Software Security Policies, Procedures

View Datasheet  

 

In Foundstone’s experience most security defects are caused because developers and other stakeholders in the software development lifecycle have not been told what they must do and what they must not. This is best done through the use of policies and procedures. However, simply having one and not the other makes achieving the end goal of more secure applications harder to achieve. As organizations integrate security into their software development lifecycle, it's important that they provide their development staff with the right knowledge to do their job.

Benefits of Policies, Procedures & Standards

Having appropriate policies, procedures and standards allows an organization to help define a security bar that all applications must achieve. This in turn allows business analysts to define security requirements based on these standards, designers and developers to adhere to these standards, testers to test for violation of these standards and deployment / maintenance engineers to ensure ongoing compliance with these.

Foundstone Methodology

Foundstone approaches the delivery of these standards by first determining which are relevant to the organization. Foundstone consultants then work with your team to provide a draft for review of content. Following this, Foundstone can customize content and layout to adhere to your corporate standards. Finally, Foundstone will deliver the finished product as a document or set of documents.

Deliverables

Our deliverables includes some or all of the following:

• Secure Application Development Policy
• Secure Coding Standards
• Secure Application Deployment Standards
• Application Threat Modeling Methodology
• Application Security Code Review Methodology
• Application Security Quality Assurance Methodology
• Application Portfolio Risk Assessment Methodology
• Security Requirements Engineering Methodology
• Security Knowledge Management Process Development
• Tool Integration Process Development

Contact us for more information about this valuable service.

RFP Template

Foundstone has developed this Request for Proposal("RFP") template to help organizations identify and select a quality security vendor to perform professional services work.

> Download

home | services | company | education | resources | contact | privacy policy | site map | McAfee.com