Security Governance

This control area ensures that security is considered on a case by case basis for every project. Security reviews should be performed before any business case is approved and capital funding is allocated for the implementation or execution of the project. Additionally, security should be considered in every phase of a Software Development Life Cycle (SDLC). 

Control Objective

  • Security review to be performed on each business case prior to allocation of capital and implementation of systems (security by design) with business signoff
  • Applications and programming interfaces are developed according to industry standards

Resources

Security Standard For Application and Web Development and Deployment