Follow

Define Owners

A successful deployment of SD Elements begins with defining key roles of ownership for different aspects of the system. These roles are global in nature, meaning they are about overall usage of SD Elements rather than within a specific project. Defining owners ensures accountability. Since usage of SD Elements affects processes, owners are critical to driving adoption, customization, and operations.

While one person may play many or all of these roles in a smaller organization, several people are usually involved in a larger organization. In all cases, somebody needs to be appointed for each role. Lacking owners will lead to underuse of SD Elements and may in fact have a substantial impact on adoption.

Champion

The champion is responsible for spearheading adoption of SD Elements, from a technical standpoint. This is the most critical role in a deployment.

Specific responsibilities include:

  • Setting objectives and defining metrics
  • Finding people to fill other roles, or filling in for those roles
  • Helping development teams understand and use SD Elements
  • Communicating about SD Elements to internal stakeholders
  • Leading product deployment across the enterprise
  • Customizing product features to fit internal standards, not including content customization
  • Maintaining communication with Security Compass for learning about new features and providing feedback

Qualifications for a successful champion:

  • Interest and experience with deploying application security initiatives in the organization
  • Strong desire to implement security early in the SDLC
  • Good organization-specific knowledge (e.g. personal relationships with people throughout the organization)

 

Content Owner

The content owner is responsible for customizing SD Elements content to include organization-specific policies, procedures, requirements, and language. In smaller organizations that are relatively new to application security, there may not be a need for a separate content owner.

Specific responsibilities:

  • Amending SD Elements original content with organization-specific modifications
  • Reviewing SD Elements content updates for relevance and impact to organization
  • Adding new organization-specific Profiles, Tasks, Problems and How-Tos

Qualifications:

  • Domain knowledge of application security
  • Technical writing/editing ability
  • Familiarity with organizational policies & processes

 

System Administrator

The system administrator is responsible for the SD Elements virtual appliance. This role is only applicable to customers with an On-Site Deployment (OSD) virtual appliance.

Specific responsibilities:

  • Installing and configuring SD Elements
  • Installing SD Elements updates
  • Working with SD Elements support to troubleshoot potential system-level technical issues

Qualifications:

 

User Administrator

The user administrator is responsible for user management and/or Single Sign On integration.

Specific responsibilities:

  • Adding and removing users
  • Changing access for users
  • Modifying roles, groups, and business units
  • Configuring Single Sign On, if applicable

Qualifications:

  • Knowledge of Single Sign On mechanism, if applicable

 

Project Manager

The project manager is responsible for overseeing large deployments of SD Elements.

Specific responsibilities:

  • Creating a project plan
  • Assigning and following up on tasks to stakeholders
  • Reporting status to stakeholders

Qualifications:

  • General project management skills
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments