SDLC and Project Assessments


For any new application or system, it is far better to include security considerations during key points of the project lifecycle - primarily to ensure that appropriate security controls have been included in the design from the outset, and to also avoid costly and inconvenient retro-fitting of security controls after the system has gone into production. When we are engaged in security testing for our clients, we invariably discover issues that could have been avoided had the proper checks been in place earlier in the project lifecycle.

Securus Global provides a suite of project services that are geared towards facilitating successful delivery of a secure system. We will work alongside your project and IT delivery staff and provide the necessary checks and expertise along the way.

Our project security services include

  • Business Impact Assessments
  • Security Configuration and Design Review
  • Technical Risk Assessments
  • Vulnerabiity and Penetration Testing

 

Business Impact Assessment (BIA)

This important first step puts the system or application in context from a business perspective, so that important decisions can be made during the design phase about the level of security required. This assessment will typically occur at the 'requirements' phase of the project and will involve the key business stakeholders or information owners. The output will be a rating of the business impact, should there be a compromise of the confidentiality, integrity or availability of the system or its data.

Security Configuration and Design Review

Whether new technology, hardware, software, application or critical infrastructure, Securus Global can provide you with a thorough review or advice in how to progress forward with a more robust security design. Much of what we test are bespoke reviews covering more than one component for security testing, a variety of platforms and technologies or innovative new technologies. If you have a complex or unique requirement we can also tailor a solution that covers specific requirements and constraints.

Examples of security risk assessments commonly undertaken include:

  • Design reviews
  • Mobile device applications.
  • Wireless security reviews.
  • Corporate network and B2B connectivity security reviews.
  • Virtualisation security reviews.
  • Host security reviews.
  • Scada systems security reviews.
  • Source code review.
  • Database security reviews.
  • ERP and CRM systems.
  • VOIP, PBX/PABX security risk assessments.

Technical Risk Assessment (TRA)

This assessment will typically occur after the 'design' phase of the project and will review the proposed security controls that will protect the system and its data. The main activities will include:

  • Identify the threats that are relevant to the system.
  • Assess the proposed security controls and how effective they are in protecting the system against compromise.
  • Determine the residual risk rating based on the effectiveness of security controls and the potential business impact (identified through the BIA process described earlier).
  • Provide recommendations on how to further reduce the overall risk level, where applicable.

The TRA process can also be used as a useful tool to measure, in advance, the level of compliance to company and/or industry security standards (e.g. PCI DSS).

Vulnerability and Penetration Testing

This final crucial step will determine whether the agreed security controls have been implemented correctly. These security testing services have earned Securus Global a reputation as leaders in the industry. Refer to the specific service descriptions for more information on these services.