ISO 27001

During SDLC process what are the key security controls that you need to aware? below the list:

1. Risk Assessment
Risk assessment will be specific and detailed, since the project participants will have actual specifications for the hardware and software that will be used to implement the system.

2. Functional Requirements Analysis
Ensure that project participants review the system ’ s functional requirements to help determine the security requirements necessary for successful implementation.

3. Assurance Requirements Analysis
Determine what development work and assurance evidence are necessary to establish confidence that the security will work correctly and effectively.

Download Free Penetration Testing Report Template

INTRODUCTION

Outline the type of tests that were undertaken for example; application testing, firewall penetration or firewall hole detection/testing. Identify the time frame or testing and numbers of systems, sites and days testing conducted (on site)

SUMMARY OF METHODOLOGY USED

Outline the type of testing methodology, as this will have bearing on the rest of the report body.

For example was it:

Black box testing - A Penetration test with no prior knowledge of the target system, bar a valid IP address. No user or application credentials were supplied to the testing team or any information on services running on the target.

Download Free Information Security Plan Requirements for TOR and RFP

Information Security Plan Requirements for Term of References and Request for Proposal. Some of requirements are:

- Experience with secure systems (as described in Section 2.2.3 [Network Configuration Policy]),
- Formal security practices and methodologies,
- Experience in security testing and interactions with security teams,
- Experience in management of security issues,
- Familiarity / Experience with Security Assessment Tools,
- Formal Coding Standards and Best Practices,
- Experience in security gap correction,
- Familiarity / Experience with Security

Download Free Internet Banking Security Policy Templates

1. Introduction
1.1 Background
1.2 Objective

2. Operations & Transactions Risks
2.1.Operations Risk
2.2.Transactions Risk

Download Free ISO 27001 / ISO 17799 IT Security Support and Implementation Responsibilities Checklist

- Ensure the proper implementation of the Information Systems Security Policies and Procedures.

- Provide consultation and assistance to employees and management within the organization regarding security procedures.

- Ensure all employees understand and acknowledge the Desktop and Terminal Guidelines and are familiar with the organization’s IRP.

- Review security-related procedures of the BCP/Disaster Recovery Policies for effectiveness.