Program Design

Program Design


The goal of Program Design is to clearly articulate what is required from a security perspective for an application to go into production.  This can include architectural guidelines, code standards,  testing requirements and any other activity that is necessary to ensure that applications are developed in reasonably secure manner.  The program design must balance the needs of security,  business agility and cost to provide a clear path to releasing software on time and in compliance with corporate standards.  Program Design includes:

{}  Policy Creation – A policy defines the standards which must be met by applications prior to being released or to continue in production over time.

{} Integration Planning – A great policy will fail unless it is fully integrated into the software
development life cycle (SDLC) using approaches such as Agile, DevOps or Waterfall.

{} Encryption Requirements – Appropriate encryption technologies can reduce the inherent risk
of data that is stored in systems and should be thoughtfully incorporated into the design.

{} SecureMail Requirements – For systems that will be sending email with confidential information, an appropriate Secure Mail approach will need to be designed and implemented.