Development Project Lifecycle Security
commissum is able to apply its service portfolio to support the assurance requirements of projects, from large scale turnkey enterprise projects to discrete, single focus development projects; experience here has come from both private and public sectors and can be applied throughout the project lifecycle. Areas covered include:
- Management Frameworks – assisting in implementing project management frameworks to ensure assurance/security are firmly embedded in the lifecycle. Past examples have included adoption of appropriate elements of COBIT, ITIL and ISO27000 to produce a pragmatic, combined management framework.
- Gap Analysis – essentially a tightly scoped audit against best practice as applied to the processes adopted for managing the security controls for projects. These can either be those applied to the conduct of the overall project, or ensuring that security considerations are appropriately built into the development of project deliverables.
- Project Assurance Support – throughout the lifecycle, appropriate input to the management, design, development and test/acceptance processes. This can include analysis and input to requirements definition, design review at various stages, workshop facilitation, project team training, and test plan development. The key here is that is more efficient establishing security principles and identifying issue early, than taking later corrective action.
- Security Testing – an area of core competency is our security testing capability. In a project lifecycle context this is appropriately planned into the test schedule from the early stages. This would typically address infrastructure and application layers, albeit often at different sages of development. As a minimum this usually involves testing of production systems prior to and immediately following go-live.
- Training – according to a report issued by Forrester, 57% of organizations do not have effective training programs addressing security training for their developers. commissum can provide training from basic awareness of secure development issues to specific technology security training.
- Through-Life Support – ongoing support of systems through monitoring and update. Application of appropriate management frameworks for change control. commissum will provide advice or a full turnkey service as required.
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"We have now used commissum several times covering a range of security activities and found all their people friendly, highly professional and effective in delivery and application of their portfolio of services.”
Mr David C, Information Management, Government Agency
Latest News
Botnets go mobile and net a lucrative catch
Researchers at security firm Symantec and at North Carolina State University have recently discovered a large and successful botnet -- with the twist that this one involves mobile phones, specifically Android smartphones.A botnet is a cluster of devices infected with the same malware (unknown to their owners), and under the ...Wed 15 Feb, 2012 //
_display_thumbnail_image.jpg)
Government cybersecurity report urges awareness rather than fear
The UK Government's Science and Technology Committee has released a report on malware and cybercrime in the UK.Malicious software, or "malware", infects computers and steals banking details and personal identity information, which can be used for identity theft. It poses a growing threat in the UK, as more people use ...Fri 10 Feb, 2012 //
UK cyber-security among the world's best in recent report
A new report collates the views of international cybersecurity experts to grade several countries according to the strength of their defence against Internet attacks.  The report, sponsored by the computer security company McAfee, ranks Israel, Finland and Sweden as the top-performing countries, with four and a half out of five ...Tue 31 Jan, 2012 //
