search

ministryofjustice / operations-engineering

This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
https://user-guide.operations-engineering.service.justice.gov.uk/
MIT License
14 stars 5 forks source link

🗣️ Capturing Security Requirements for DNS Estate Management Enhancement #4320

Closed jasonBirchall closed 5 months ago

jasonBirchall commented 6 months ago

User Need

As an Operations Engineering Team
I want to conduct interviews and gather information from our security stakeholders
so that we can understand their requirements, concerns, and expectations regarding the security of our organisation's DNS estate.

Value

This initiative aims to proactively identify and align with our organisation's security needs to ensure our DNS management practices are robust, secure, and compliant with industry standards. By understanding the perspectives of security stakeholders, we can enhance our DNS infrastructure's resilience against attacks, ensure continuity of service, and uphold our commitment to safeguarding organisational and customer data.

Functional Requirements:

  1. Develop a comprehensive list of questions to understand security expectations, concerns, and requirement specifics related to DNS management.
  2. Identify and list the key security stakeholders within the organisation who will be interviewed to gather these requirements.
  3. Plan and schedule interviews with these stakeholders to ensure thorough and meaningful engagement.

Non-Functional Requirements:

  1. Ensure that gathering requirements is efficient, minimising disruption to stakeholders' schedules.
  2. Guarantee confidentiality and integrity of the information collected during the interviews.
  3. Documentation of findings must be clear, well-organised, and accessible for reference and action planning.

Acceptance Criteria:

  1. A compiled list of security requirements, concerns, and expectations from all interviewed stakeholders.
  2. An actionable report summarising the interviews' findings, including any identified common themes, unique concerns, and suggested next steps.
  3. Agreement from the Operations Engineering and Security teams on the prioritisation and implementation roadmap for addressing the gathered requirements.

Notes:

jasonBirchall commented 6 months ago

Identified the whole process end-to-end https://drive.google.com/file/d/1odJ1Az5lt45EjNgKwnR673aWta6sp2rv/view?usp=drive_link

jasonBirchall commented 6 months ago

@imkatiewatson & @AntonyBishop - any chance you can cast your eyes over the document attached and see if it makes sense?

jasonBirchall commented 6 months ago

Catching up with members of the team today.

jasonBirchall commented 6 months ago

We will use demos today to flesh out the BT and JISC process.

jasonBirchall commented 6 months ago

After a discussion with a team member, it was decided that we would include the change process in the document and subsequent questions.

jasonBirchall commented 5 months ago

Template created https://docs.google.com/document/d/1XReZmnASl8kaXvYjxZiaFb4XgYlmtBUP8tCQyR1nkV8/edit?usp=sharing

Slack message created and now waiting for a response.

jasonBirchall commented 5 months ago

Interviews were conducted, and a report was generated. Report: https://docs.google.com/document/d/1d_dCBi5T6R1_RdLDk4Av-mZVwwhWpY-z_RTXtSa-fN0/edit Chat: https://mojdt.slack.com/archives/CPVD6398C/p1715074826833529

jasonBirchall commented 5 months ago

Requirements captured and will be assessed in due course.