Acme's Operational Network
The Acme Corporation are makers of fine database software. It used to produce jet-propelled pogo sticks, tornado seeds, and other products before a leveraged buyout drove it to a more traditional corporate structure, including a more traditional operational network. After its project to threat model its software goes well, producing useful and actionable bugs, it decides to take a crack at modeling its internal network.
Security Requirements
These requirements were built on those from the Requirements Cookbook (see Chapter 12):
- Operational vulnerability management will track all products deployed on the attack surface.
- Henceforth, all newly deployed software will be checked to ensure it has a vulnerability announcement policy.
- Paul, a project coordinator, has been assigned to track down vulnerability announcement policies per product in use, and to subscribe to all of them.
- Operations will ensure that its firewalls align with the trust boundaries shown...