..

This design element requires flash & JavaScript to be enabled to play. Download the latest version of flash from Adobe.com.

Technology Project Lifecycle Assurance

Ensure your investment in technology provides maximum return while remaining reassuringly secure.

commissum's truly independent and vendor neutral approach instils confidence in the objectivity of our advice. A pragmatic balance between useabiulity and essential security will ensure your technology is fit for purpose and meets your specific business needs.

Development Project Lifecycle Security

commissum is able to apply its service portfolio to support the assurance requirements of projects, from large scale turnkey enterprise projects to discrete, single focus development projects; experience here has come from both private and public sectors and can be applied throughout the project lifecycle. Areas covered include:

  • Management Frameworks – assisting in implementing project management frameworks to ensure assurance/security are firmly embedded in the lifecycle. Past examples have included adoption of appropriate elements of COBIT, ITIL and ISO27000 to produce a pragmatic, combined management framework.
  • Gap Analysis – essentially a tightly scoped audit against best practice as applied to the processes adopted for managing the security controls for projects. These can either be those applied to the conduct of the overall project, or ensuring that security considerations are appropriately built into the development of project deliverables.
  • Project Assurance Support – throughout the lifecycle, appropriate input to the management, design, development and test/acceptance processes. This can include analysis and input to requirements definition, design review at various stages, workshop facilitation, project team training, and test plan development. The key here is that is more efficient establishing security principles and identifying issue early, than taking later corrective action.
  • Security Testing – an area of core competency is our security testing capability. In a project lifecycle context this is appropriately planned into the test schedule from the early stages. This would typically address infrastructure and application layers, albeit often at different sages of development. As a minimum this usually involves testing of production systems prior to and immediately following go-live.
  • Training – according to a report issued by Forrester, 57% of organizations do not have effective training programs addressing security training for their developers. commissum can provide training from basic awareness of secure development issues to specific technology security training.
  • Through-Life Support – ongoing support of systems through monitoring and update. Application of appropriate management frameworks for change control. commissum will provide advice or a full turnkey service as required.

Get in touch with one of our security consultants today

  • No obligation
  • Expert advice
  • Tailored solutions
"We have now used commissum several times covering a range of security activities and found all their people friendly, highly professional and effective in delivery and application of their portfolio of services.”

Mr David C, Information Management, Government Agency

Latest News

cyber-war

Leading USA military contractor QinetiQ hacked and ransacked by Chinese hackers for three years

A new report from Bloomberg, the business information provider (www.bloomberg.com/news/2013-05-01/china-cyberspies-outwit-u-s-stealing-military-secrets.html) outlines how hackers from China stealthily infiltrated the computer systems of QinetiQ North America, a leading espionage and military contractor to the US government, and the US branch of the British defence technology company QinetiQ. A vast range of highly ...
Wed 08 May, 2013 // Briony
cyber-tanks

Suspected hacker arrested after “biggest-ever DDoS attack”

Police in Spain have arrested a Dutch national on suspicion of launching the largest-ever “Distributed Denial of Service” (DDoS) attack. Sven Olaf Kamphuis, 35, was arrested on April 25th near Barcelona, Spain. At the time, he was in possession of a specially-equipped van set up as a mobile computing and ...
Tue 30 Apr, 2013 // Briony
masked-attacker

Hackers break into large cloud provider, claim to have credit card details

Some days ago, hackers gained access to computers owned by Linode, a company providing cloud services in the form of virtual Linux servers. The hackers gained access by using a “zero-day vulnerability” (a previously unsuspected security weakness) in Adobe ColdFusion, the software used in running the Linode web server. It ...
Fri 26 Apr, 2013 // Briony