Basic rules High level principles for ISS activities on projects are: • Decisions dealing with security risks must be approved on relevant functional/hierarchical level. • For each project, ISS must be integrated in the project management. • Each project must integrate CNES security requirements. • CNES ISS authorities (independent of project team) must be involved in each key event of the project. • Security requirements must be function of functional sensitivity and security risks.
ISS approach 1/6 • ISS approach for project development must be integrated in the global approach of the project. • The following slides describe the main stages (V cycle) of a project and, for each of them, what are the relevant security items. • Two security activities are dealt with: • security of target IS to be developed, • security of development environment.