Policies are an organization’s documented rules about what is to be done or not done, and why.
Policies set requirements at highest level in an organization and are enforceable.
Lower level documentation may detail who can and cannot access particular coding systems, create consistent application outcomes, access network resources, respond to security vulnerabilities and how to respond to them.
Although networks have different policies depending on their needs, some common policies include the following:
1. Application development policy
2. Network usage policy
3. Internet usage policy
4. E-mail usage policy
5. User account policy
6. Wireless security policy
7. Standard security policy
Guidelines provides suggestions for better systems and methods to complete tasks. In this respect, issuing guidelines is similar to offering best practices. Although guidelines do not require mandatory compliance, they form an important part of network security documentation and management. For application development, numerous guidelines or best practices are available to emphasize the importance of secure coding practices.
Introducing security into the SDLC
A key component of the software development life cycle is verifying that application is secure. Tests of an application’s security can happen in any phase of the SDLC. However, in the alpha and beta phases, there should be constant security testing.
Key areas that must be considered as part of overall security vulnerability testing include the application’s design, default security measures, mass deployment security, and information and response abilities.
Design Security: Many security flaws can be traced directly back to the basic architectural design of the application. If detected early, these design flaws can be addressed in an early stage of development. Alpha testing is often critical in detecting design security holes. Ideally, security