publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/192213
FIVE STEPS TO BUILT-IN XXXX SOFTWARE SECURITY •Do the majority of the customer base require ISO certification on an annual basis that includes third-party vendors of hosted services? PROJECT SECURITY CHECKLIST TYPE OF CHECK Customers in one geographic location might not be willing to have their data stored in another. To refer back to the hosted gateway example, this could now potentially mean setting up multiple geographic gateways in order to comply with regional privacy requirements. What are the operational security requirements? This is similar to the compliance situation in many ways. When setting up a new customer-facing system, a detailed evaluation has to be made of additional risks involved. To refer back to the hosted gateway example, this gateway is now part of the X X Complete an encryption strategy X X Complete a static scan X X Complete a runtime scan X X Establish penetration test details (budget and SOW) What are the privacy requirements? The current privacy regulatory environment is extremely complex. There are multiple privacy laws within the U.S. that can differ from state to state as well as at the federal level. There is a similar situation internationally, with differing privacy laws at the European Union level and within individual member countries, as well as in other parts of the world. PROJECT END Determine whether SSL is needed •Are European customers comfortable with data in the hosted system being under the purview of the U.S. Patriot Act? PROJECT START X X X X TECHNICAL SECURITY ISSUES CODE-SCANNING STRATEGY RELEASE DOCUMENTS Develop security white papers and FAQ customer's operational efficiency as well as the with minimal requirements can bloat quickly to a customer's business continuity plans. In addition, if gateway that requires high operational overhead. PENETRATION TEST the customer decides to do a regulatorySTATIC the audit, ANALYSIS The gateway would then require an additional hosted gateway might be included, and then your redundant site in multiple geographic locations with All applications every Mobile applications company is required to provide time and effort to operational staff who need to spend 25 percent of six months New platform participate in audits. The single standalone gateway their time answering questions for regulatory audits development