Home :: Content

ASU Web Developer Security Training - 18 Month Audit Requirement


Quick View
Summary: 

Per a recommendation in the Auditor General Information Technology Security 12 Month Follow-up Report, the University Technology Office will create and coordinate Web Development Standards training for web developers university-wide.

Start Date: 
September 28, 2009
Go Live: 
November 27, 2009
End Date: 
January 8, 2010
Current Milestone: 
11/30/09 - Release Blackboard course to Web Developers
Stage: 
On track
People
Sponsor/Champion: 
Adrian Sannier, Vice President and University Technology Officer
Lead Customer: 
Tina Thorstenson
Project Manager: 
Barbara Sowden
Contact for more information: 
Barbara.Sowden@asu.edu
Associate VP University Technology: 
Tina Thorstenson
University Technology Director: 
Leah Lommel
More Info
Source: 
Executive
Department: 
UTO
Priority: 
High
Scope: 
  1. Identify University Wide Developers
    1. Identify through TAG -ask that they provide a list of developers in their area
    2. Request that TAG provide knowledge of any changes in this developer list (new developers will be asked to take the Blackboard course prior to any development)
  2. Content Development
    1. Development Standards as published through GetProtected.asu.edu
    2. New Scanning Requirements
    3. OWASP Standards
    4. ARB Standards
    5. Final Review Quiz
  3. Communication for new developer training requirements
    1. Publish new training requirements on GetProtected.asu.edu
    2. Announce new requirements to University Developers, TAG, and UTC
  4. Content Deployment
    1. New BlackBoard Coure
    2. Verify that all developers have reviewed the BlackBoard course & passed the quiz
  5. New Training Sessions for developers
    1. Create regularly held meetings for ongoing developer training
  6. Reporting
    1. Prepare response 18 Month Audit no later than December 1, 2009
    2. Include the training materials
    3. Include lists of participants for each course
    4. Include schedule for upcoming developer meetings
Deliverables: 
  • BlackBoard course for Web Development Security
  • List of current ASU web developers (with verification that they took the course)
  • Process to maintain this list and maintain training for new developers
  • Provide a list of scheduled meetings and potential targeted training courses to be offered periodically
Syndicate content