Development Project Lifecycle Security
Commissum is able to apply its service portfolio to support the assurance requirements of projects, from large scale turnkey enterprise projects to discrete, single focus development projects; experience here has come from both private and public sectors and can be applied throughout the project lifecycle. Areas covered include:
- Management Frameworks – assisting in implementing project management frameworks to ensure assurance/security are firmly embedded in the lifecycle. Past examples have included adoption of appropriate elements of COBIT, ITIL and ISO27000 to produce a pragmatic, combined management framework.
- Gap Analysis – essentially a tightly scoped audit against best practice as applied to the processes adopted for managing the security controls for projects. These can either be those applied to the conduct of the overall project, or ensuring that security considerations are appropriately built into the development of project deliverables.
- Project Assurance Support – throughout the lifecycle, appropriate input to the management, design, development and test/acceptance processes. This can include analysis and input to requirements definition, design review at various stages, workshop facilitation, project team training, and test plan development. The key here is that it is more efficient establishing security principles and identifying issues early, than taking later corrective action.
- Security Testing – an area of core competency is our security testing capability. In a project lifecycle context this is appropriately planned into the test schedule from the early stages. This would typically address infrastructure and application layers, albeit often at different stages of development. As a minimum this usually involves testing of production systems prior to and immediately following go-live.
- Training – according to a report issued by Forrester, 57% of organisations do not have effective training programs addressing security training for their developers. Commissum can provide training from basic awareness of secure development issues to specific technology security training.
- Through-Life Support – ongoing support of systems through monitoring and update. Application of appropriate management frameworks for change control. Commissum will provide advice or a full turnkey service as required.