ISO 27001 - Control A14 – System acquisition, development and maintenance

This will include following

A 14 System acquisition, development

A 14.1 Security requirements of information systemsA 14.2 Security in development and support processesA 14.3 Test Data

Topics covered

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

Objective: To ensure that information security is an integral part of information system across the entire lifecycle. This includes the requirements for information systems which provides services over public networks.

A 14.1 Security Requirements of information system

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.1 includes:

A 14.1.1: Information security requirements analysis and specificationA 14.1.2: Security application services on public networksA 14.1.3: Protecting application services transactions

A 14.1 continue…

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.1.1 Information security requirements analysis and specification

Control: The information security related requirements shall be included in the requirements for the new information systems or enhancements to the existing information systems.

A 14.1 continue…

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.1.2 Security application services on public networks

Control: Information involved in application services passing over public networks shall be protected from fraudulent activity, contact dispute and unauthorized disclosure and modification.

A 14.1 continue…

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.1.3 Protecting application service transactions

Control: Information involved in application service transaction shall be protected to prevent incomplete transmission, mis-routing, unauthorized message alteration, unauthorized disclosure, unauthorized message duplication or replay.

A 14.1 continue…

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.3 Test data

Objective: To ensure protection of data used for testing.

Which includes:A 14.3.1 Protection of test data

A 14.3 Test Ddata

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

A 14.3.1 Protection of test data

Control: Test data shall be selected carefully, protected and controlled.

A 14.3 Continue…

Ecommerce solution providers in Indiahttp://www.ifourtechnolab.com

https://spaces.internet2.edu/display/2014infosecurityguide/System+Acquisition,+Development,+and+Maintenance

http://www.quotium.com/resources/application-security-iso27001-compliance-seeker-can-help/

References

http://www.ifourtechnolab.com

http://www.ifour-consultancy.comhttp://www.ifourtechnolab.com

For more details..

http://www.ifourtechnolab.com

Thanks

http://www.ifourtechnolab.com