This session sets out an approach that combines the security, IT risk and assurance domains to create a sustainable secure software development process. The approach first defines a set of common audit controls and designs them into the process, where they can be inherited by every change. Then it defines a set of tailored controls to satisfy the security requirements of each of the changes that flow through the process. Finally, it creates a virtual-first line of defense, ensuring that as the change flows through the process,security requirements are met and common audit controls are inherited, resulting in every change passing through the development process being secure, compliant and authorized.
Define a set of common audit controls to satisfy the audit requirements of each phase of the software development process.
Define a set of tailored baseline controls to satisfy the security requirements of each development change.
Use a process integrity tool to create a virtual first line of defence that designs these controls into the software development process and manages there day-to-day execution.