drafted this summer. The questionnaire will be sent out again this week.
  • Technology Stream: The structure of the deliverable is taking shape. The mapping of technologies has been completed, and the stream is now working on assessing the relevance of each technology according to various criteria, and prioritizing technologies in order to build the ramp-up strategy. Next meeting scheduled for the end of August to resume work on the deliverable.

Creation of assignable tasks with deadlines for each person working independently during the July/August period.

On 05/30/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Gouvernance: Finalization of the SSDLC draft, which will continue to be completed. At the same time, 4 major themes were addressed:
    • Scoping: definition and control of risks and impacts (linked to Threat Modeling)
    • Vulnerability prioritization & finding: definition of criteria and means to facilitate tool apprehension.
    • Training awareness
    • Ramp up: facilitating SSDLC deployment practices.
  • Stream Security Champions & SME: Review of questionnaire. Discussion on a potential intermediate deliverable that will synthesize the questionnaire responses.
  • Stream Technologies: Technology mapping is being finalized, with the first deliverable due by summer.
  • Stream Threat Modeling: In view of the low number of participants, this stream will be postponed until the autumn, or merged with the Governance stream.


On 16/05/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Gouvernance : Finalization of the 1st draft of the SSDLC milestones deliverable.
  • Stream Security Champions & SME: Questionnaire to be revised by June 6 and sent to all members of the Agile Security community of interest.
  • Stream Technologies": Technology mapping being finalized for first deliverable by summer.

Drafting of an umbrella text for all WG deliverables.


On 02/05/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Governance: Difficult to set up a SSDLC because of framing difficulties. Change of format with small group discussions on the direction to take, then proposal to the larger group. Set up a task force.
  • Stream Security Champions & SME: Questionnaire revised, shortened and simplified. To be finalized June 06 in plenary.
  • Stream Technologies: Mapping in progress. RETEX in writing.


On 18/04/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Gouvernance: Definition of the various stages of the SSDLC with its security and input prerequisites. These steps will then be prioritized. The aim is to first produce a v1 of the SSDLC to present it to WG members and obtain feedback.
  • Stream Security Champions & SME": Drafting of a questionnaire to be sent to the community of interest to obtain RETEX and identify common practices.
  • Stream Threat Modeling: RETEX collection. Deliverables under discussion.
  • Stream Technologies": Gathering RETEX on each company's experience of technological deployment. The aim is to establish a technological ramp-up strategy. To do this, it is necessary to list all the technologies to be considered.


On 04/04/23, the Agile Cybersecurity WG met in plenary to report on the progress of the various streams:

  • Stream Gouvernance: Kick off to define the frequency of meetings and the expectations of the various members. Umbrella document to be drawn up, with the various processes and prerequisites. No deliverables defined for the moment. The SSDLC will be a central element of governance.
  • Stream Security Champions & SME: Several questions to guide a retex on the Security Champions approach are being written. Send a communication to the community of interest --> Stream Co-leader send the content of the message to the Cyber Campus to relay the message and obtain a wider retex that will benefit all.
  • Stream Threat Modeling --> potential deliverables:
    • Threat Modeling process within SSDLC on 3 maturity levels with RACI
    • Attack modeling -> exchange format for information relevant to TM activities.
    • Criteria and pitfalls to avoid in TM tools. Threat pooling
    • Training modules (identify targets, skill families) and mapping.
  • Stream Technologies": Production of a technology maturity matrix (where to start for which tools). Next session: mapping technologies and axes to be considered for the matrix, such as risk management, implementation complexity, cost...


On 21/03/23, the Agile Cybersecurity WG worked on:

  • Progress and next steps for each stream
  • Potential stream deliverables


He made the decisions to:

  • Keep the recurrence of bi-weekly plenary meetings.
  • Set recurrence for each stream
  • Prepare workshops for stream


Please note that the Tooling stream has been renamed "Technology".


On 21/02/23, the Agile Cybersecurity WG worked on:

  • Stream framing


He made the decisions to:

  • Set up two workshops before the next WG. One with the coordinators and leaders of each stream and between stream members.


Note that the stream Specificities and regulatory constraints has been replaced by Tooling.


On 07/02/23, the Agile Cybersecurity WG worked on:

  • Validation of streams: Governance, Security Champions and EMS, Threat modeling, Regulatory specificities and constraints.
  • The allocation of WG members to each stream as leaders/contributors/reviewers.


On 24/01/23, the Agile Cybersecurity WG worked on:

  • Presentation of members
  • WG objectives
  • Deliverables
  • Timetable


He made the decisions to:

  • Meet every 15 days in plenary session.
  • Organize into sub-streams based on proposed themes, completed by the WG at the next session.
  • Agree on stream content and roles.

Please note that the date of the next WG is still to be determined.


Groupes de travail

 StatusDescription
Cybersécurité Agile : SSDLCEn coursSchéma de SSDLC qui intègre le design, l'architecture, le developpement, le testing et la maintenance
Cybersécurité Agile : Security Champions & SMEEn coursIdentifier l'intérêt pour les organisations d'avoir des Security Champions et Subject Matter Expert
Cybersécurité Agile : TechnologiesEn coursMise en place d'un ramp-up technologique pour définir une stratégie et un plan de mise en œuvre
Récupérée de « https://wiki.campuscyber.fr/index.php?title=CI_Sécurité_Agile/en&oldid=6792 »

Charte de contribution

Plan du site

Linkedin.png
Youtube.png
Twitter.png
Logo-footer.png

Le Campus Cyber

CC-BY-SA
Powered by MediaWiki
Powered by Semantic MediaWiki