One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 4497069 |
| Date de publication | 2022-04-23 18:06:15 (vue: 2022-04-23 07:05:35) |
| Titre | Topic-specific policy 11/11: secure development |
| Texte | The final topic-specific policy example from ISO/IEC 27002:2022 is another potential nightmare for the naïve and inexperienced policy author. Policy scoping Despite the context and presumed intent, the title of the standard's policy example ("secure development") doesn't explicitly refer to software or IT. Lots of things get developed - new products for instance, business relationships, people, corporate structures and so on. Yes, even security policies get developed! Most if not all developments involve information (requirements/objectives, specifications, plans, status/progress reports etc.) and hence information risks ... so the policy could cover those aspects, ballooning in scope from what was presumably intended when the standard was drafted.Even if the scope of the policy is constrained to the IT context, the information security controls potentially required in, say, software development are many and varied, just as the development and associated methods are many and varied, and more poignantly so too are the information risks. Policy development Your homework challenge, today, is to consider, compare and contrast these five markedly different IT development scenarios:Commercial firmware being developed for a small smart actuator/sensor device (a thing) destined to be physically embedded in the pneumatic braking system of commercial vehicles such as trucks and coaches, by a specialist OEM supplier selected on the basis of lowest price. A long-overdue technical update and refresh for a German bank's mature financial management application, developed over a decade ago by a team of contractors long since dispersed or retired, based on an obsolete database, with fragmentary documentation in broken English and substantial compliance implications, being conducted by a large software house based entirely in India. A cloud-based TV program scheduling system for a global broadcaster, to be delivered iteratively over the next two years by a small team of contractors under the management of a consultancy firm for a client that freely admits it barely understands phase 1 and essentially has no idea what might be required next, or when.A departmental spreadsheet for time recording by home workers, so their time can be tracked and recharged to clients, and their productivity can be monitored by management.Custom hardware, firmware and autonomous software required for a scientific exploration of the Marianas trench - to be deployed in the only two deep-sea drones in existence that are physically capable of delivering and recovering the payload at the extreme depths required.You may have worked in or with projects/initiatives vaguely similar to one, maybe even two or three of these, but probably not all five - and th |
| Envoyé | Oui |
| Condensat | $20 policy true a also how and when deliver etc how should patch planning policy the when should who is 11/11: 27002 27002:2022 about above accordingly account achieving acquired acquisition act activities actually actuator/sensor adapts add address adequate adjusting adjustments admits advisors affected after ago ahead all almost along already amplifying and two another any anything application approach appropriate approving are area ask aspects aspects:the assets associated assurance audience audit author authorise autonomous aware ballooning bank barely based basis becoming being benefits bespoke bewildering beyond blog books both braking breather broadcaster broken build building bullet business but byod can candidates capable casually catalogue certain certainly challenge change changes chatting checking checking/measuring checklist clearly client clients closely cloud coaches colleagues coming commercial compare competent complementary/supporting compliance comply comprehensive conducted consider constrained constraining consultancy consulting context context e contracted contractors contrast control controlled controlling controls corporate costs cross custom database date decade deep definite delivered delivering delivery departmental deployed depths desk despite destined developed development developments device different direction directly dispersed distinct documentation documented does doesn done draft drafted drafting drones dry due during earth effectively: efficiently effort elements else embedded emerging emphasising empowering encouragement encouraging end engineering english enough entirely entries essentially established even evolve example examples exceeding executed existence existing expectations expected experience explaining explicitly exploration extreme fact fantastic feasible final financial firm firmware first five flexibly focus follow formal fragmentary freely from further future gather general generic genuine german get global going good gradually graphic guess guidance guidelines happen hardware has have help hence here high highly hit home homework hope hopefully house how however idea ideally identification identify illustrative impact implement implementation implementing implications important incentives incident incidents including indeed india indirectly inexperienced information informed instance integrating intended intent introduce involve involve:making involved isn iso/iec iso27k iteratively itself just keep kinds know language large leaders learns least letting light like line lines linked list long look lot lots lowest maintain make makes management managers many marianas markedly matrix matter mature matures may maybe mean mentioning methods might millions of monitored more most motivating motivational much naïve necessary need needed needn needs net new next nigh nightmare noncompliance not now number obligations obsolete obvious oem often one only operating operational organisation orientation other out outset over overdue own part particularly patch patches patching payload penalties people perfect perhaps period phase phased physically picture place plain planned plans plucked pneumatic poignantly points policies policy policy could cover policy covers policy e possibilities possible post potential potentially practical practice practices preparing presumably presumed price primer priority proactive probability probably procedure procedure/checklist procedures procedures etc process processes productivity products program projects/initiatives promptly proposal propose protect provided providing pump putting quadrant quality quarantining question quite raft random ranked reached reactive reading reasonable recharged recording records recovering red refer references refresh regular related relationships release released relevant reliably reminding reporting reports reports etc required requirements requirements |
| Tags | Patching Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.