isms framework control a 14.2
TRANSCRIPT
iFour ConsultancyISO 27001 Control A 14.2Security in Development & Support Process
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com1
A.14.2 Security in Development and Support Process
Objective
Controls
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com2
A.14.2.1 Secure Development Policy
Define rules for software development
Define rules for system development
Apply rules among the entire organization
Testing an integral part of policy
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com3
A.14.2.2 System Change Control Procedures
Define change implementation policy
Security assessment of change
Automated testing tool
Produce compliance reports
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com4
A.14.2.3 Technical Review of Applications after Operating Platform Changes
Platform independent tests
Operating system independent tests
Impact analysis on organizational security
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com5
A.14.2.4 Restrictions on Changes to Software Packages
Discouraged modification to software package
Limited & necessary changes
Controlled changes
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com6
A.14.2.5 Secure System Engineering Principles
Establishment of principles
Documentation of principles
Maintenance of principles
Application of principles
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com7
A.14.2.6 Secure Development Environment
Transparent code security test
Visibility to Vulnerability
Secure coding practices
Context based recommendations
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com8
A.14.2.7 Outsourced Development
Supervision of outsourced development
Vulnerability testing of third party development
Monitoring of outsource development
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com9
A.14.2.8 System Security Testing
Testing of security functionality
Information Leakage
confidentiality, integrity, authentication, availability, authorization and non-repudiation.
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com10
A.14.2.9 System Acceptance Testing
Well defined acceptance criteria
New developedUpgrades
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com11
References
ISO/ IEC : 27001 / 2013
http://www.quotium.com/resources/application-security-iso27001-compliance-seeker-can-help/
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com12
Visit our website for more detailshttp://www.ifour-consultancy.com/
iFour Consultancy Services
ASP.NET software companies India http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com13