6 SOFTWARE DEVELOPMENT AND LIFE CYCLE

In this chapter we discuss security issues that arise from the development, testing and implementation of new software. The ongoing life cycle of software is also a concern and is addressed here.

The reader should gain an understanding of the importance and appropriate audit and review processes, and of effective change control and configuration management. They will learn about the differences in security between open source and propriety solutions, commercial off-the-shelf software and bespoke systems, and certified and non-certified systems. They will also learn about some of the techniques involved in reducing the security risks in the development of code.

TESTING, AUDIT AND REVIEW

Learning outcomes ...

Get Information Security Management Principles - Second edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.