User Manual
Security threat and risk assessments are performed
by experts to anticipate foreseeable threats in a product
or solution’s intended operational environment.
This assessment starts early on in the process to identify
and mitigate risks appropriately, and it’s repeated
as required.
Any identified threats or risks need to be treated adequately,
with mitigations that are developed and implemented
in the development or engineering project. This process
also takes into account your existing infrastructure as well
as the integration of third-party components.
Product security testing is conducted regularly, either via
manual penetration tests or in conjunction with automated
machine security testing. Its purpose is to ensure that the
selected product, solution, or service meets your specified
security requirements, to demonstrate that the product
component, solution, or service fulfills your security expec-
tations, and to make sure that it’s securely configured when
in its intended operational environment. This is achieved by
trying to break the system in order to secure it.
The results of the security tests are recorded and used
as a basis for identifying corrective actions. They are
then analyzed and appropriate actions are taken:
for example, a reevaluation is performed and/or mitigation
plans defined.
This stage is implemented in order to ensure a solid product
foundation. Secure architecture is an embedded discipline
that specifies and assures compliance with a wide range
of security measures, requirements, and implementation
guidelines. For example, the Siemens Building Technologies
Division product development process for Siveillance Suite
follows a mandatory cybersecurity policy aligned
with IEC .
This policy provides measures for secure development of
each product in accordance with the appropriate security
level required for your intended operational environment.
Secure coding focuses on standardized and secure imple-
mentation of software components fundamental to our
products, solutions, and services, while secure configura-
tion looks at the hardware components – checking to make
sure that features and functions are secure at the default
level.
Predeploy-
ment
assessment
Predeploy-
ment
assessment
Predeploy-
ment
assessment
Deployment
and
maintenance
Deployment
and
maintenance
Deployment
and
maintenance
Security
testing
Security
testing
Security
testing
Incident and
vulnerability
management
Incident and
vulnerability
management
Incident and
vulnerability
management
Secure
product
architecture
and design
Secure
product
architecture
and design
Secure
product
architecture
and design
Customer
security
objectives and
requirements
Customer
security
objectives and
requirements
Customer
security
objectives and
requirements
Employee
know how
Employee
know how
Employee
know how
Siveillance Suite™ | Cyberintelligent security solutions