Integrating ISO 17799 into your Software Development Lifecycle

[IN]Secure Magazine - Issue 11I open the new section Papers & Presentations of this blog posting my latest article published on INSECURE Magazine: “Integrating ISO 17799 into your Software Development Lifecycle”.

In this paper, published on the 11th issue of INSECURE Magazine (May 2007), I explain how information security controls can be integrated in the Software Development Lifecycle (SDLC) using ISO/IEC 17799 (now ISO/IEC 27002). The article includes a summary table linking specific clauses in the standard to SDLC phases starting from the risk assessment stage, prior to drawing up security requirements, and continuing right through development, testing and operations to system disposal at the end of its life.

Thanks to Mirko Zorz, INSECURE’s Chief Editor, for publishing my work and thanks to all the colleagues in the security community that have reviewed my article and posted positive comments on their websites like Gary Hinson or Jose Manuel Fernández, to mention a few.

To download my article only, instead of the full issue, click on the image on the left. More info here.

In the following days I will be adding more papers and presentations to that section.

Published by

Ismael Valenzuela

Global Director, Foundstone Consulting Services at Intel Security, GSE #132 & SANS Instructor for Digital Forensics & Cyberdefense tracks