The University of SydneyPage 42SSE-CMM Security Engineering Process AreasProcess Area Goals Administer Security Controls - Security controls are properly configured and used. Assess Operational Security Risk - An understanding of the security risk associated with operating the system within a defined environment is reached. Attack Security - System vulnerabilities are identified and their potential for exploitation is determined. Build Assurance Argument - The work products and processes clearly provide the evidence that the customer’s security needs have been met. Coordinate Security - All members of the project team are aware of and involved with security engineering activities to the extent necessary to perform their functions. - Decisions and recommendations related to security are communicated and coordinated. Determine Security Vulnerabilities - An understanding of system security vulnerabilities is reached. Monitor System Security Posture - Both internal and external security related events are detected and tracked. - Incidents are responded to in accordance with policy. - Changes to the operational security posture are identified and handled in accordance with security objectives. Provide Security Input - All system issues are reviewed for security implications and are resolved in accordance with security goals. - All members of the project team have an understanding of security so they can perform their functions. - The solution reflects the security input provided. Specify Security Needs - A common understanding of security needs is reached between all applicable parties, including the customer. Verify and Validate Security - Solutions meet security requirements. - Solutions meet the customer’s operational security needs.