top of page

Auditing System Development Lifecycle

Audit Guidelines On How To Review
SDLC Framework
By
Nandasena T(NT) Hettigei
CISA, CISSP, CITP, CPA, CA
Copyrights © NTH 2007
Presented at ISACA Roundtable on 12/12/2007 at KPMG Training Center, Wells Fargo Building

Minneapolis, MN

 

 

SANS @Night

Chicago, IL - September 3 - 10, 2008

Converging Security in SDLC

 

NT HETTIGEI
CISSP, CISA, CITP, CPA, ACA (SL)

Safeguarding critical and sensitive information assets has become a business requirement, not only due to compliance needs, but also to gain a competitive edge in the modern business landscape. This is true especially when you are in the business of developing systems and applications to support other businesses. In the modern business world, to gain a competitive edge, companies need to be connected to the internet and provide effective and efficient services. Therefore, information security is becoming more important than ever before in order to safeguard business-sensitive information, trade secrets, and intellectual property.
Mitigating the risk of non-compliance and ensuring adequate security over critical and sensitive information should begin with a thorough business and business systems analysis. Post implementation costs of security and compliance controls will be high and also disruptive to the production environment. Therefore, the security requirements must no longer be buried as non-functional specifications of the system development life cycle (SDLC) methodology.
This session will identify key components of the three common SDLC methodologies (Waterfall, Iterative, and Agile) as controls that should be considered when implementing and/or auditing the organization's system development life cycle. This will provide guidelines for understanding, scoping, evaluating, and communicating SDLC control gaps, including the integration of security components into the SDLC. It will also broaden the understanding of integration points and help understand where and how security fits into SDLC while providing an approach that is practical and applicable across different SDLC methodologies. Attendees will learn more about:
Components and controls within common SDLC methodologies
Evaluation and determination of the relevance of different SDLC methodologies
Risk-based and practical approaches to implement security in SDLC
When and how to consider application and system security within SDLC
Auditor's role as a risk and controls subject matter expert (SME)

----------------------------------------------------------------------------------------------------------------------------------------------
© 2000-2008 The SANS™ Institute
SANS Web Privacy Policy: www.sans.org/privacy.php - Web Contact: webmaster@sans.org
SANS Press Room: www.sans.org/press / Policy On SANS Trademark Usage
SANS Institute - SANS Audit & Compliance 2008 - SANS @Night http://www.sans.org/chicago08/night.php
 

SANS2004 Annual Conference

Orlando, Florida| April 1-9, 2004

SANS@Night

Tuesday April 6th,2004

BY​

NT HETTIGEI

 CISA, CITP, CPA, ACA (SL)Converging Security in SDLC

Auditing Internet Commerce Security  Design & Build - An Audit Approach for IT Development Projects and its Security Infrastructure

This website is sponsored by resources from supporters who wish to contribute to this effort of ensuring inner and global peace. It can happen only by transforming an individual into a peace-loving person who experiences the bliss of being alive! Therefore, we recommend Inner Peace as the initial step toward this mammoth endure of Global Peace. In addition, please refer to the other resources listed on this site that interests you to discover true happiness for yourself and then serve the world by sharing it with others for global peace. 

.

​​

Copyrights © 1992 - 2025 Ancientpath.org

Sponsored by Sages nth Foundation, Inc.

.

​​

Admin@ancientpath.org

  • Black Facebook Icon

 Created by Sages nth Foundation

bottom of page