Product Security Knowledge
Overview coming soon.
Overview coming soon.
With the Technology Community Of Practice charged with continuously improving the understanding of security across the Product Delivery Organisation, they are responsible for maintaining Product Security Knowledge to keep it relevant and clear.
Much like this framework has guidance for what are quite terse policy objectives, your definition of Agreed Ways Of Working probably needs some more verbose and context-setting information to help Product Teams understand and meet its requirements.
There’s a real human writing these and breaking the fourth wall here, hello! It’s not all ChatGPT nowadays, after all…
Don’t be afraid to have some personality and opinion in this guidance. Security shouldn’t hide behind formal language and specifications, help it resonate and inform the people that need to understand it.
It’s the Technology Community Of Practice that provides this guidance to help with the adoption of Agreed Ways Of Working by Product Teams.
Much like this framework has guidance for what are quite terse policy objectives, your definition of Product Security Levels probably needs some more verbose and context-setting information to help Product Teams understand and meet their requirements.
It’s the Technology Community Of Practice that provides this guidance to help with the selection of the right Product Security Level by Product Teams and then for them to meet the security requirements for their Product.
To ensure everyone in the Product Delivery Organisation follows Agreed Ways Of Working it’s essential that the Technology Community Of Practice include learning objectives specific to the Product Delivery Organisation’s Agreed Ways Of Working.
To ensure all Product Teams meet the security requirements for their Product it’s essential that the Technology Community Of Practice include learning objectives specific to the Product Delivery Organisation’s Product Security Levels.
Everyone within the Product Delivery Organisation that contributes to Product delivery, whether that’s directly as part of a Product Team, or indirectly as a supporting function must understand how security is managed in Product delivery. Training is essential to prevent knowledge gaps anywhere in the organisation that may cause a security incident, directly or indirectly.
Being accountable for the security of their Products and of their Product Team, it’s clear that the Product Lead is also accountable for their Product Team understanding the Agreed Ways Of Working they must follow.
Being accountable for the security of their Products and of their Product Team, it’s clear that the Product Lead is also accountable for their Product Team understanding the Product Security Level requirements their Product must meet.
Being accountable for the responsibilities of the Product Delivery Organisation, it’s clear that the Head Of Product Delivery Organisation is also accountable for members of the Product Delivery Organisation understanding the Agreed Ways Of Working they must follow.
Being accountable for the responsibilities of the Product Delivery Organisation, it’s clear that the Head Of Product Delivery Organisation is also accountable for members of the Product Delivery Organisation understanding the Product Security Levels in use.