Difference between revisions of "Cookbook for Security Considerations"
JohnMoehrke (talk | contribs) |
JohnMoehrke (talk | contribs) |
||
| Line 3: | Line 3: | ||
This cookbook is specifically intended for IHE profile writers. Though it is based on best practice, it is not a complete method for thorough risk assessment of a package product. IHE does not endorse any use of this cookbook outside of the scope of IHE profile editing. | This cookbook is specifically intended for IHE profile writers. Though it is based on best practice, it is not a complete method for thorough risk assessment of a package product. IHE does not endorse any use of this cookbook outside of the scope of IHE profile editing. | ||
| − | After presenting the basics of risk assessment and risk mitigation, the cookbook explains how to scope [[ | + | After presenting the basics of risk assessment and risk mitigation, the cookbook explains how to scope [[Security Considerations]] for IHE profiles and finally provides guidelines on the effective writing of the [[Security Considerations]] section. |
Formal White Paper can be found at http://www.ihe.net/Technical_Framework/upload/IHE_ITI_Whitepaper_Security_Cookbook_2008-11-10.pdf | Formal White Paper can be found at http://www.ihe.net/Technical_Framework/upload/IHE_ITI_Whitepaper_Security_Cookbook_2008-11-10.pdf | ||
Revision as of 17:27, 12 February 2010
As not all IHE profile writers are security experts, this cookbook is intended to provide basic knowledge on conducting a risk assessment and some “tricks of the trade” relevant to Security Considerations section writing. It is not only based on best practice in the field of risk assessment and mitigation but also on the experience of the ITI Technical Committee while compiling the Security Considerations section for new profiles during the year 5 cycle (mainly XCA and RFD).
This cookbook is specifically intended for IHE profile writers. Though it is based on best practice, it is not a complete method for thorough risk assessment of a package product. IHE does not endorse any use of this cookbook outside of the scope of IHE profile editing.
After presenting the basics of risk assessment and risk mitigation, the cookbook explains how to scope Security Considerations for IHE profiles and finally provides guidelines on the effective writing of the Security Considerations section.
Formal White Paper can be found at http://www.ihe.net/Technical_Framework/upload/IHE_ITI_Whitepaper_Security_Cookbook_2008-11-10.pdf