Security risk considerations in acquisitions, strategy, and practice
Information systems include various components, such as operating systems and application software, which may be off-the-shelf products or custom developed applications, database management systems, infrastructure, and so on. During development and/or implementation, security risks should be considered based on security requirements. Some such requirements are listed here:
Security requirements analysis and specifications
Security risks in the processing of data
Need for cryptographic controls
Risks in system operations
Risks in development and support processes
Technical vulnerability management
Risks in outsourced software development
Note
Note that detailed information and best practices are provided in various chapters throughout this book.