Technology Risks: CISSP: Software Development Security

Sunday, August 17, 2014

CISSP: Software Development Security

Today most commercial applications are designed for functionality with security usually an afterthought. This has caused the modern world a host of security-related problems such as legitimate programs allowing users to perform otherwise restricted functions through subversion.

A day does not go by without someone releasing a ‘security alert’ regarding a particular program. Soon after (or we hope) its creator releases a ‘bug-fix’ that hopefully fixes the flawed program. Since both hackers and system administrators have access to this information, it is literally a race for the administrators to fix their faulty systems before the hackers can attack the weakness.

Therefore, the security of a particular product actually starts with the original programmer. Application and Systems Development Security is an extremely important topic for programmers and the continued importance of information security.

This domain includes:

Systems development life cycle (SDLC)
Application environment and security controls
Effectiveness of application security

Here are some videos which explains Software Development Security well:

[More ....]

No comments:

Post a Comment

I am a technology management consultant and a course facilitator. I have more than twenty-five years of experience in the IT industry and specialise in information security and risks. This profession has taken me to live in many countries in Europe, Africa, Australia and Asia for twenty years, meeting many competent practitioners in the process.

This blog is for my clients, my students and anyone interested in technology management and the risks that come with it.

It enumerates the various industry best practices to mitigate real world risks, which will also include: my anecdotes; videos and links found elsewhere in Cyberspace. I mean, why reinvent the wheel when there are already good stuff out there?

This will save you some time foraging the Internet for good quality material to study or apply at work.

Do let me know when you find even better materials out there, so that I can post them here and more people will benefit from it.

Some of my clients are:
Standard Chartered Bank, Astrazeneca, S.W.I.F.T., Shell, Barclays Bank, European Commission, Lloyds-TSB, BHP, South African Directorate of Communications, HP, IBM, Philip Morris, Belgacom, Flemings Asset Management Luxembourg, Octopus (HK), Protonworld, Riyad Bank, Al-Rajhi Bank, Saudi-Hollandi Bank, RHB Group, Mandiri Bank, UOB Bank, BNI Bank, Jebsen and Jessen, CEGB (UK), Temasek Polytechnic, Embry-Riddle Aeronautical University Asia.

Contact:

Michael Chua

mysticmichael@gmail.com

Services:

1. Vulnerability Testing
- Computer and Network Infrastructure Tests
- Configuration, Compliance and Inter-operability

2. Risk Assessment
- Total Defence Inspection
- Beyond computers and technology
- Risk Quantification and Management

3. Information Security Operations
- Policy, Process and Procedure
- Scenario Planning
- Crisis Management Rehearsals

4. Information Security Design and Development
- Organisational Structure
- Security Control Implementation
- System Release

5. Awareness Campaign
- Educating the public, employees and business partners about the importance of secure practices

6. Business Continuity Planning and Management
- Physical Crisis
- Technology Crisis
- Epidemics